Total
36741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-13351 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form. | |||||
| CVE-2018-13349 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in the web application taskbar in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the user's username. | |||||
| CVE-2018-13339 | 1 Angular Redactor Project | 1 Angular Redactor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035. | |||||
| CVE-2018-13335 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared folders via their descriptions. | |||||
| CVE-2018-13334 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "options[sysname]" parameter. | |||||
| CVE-2018-13333 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames. | |||||
| CVE-2018-13331 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing users by placing JavaScript in their usernames. | |||||
| CVE-2018-13329 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "lines" URL parameter. | |||||
| CVE-2018-13323 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie. | |||||
| CVE-2018-13317 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to obtain the plaintext password for the admin user by making a GET request for password.htm. | |||||
| CVE-2018-13312 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "Input your notice URL" field. | |||||
| CVE-2018-13310 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's username. | |||||
| CVE-2018-13309 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password. | |||||
| CVE-2018-13308 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field. | |||||
| CVE-2018-13256 | 1 Chartered Accountant \ | 1 Auditor Website Project | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Auditor Website 2.0.1 has XSS via the lastname or firstname parameter. | |||||
| CVE-2018-13252 | 1 Entrustdatacard | 1 Syntera Customization Suite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Entrust Datacard Syntera CS 5.x has XSS via the name field of "Domain or Computer Name" in the login page. | |||||
| CVE-2018-13137 | 1 Pixelite | 1 Events Manager | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?post_type=event&page=events-manager-options URI. | |||||
| CVE-2018-13136 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen. | |||||
| CVE-2018-13134 | 1 Tp-link | 2 Archer C1200, Archer C1200 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATH_INFO to the /webpages/data URI. | |||||
| CVE-2018-13106 | 1 Clippercms | 1 Clippercms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| ClipperCMS 1.3.3 has stored XSS via the "Tools -> Configuration" screen of the manager/ URI. | |||||