Total
36741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14397 | 1 Cremecrm | 1 Cremecrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Creme CRM 1.6.12. The organization creation page is affected by 9 stored cross-site scripting vulnerabilities involving the name, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters. | |||||
| CVE-2018-14396 | 1 Cremecrm | 1 Cremecrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Creme CRM 1.6.12. The salesman creation page is affected by 10 stored cross-site scripting vulnerabilities involving the firstname, lastname, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters. | |||||
| CVE-2018-14392 | 1 Mybb | 1 New Threads | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The New Threads plugin before 1.2 for MyBB has XSS. | |||||
| CVE-2018-14388 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| joyplus-cms 1.6.0 has XSS via the manager/admin_ajax.php can_search_device array parameter. | |||||
| CVE-2018-14384 | 1 Seopanel | 1 Seo Panel | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Website Manager module in SEO Panel 3.13.0 and earlier is affected by a stored Cross-Site Scripting (XSS) vulnerability, allowing remote authenticated attackers to inject arbitrary web script or HTML via the websites.php name parameter. | |||||
| CVE-2018-14382 | 1 Instantcms | 1 Instantcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| InstantCMS 2.10.1 has /redirect?url= XSS. | |||||
| CVE-2018-14380 | 1 Graylog | 1 Graylog | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Graylog before 2.4.6, XSS was possible in typeahead components, related to components/common/TypeAheadInput.jsx and components/search/QueryInput.ts. | |||||
| CVE-2018-14082 | 1 Freelancewebdesignerchennai | 1 Job Portal | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall JOB SITE (aka Job Portal) 3.0.1 has Cross-site Scripting (XSS) via the search bar. | |||||
| CVE-2018-14059 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions. | |||||
| CVE-2018-14042 | 1 Getbootstrap | 1 Bootstrap | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. | |||||
| CVE-2018-14041 | 1 Getbootstrap | 1 Bootstrap | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy. | |||||
| CVE-2018-14040 | 2 Debian, Getbootstrap | 2 Debian Linux, Bootstrap | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. | |||||
| CVE-2018-14037 | 1 Progress | 1 Kendo Ui | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Serializer toEditableHtml function in kendo.all.min.js. If the victim accesses the editor, the payload gets executed. Furthermore, if the payload is reflected at any other resource that does rely on the sanitisation of the editor itself, the JavaScript payload will be executed in the context of the application. This allows attackers (in the worst case) to take over user sessions. | |||||
| CVE-2018-14027 | 1 Digisol | 2 Dg-hr-3300, Dg-hr-3300 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Digisol Wireless Wifi Home Router HR-3300 allows XSS via the userid or password parameter to the admin login page. | |||||
| CVE-2018-14013 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clients. | |||||
| CVE-2018-13999 | 1 Catfish-cms | 1 Catfish Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Catfish CMS v4.7.9 allows XSS via the admin/Index/write.html editorValue parameter (aka an article posted by an administrator). | |||||
| CVE-2018-13998 | 1 Clippercms | 1 Clippercms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| ClipperCMS 1.3.3 has stored XSS via the Full Name field of (1) Security -> Manager Users or (2) Security -> Web Users. | |||||
| CVE-2018-13983 | 1 Impresscms | 1 Impresscms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/index.php, htdocs/install/page_langselect.php, or htdocs/install/page_modcheck.php. | |||||
| CVE-2018-13879 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A reflected XSS issue was discovered in the registration form in Rocket.Chat before 0.66. When one creates an account, the next step will ask for a username. This field will not save HTML control characters but an error will be displayed that shows the attempted username unescaped via packages/rocketchat-ui-login/client/username/username.js in packages/rocketchat-ui-login/client/username/username.html. | |||||
| CVE-2018-13878 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in packages/rocketchat-mentions/Mentions.js in Rocket.Chat before 0.65. The real name of a username is displayed unescaped when the user is mentioned (using the @ symbol) in a channel or private chat. Consequently, it is possible to exfiltrate the secret token of every user and also admins in the channel. | |||||