Total
35377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-8918 | 1 Synology | 1 Router Manager | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| Cross-site scripting (XSS) vulnerability in info.cgi in Synology Router Manager (SRM) before 1.1.7-6941 allows remote attackers to inject arbitrary web script or HTML via the host parameter. | |||||
| CVE-2018-8915 | 1 Synology | 1 Calendar | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter. | |||||
| CVE-2018-8912 | 1 Synology | 1 Note Station | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Note in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via the commit_msg parameter. | |||||
| CVE-2018-8911 | 1 Synology | 1 Note Station | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments. | |||||
| CVE-2018-8910 | 1 Synology | 1 Drive Server | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Drive before 1.0.1-10253 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments. | |||||
| CVE-2018-8906 | 1 Dsmall Project | 1 Dsmall | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| dsmall v20180320 has XSS via a crafted street address to public/index.php/home/memberaddress/index.html, which is mishandled at public/index.php/home/memberaddress/edit/address_id/2.html. | |||||
| CVE-2018-8903 | 1 Open-audit | 1 Open-audit | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen. | |||||
| CVE-2018-8900 | 1 Gemalto | 1 Sentinel Ldk Rte | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The License Manager service of HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE 7.80 allows remote attackers to inject malicious web script in the logs page of Admin Control Center (ACC) for cross-site scripting (XSS) vulnerability. | |||||
| CVE-2018-8899 | 1 Identityserver | 1 Identityserver4 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations. | |||||
| CVE-2018-8891 | 1 Blackberry | 1 Unified Endpoint Manager | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Multiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator. | |||||
| CVE-2018-8888 | 1 Blackberry | 1 Unified Endpoint Manager | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator. | |||||
| CVE-2018-8846 | 1 Philips | 1 E-alert Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is then served to other users. | |||||
| CVE-2018-8832 | 1 Enhavo | 1 Enhavo | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| enhavo 0.4.0 has XSS via a user-group that contains executable JavaScript code in the user-group name. The XSS attack launches when a victim visits the admin user group page. | |||||
| CVE-2018-8831 | 1 Kodi | 1 Kodi | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist. | |||||
| CVE-2018-8827 | 1 Technicolor | 2 Tg789vac, Tg789vac Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The admin web interface on Technicolor MediaAccess TG789vac v2 HP devices with firmware v16.3.7190-2761005-20161004084353 displays unsanitised user input, which allows an unauthenticated malicious user to embed JavaScript into the Log viewer interface via a crafted HTTP Referer header, aka XSS. | |||||
| CVE-2018-8815 | 1 Alkacon | 1 Opencms | 2024-11-21 | 3.5 LOW | 4.6 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote attackers to inject arbitrary web script or HTML via a malicious SVG image. | |||||
| CVE-2018-8805 | 1 Yxcms | 1 Yxcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Yxcms building system (compatible cell phone) v1.4.7 has XSS via the content parameter to protected\apps\default\view\default\extend_guestbook.php or protected\apps\default\view\mobile\extend_guestbook.php in an index.php?r=default/column/index&col=guestbook request. | |||||
| CVE-2018-8772 | 1 Coship | 2 Rt3052, Rt3052 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Coship RT3052 4.0.0.48 devices allow XSS via a crafted SSID field on the "Wireless Setting - Basic" screen. | |||||
| CVE-2018-8767 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| joyplus-cms 1.6.0 has XSS in manager/admin_ajax.php?action=save&tab={pre}vod_type via the t_name parameter. | |||||
| CVE-2018-8763 | 2 Debian, Ldap-account-manager | 2 Debian Linux, Ldap Account Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=rename_form URI. | |||||