Total
35377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-9183 | 1 Joomsky | 1 Js Jobs | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Joom Sky JS Jobs extension before 1.2.1 for Joomla! has XSS. | |||||
| CVE-2018-9182 | 1 Lynxtechnology | 1 Twonky Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Twonky Server before 8.5.1 has XSS via a modified "language" parameter in the Language section. | |||||
| CVE-2018-9177 | 1 Lynxtechnology | 1 Twonky Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Twonky Server before 8.5.1 has XSS via a folder name on the Shared Folders screen. | |||||
| CVE-2018-9173 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter. | |||||
| CVE-2018-9172 | 1 Iptanus | 1 Wordpress File Upload | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes. | |||||
| CVE-2018-9169 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Z-BlogPHP 1.5.1 has XSS via the zb_users/plugin/AppCentre/plugin_edit.php app_id parameter. The component must be accessed directly by an administrator, or through CSRF. | |||||
| CVE-2018-9163 | 1 Zohocorp | 1 Manageengine Recovery Manager Plus | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do. | |||||
| CVE-2018-9155 | 1 Open-audit | 1 Open-audit | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the Admin->Logs section (with a logs?logs.type= URI) and the Manage->Attributes section (via the "Name (display)" field to the attributes/create URI). | |||||
| CVE-2018-9147 | 1 Gespage | 1 Gespage | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerabilities in version 7.5.7 of Gespage software allow remote attackers to inject arbitrary web script or HTML via the email, passwd, and repasswd parameters to webapp/users/user_reg.jsp. | |||||
| CVE-2018-9140 | 1 Samsung | 1 Samsung Mobile | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| On Samsung mobile devices with M(6.0) software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747. | |||||
| CVE-2018-9130 | 1 Ibos | 1 Ibos | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBOS 4.4.3 has XSS via a company full name. | |||||
| CVE-2018-9123 | 1 Crea8social | 1 Crea8social | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In Crea8social 2018.2, there is Stored Cross-Site Scripting via a User Profile. | |||||
| CVE-2018-9122 | 1 Crea8social | 1 Crea8social | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In Crea8social 2018.2, there is Reflected Cross-Site Scripting via the term parameter to the /search URI. | |||||
| CVE-2018-9121 | 1 Crea8social | 1 Crea8social | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post comment. | |||||
| CVE-2018-9120 | 1 Crea8social | 1 Crea8social | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post. | |||||
| CVE-2018-9111 | 1 Foxconn | 2 Ap-fc4064-t, Ap-fc4064-t Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists on the Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE Build 15 via the configuration of a user account. An attacker can execute arbitrary script on an unsuspecting user's browser. | |||||
| CVE-2018-9104 | 1 Mitel | 2 Mivoice Connect, St 14.2 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the api.php page. A successful exploit could allow an attacker to execute arbitrary scripts. | |||||
| CVE-2018-9103 | 1 Mitel | 2 Mivoice Connect, St 14.2 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. A successful exploit could allow an attacker to execute arbitrary scripts. | |||||
| CVE-2018-9101 | 1 Mitel | 2 Mivoice Connect, St 14.2 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the launch_presenter.php page. A successful exploit could allow an attacker to execute arbitrary scripts. | |||||
| CVE-2018-9090 | 1 Redhat | 1 Tectonic | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| CoreOS Tectonic 1.7.x and 1.8.x before 1.8.7-tectonic.2 deploys the Grafana web application using default credentials (admin/admin) for the administrator account located at grafana-credentials secret. This occurs because CoreOS does not randomize the administrative password to later be configured by Tectonic administrators. An attacker can insert an XSS payload into the dashboards. | |||||