Total
36740 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12806 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2018-12715 | 1 Digisol | 2 Dg-hr3400, Dg-hr3400 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid value is unchanged. | |||||
| CVE-2018-12711 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page URL. | |||||
| CVE-2018-12705 | 1 Digisol | 2 Dg-br4000ng, Dg-br4000ng Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated only on the client side). | |||||
| CVE-2018-12696 | 1 Mao10 | 1 Mao10cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| mao10cms 6 allows XSS via the article page. | |||||
| CVE-2018-12695 | 1 Mao10 | 1 Mao10cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| mao10cms 6 allows XSS via the m=bbs&a=index page. | |||||
| CVE-2018-12672 | 1 Sv3c | 4 H.264 Poe Ip Camera Firmware, Sv-b01poe-1080p-l, Sv-b11vpoe-1080p-l and 1 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B) does not perform proper validation on user-supplied input and is vulnerable to cross-site scripting attacks. If proper authorization was implemented, this vulnerability could be leveraged to perform actions on behalf of another user or the administrator. | |||||
| CVE-2018-12658 | 1 Slims Project | 1 Slims | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) exists in the Stock Take module in SLiMS 8 Akasia 8.3.1 via an admin/modules/stock_take/index.php?keywords= URI. | |||||
| CVE-2018-12657 | 1 Slims Akasia Project | 1 Slims Akasia | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) exists in the Master File module in SLiMS 8 Akasia 8.3.1 via an admin/modules/master_file/rda_cmc.php?keywords= URI. | |||||
| CVE-2018-12656 | 1 Slims Akasia Project | 1 Slims Akasia | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) exists in the Membership module in SLiMS 8 Akasia 8.3.1 via an admin/modules/membership/index.php?keywords= URI. | |||||
| CVE-2018-12655 | 1 Slims Akasia Project | 1 Slims Akasia | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) exists in the Circulation module in SLiMS 8 Akasia 8.3.1 via an admin/modules/circulation/loan_rules.php?keywords= URI, a related issue to CVE-2017-7242. | |||||
| CVE-2018-12654 | 1 Slims Akasia Project | 1 Slims Akasia | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) exists in the Bibliography module in SLiMS 8 Akasia 8.3.1 via an admin/modules/bibliography/index.php?keywords= URI. | |||||
| CVE-2018-12653 | 1 Myadrenalin | 1 Adrenalin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross Site Scripting (XSS) vulnerability exists in Adrenalin HRMS 5.4.0. An attacker can input malicious JavaScript code in /RPT/SSRSDynamicEditReports.aspx via 'ReportId' parameter. | |||||
| CVE-2018-12652 | 1 Myadrenalin | 1 Adrenalin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the LeaveEmployeeSearch.aspx prntFrmName or prntDDLCntrlName parameter. | |||||
| CVE-2018-12651 | 1 Myadrenalin | 1 Human Resource Management Software | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the ShiftEmployeeSearch.aspx prntFrmName or prntDDLCntrlName parameter. | |||||
| CVE-2018-12650 | 1 Myadrenalin | 1 Human Resource Management Software | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site Scripting (XSS) vulnerability in the ApplicationtEmployeeSearch page via 'prntDDLCntrlName' and 'prntFrmName'. | |||||
| CVE-2018-12638 | 1 Bose | 1 Soundtouch | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app. | |||||
| CVE-2018-12627 | 1 Eventum Project | 1 Eventum | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Eventum 3.5.0. /htdocs/list.php has XSS via the show_notification_list_issues or show_authorized_issues parameter. | |||||
| CVE-2018-12626 | 1 Eventum Project | 1 Eventum | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Eventum 3.5.0. /htdocs/popup.php has XSS via the cat parameter. | |||||
| CVE-2018-12625 | 1 Eventum Project | 1 Eventum | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS via the values parameter. | |||||