Total
36740 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-13065 | 1 Trustwave | 1 Modsecurity | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured | |||||
| CVE-2018-13055 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO. | |||||
| CVE-2018-13039 | 1 Opendesa | 1 Opensid | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| OpenSID 18.06-pasca has reflected Cross Site Scripting (XSS) via the cari parameter, aka an index.php/first?cari= URI. | |||||
| CVE-2018-13022 | 1 Mi | 2 Mi Router 3, Miwifi Os | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in the API 404 page on Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary JavaScript via a modified URL path. | |||||
| CVE-2018-13003 | 1 Opentsdb | 1 Opentsdb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'type' to the /suggest URI. | |||||
| CVE-2018-13002 | 1 Weblication | 1 Cms Core \& Grid | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in Inhaltsprojekte in Weblication CMS Core & Grid v12.6.24. The vulnerability is located in the `wFilemanager.php` and `index.php` files of the `/grid5/scripts/` modules. The injection point is located in the Project `Title` and the execution point occurs in the `Inhaltsprojekte` output listing section. Remote attackers with privileged user accounts are able to inject their own malicious script code with a persistent attack vector to compromise user session credentials or to manipulate the affected web-application module output context. The request method to inject is POST. | |||||
| CVE-2018-13001 | 1 Sandoba | 1 Cp\ | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in Sandoba CP:Shop v2016.1. The vulnerability is located in the `admin.php` file of the `./cpshop/` module. Remote attackers are able to inject their own script codes to the client-side requested vulnerable web-application parameters. The attack vector of the vulnerability is non-persistent and the request method to inject/execute is GET with the path, search, rename, or dir parameter. | |||||
| CVE-2018-13000 | 1 Anelectron | 1 Advanced Electron Forum | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in Advanced Electron Forum (AEF) v1.0.9. A persistent XSS vulnerability is located in the `FTP Link` element of the `Private Message` module. The editor of the private message module allows inserting links without sanitizing the content. This allows remote attackers to inject malicious script code payloads as a private message (aka pmbody). The injection point is the editor ftp link element and the execution point occurs in the message body context on arrival. The request method to inject is POST with restricted user privileges. | |||||
| CVE-2018-12998 | 1 Zohocorp | 5 Firewall Analyzer, Manageengine Netflow Analyzer, Manageengine Network Configuration Manager and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet. | |||||
| CVE-2018-12996 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager before 13 (Build 13800) allows remote attackers to inject arbitrary web script or HTML via the parameter 'method' to GraphicalView.do. | |||||
| CVE-2018-12992 | 1 Maelostore Project | 1 Maelostore | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered CMS MaeloStore V.1.5.0. There is stored XSS in the Telephone field of the admin interface. | |||||
| CVE-2018-12981 | 1 Wago | 8 762-3000, 762-3000 Firmware, 762-3001 and 5 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability can be exploited by authenticated and unauthenticated users by sending special crafted requests to the web server allowing injecting code within the WBM. The code will be rendered and/or executed in the browser of the user's browser. | |||||
| CVE-2018-12973 | 1 Opentsdb | 1 Opentsdb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'json' to the /q URI. | |||||
| CVE-2018-12944 | 1 Seeddms | 1 Seeddms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Persistent Cross-Site Scripting (XSS) vulnerability in the "Categories" feature in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the name field. | |||||
| CVE-2018-12943 | 1 Seeddms | 1 Seeddms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in every page that includes the "action" URL parameter in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||||
| CVE-2018-12919 | 1 Craftedweb Project | 1 Craftedweb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In CraftedWeb through 2013-09-24, aasp_includes/pages/notice.php allows XSS via the e parameter. | |||||
| CVE-2018-12905 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| joyplus-cms 1.6.0 has XSS in admin_player.php, related to manager/index.php "system manage" and "add" actions. | |||||
| CVE-2018-12903 | 1 Cyberark | 1 Endpoint Privilege Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts->DisplayName screen, a user's groups in ConfigurationPage, the Dialog Title field, and App Group Name in the Application Group Wizard. | |||||
| CVE-2018-12902 | 1 Easymagazine Project | 1 Easymagazine | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Easy Magazine through 2012-10-26, there is XSS in the search bar of the web site. | |||||
| CVE-2018-12901 | 1 Mitel | 2 St, St Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 (19.49.9400.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. A successful exploit could allow an attacker to execute arbitrary scripts. | |||||