Total
36737 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12099 | 2 Grafana, Netapp | 3 Grafana, Active Iq Performance Analytics Services, Storagegrid Webscale Nas Bridge | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links. | |||||
| CVE-2018-12095 | 1 Oecms Project | 1 Oecms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Reflected Cross-Site Scripting web vulnerability has been discovered in the OEcms v3.1 web-application. The vulnerability is located in the mod parameter of info.php. | |||||
| CVE-2018-12094 | 1 Dimofinf | 1 Dimofinf Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in news.php in Dimofinf CMS Version 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2018-12090 | 1 Lamsfoundation | 1 Lams | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is unauthenticated reflected cross-site scripting (XSS) in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change. | |||||
| CVE-2018-12073 | 1 Eminent-online | 1 Em4544 | 2024-11-21 | 2.9 LOW | 5.3 MEDIUM |
| An issue was discovered on Eminent EM4544 9.10 devices. The device does not require the user's current password to set a new one within the web interface. Therefore, it is possible to exploit this issue (e.g., in combination with a successful XSS, or at an unattended workstation) to change the admin password to an attacker-chosen value without knowing the current password. | |||||
| CVE-2018-12047 | 1 Ximdex | 1 Ximdex | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| xfind/search in Ximdex 4.0 has XSS via the filter[n][value] parameters for non-negative values of n, as demonstrated by n equal to 0 through 12. | |||||
| CVE-2018-12043 | 1 Getsymphony | 1 Symphony | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the pages content page. | |||||
| CVE-2018-12040 | 1 Sensiolabs | 1 Symfony | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an _profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool that should never be deployed in production (so, we don't handle those issues as security issues). | |||||
| CVE-2018-12030 | 1 Chevereto | 1 Chevereto | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Chevereto Free before 1.0.13 has XSS. | |||||
| CVE-2018-11735 | 1 Ximdex | 1 Ximdex | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or fname parameter. | |||||
| CVE-2018-11734 | 1 E107 | 1 E107 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In e107 v2.1.7, output without filtering results in XSS. | |||||
| CVE-2018-11715 | 1 Recent Threads Project | 1 Recent Threads | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Recent Threads plugin before 1.1 for MyBB allows XSS via a thread subject. | |||||
| CVE-2018-11709 | 1 Gvectors | 1 Wpforo Forum | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI. | |||||
| CVE-2018-11690 | 1 Balbooa | 1 Gridbox | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Balbooa Gridbox extension version 2.4.0 and previous versions for Joomla! is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | |||||
| CVE-2018-11689 | 2 Hanwha-security, Samsung | 19 Hrd-1641, Hrd-1641 Firmware, Hrd-1642 and 16 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from Samsung to Hanwha.) | |||||
| CVE-2018-11688 | 1 Igniterealtime | 1 Openfire | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | |||||
| CVE-2018-11651 | 1 Graylog | 1 Graylog | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Graylog before v2.4.4 has an XSS security issue with unescaped text in dashboard names, related to components/dashboard/Dashboard.jsx, components/dashboard/EditDashboardModal.jsx, and pages/ShowDashboardPage.jsx. | |||||
| CVE-2018-11650 | 1 Graylog | 1 Graylog | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js. | |||||
| CVE-2018-11649 | 1 Gethue | 1 Hue | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Hue 3.12 has XSS via the /pig/save/ name and script parameters. | |||||
| CVE-2018-11647 | 1 Oauth2orize-fprm Project | 1 Oauth2orize-fprm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| index.js in oauth2orize-fprm before 0.2.1 has XSS via a crafted URL. | |||||