Total
36733 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-11471 | 1 Getcockpit | 1 Cockpit | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Cockpit 0.5.5 has XSS via a collection, form, or region. | |||||
CVE-2018-11450 | 1 Siemens | 1 Teamcenter Product Lifecycle Management | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
A reflected Cross-Site-Scripting (XSS) vulnerability has been identified in Siemens PLM Software TEAMCENTER (V9.1.2.5). If a user visits the login portal through the URL crafted by the attacker, the attacker can insert html/javascript and thus alter/rewrite the login portal page. Siemens PLM Software TEAMCENTER V9.1.3 and newer are not affected. | |||||
CVE-2018-11448 | 1 Siemens | 2 Scalance M875, Scalance M875 Firmware | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a stored Cross-Site Scripting (XSS) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires that the attacker has access to the web interface of an affected device. The attacker must be authenticated as administrative user on the web interface. Afterwards, a legitimate user must access the web interface. A successful attack could allow an attacker to execute malicious code in the browser of a legitimate user. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
CVE-2018-11443 | 1 Easyservice Billing Project | 1 Easyservice Billing | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The parameter q is affected by Cross-site Scripting in jobcard-ongoing.php in EasyService Billing 1.0. | |||||
CVE-2018-11430 | 1 Moderator Log Notes Project | 1 Moderator Log Notes | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. The XSS is located in the mod notes textarea. | |||||
CVE-2018-11415 | 1 Sap | 1 Internet Transaction Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases of this product. | |||||
CVE-2018-11404 | 1 Domainmod | 1 Domainmod | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter. | |||||
CVE-2018-11403 | 1 Domainmod | 1 Domainmod | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter. | |||||
CVE-2018-11366 | 1 Loginizer | 1 Loginizer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has Unauthenticated Stored Cross-Site Scripting (XSS) because logging is mishandled. This is fixed in 1.4.0. | |||||
CVE-2018-11352 | 1 Wallabag | 1 Wallabag | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
The Wallabag application 2.2.3 to 2.3.2 is affected by one cross-site scripting (XSS) vulnerability that is stored within the configuration page. This vulnerability enables the execution of a JavaScript payload each time an administrator visits the configuration page. The vulnerability can be exploited with authentication and used to target administrators and steal their sessions. | |||||
CVE-2018-11351 | 1 Jirafeau | 1 Jirafeau | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
script.php in Jirafeau before 3.4.1 is affected by two stored Cross-Site Scripting (XSS) vulnerabilities. These are stored within the shared files description file and allow the execution of a JavaScript payload each time an administrator searches or lists uploaded files. These two injections could be triggered without authentication, and target the administrator. The attack vectors are the Content-Type field and the filename parameter. | |||||
CVE-2018-11350 | 1 Jirafeau | 1 Jirafeau | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Jirafeau before 3.4.1. The file "search by name" form is affected by one Cross-Site Scripting vulnerability via the name parameter. | |||||
CVE-2018-11348 | 1 Yunohost | 1 Yunohost | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Two XSS vulnerabilities are located in the profile edition page of the user panel of the YunoHost 2.7.2 through 2.7.14 web application. By injecting a JavaScript payload, these flaws could be used to manipulate a user's session. | |||||
CVE-2018-11343 | 1 Asustor | 1 Soundsgood | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
A persistent cross site scripting vulnerability in playlistmanger.cgi in the ASUSTOR SoundsGood application allows attackers to store cross site scripting payloads via the 'playlist' POST parameter. | |||||
CVE-2018-11339 | 1 Frappe | 1 Erpnext | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
An XSS issue was discovered in Frappe ERPNext v11.x.x-develop b1036e5 via a comment. | |||||
CVE-2018-11332 | 1 Clippercms | 1 Clippercms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted site name to the manager/processors/save_settings.processor.php file. | |||||
CVE-2018-11330 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
An issue was discovered in Pluck before 4.7.6. There is authenticated stored XSS because the character set for filenames is not properly restricted. | |||||
CVE-2018-11328 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 2.6 LOW | 4.7 MEDIUM |
An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could result in an XSS vulnerability. | |||||
CVE-2018-11326 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
An issue was discovered in Joomla! Core before 3.8.8. Inadequate input filtering leads to a multiple XSS vulnerabilities. Additionally, the default filtering settings could potentially allow users of the default Administrator user group to perform a XSS attack. | |||||
CVE-2018-11317 | 1 Intelliants | 1 Subrion | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Subrion CMS before 4.1.4 has XSS. |