Total
36788 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17302 | 1 Espocrm | 1 Espocrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /#Email/view saved draft message. | |||||
| CVE-2018-17301 | 1 Espocrm | 1 Espocrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Reflected XSS exists in client/res/templates/global-search/name-field.tpl in EspoCRM 5.3.6 via /#Account in the search panel. | |||||
| CVE-2018-17300 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator/#/component/table_manager/view/cu_menus section name. | |||||
| CVE-2018-17288 | 1 Kofax | 1 Front Office Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Kofax Front Office Server version 4.1.1.11.0.5212 (both Thin Client and Administration Console) suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Filename" field in /Kofax/KFS/ThinClient/document/upload/ - (Thin Client) or (2) "DeviceName" field in /Kofax/KFS/Admin/DeviceService/device/ - (Administration Console). | |||||
| CVE-2018-17256 | 1 Umbraco | 1 Umbraco Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content (Blog, Content Page, etc.). The vulnerability is exploited when updating or removing public access of a content. | |||||
| CVE-2018-17218 | 1 Ptc | 1 Thingworx Platform | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is reflected XSS in the SQUEAL search function. | |||||
| CVE-2018-17193 | 1 Apache | 1 Nifi | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The message-page.jsp error page used the value of the HTTP request header X-ProxyContextPath without sanitization, resulting in a reflected XSS attack. Mitigation: The fix to correctly parse and sanitize the request attribute value was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release. | |||||
| CVE-2018-17184 | 1 Apache | 1 Syncope | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into Connector names, Report names, AnyTypeClass keys and Policy descriptions. When another user with enough administration entitlements edits one of the Entities above via Admin Console, the injected JavaScript code is executed. | |||||
| CVE-2018-17167 | 1 Printeron | 1 Printeron | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Machine Host Name" or "Server Serial Number" field in the clustering configuration, (2) "name" field in the Edit Group configuration, (3) "Rule Name" field in the Access Control configuration, (4) "Service Name" in the Service Configuration, or (5) First Name or Last Name field in the Edit Account configuration. | |||||
| CVE-2018-17150 | 1 Intersystems | 1 Cache | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Intersystems Cache 2017.2.2.865.0 allows XSS. | |||||
| CVE-2018-17147 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Nagios XI before 5.5.4 has XSS in the auto login admin management page. | |||||
| CVE-2018-17146 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 via the 'name' parameter within the Account Information page. Exploitation of this vulnerability allows an attacker to execute arbitrary JavaScript code within the auto login admin management page. | |||||
| CVE-2018-17140 | 1 Vms-studio | 1 Quizlord | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Quizlord plugin through 2.0 for WordPress is prone to Stored XSS via the title parameter in a ql_insert action to wp-admin/admin.php. | |||||
| CVE-2018-17138 | 1 Nickelpro | 1 Jibu Pro | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Jibu Pro plugin through 1.7 for WordPress is prone to Stored XSS via the wp-content/plugins/jibu-pro/quiz_action.php name (aka Quiz Name) field. | |||||
| CVE-2018-17130 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header, | |||||
| CVE-2018-17128 | 1 Mybb | 1 Mybb | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode. | |||||
| CVE-2018-17113 | 1 Easycms | 1 Easycms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf in EasyCMS 1.5 has XSS via the uploadifyID or movieName parameter, a related issue to CVE-2018-9173. | |||||
| CVE-2018-17090 | 1 I4a | 1 Donlinkage | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in DonLinkage 6.6.8. The modules /pages/bazy/bazy_adresow.php and /pages/proxy/add.php are vulnerable to stored XSS that can be triggered by closing <textarea> followed by <script></script> tags. | |||||
| CVE-2018-17086 | 1 Otcms | 1 Otcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in OTCMS 3.61. XSS exists in admin/share_switch.php via these parameters: fieldName fieldName2 tabName. | |||||
| CVE-2018-17085 | 1 Otcms | 1 Otcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in OTCMS 3.61. XSS exists in admin/users.php via these parameters: dataTypeCN dataMode dataModeStr. | |||||