Total
35377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-25045 | 1 Django-rest-framework | 1 Django Rest Framework | 2024-11-21 | N/A | 6.1 MEDIUM |
| Django REST framework (aka django-rest-framework) before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping. | |||||
| CVE-2018-25039 | 1 Technicolor | 2 Thomson Tcw710, Thomson Tcw710 Firmware | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been declared as problematic. This vulnerability affects unknown code of the file /goform/RgUrlBlock.asp. The manipulation of the argument BasicParentalNewKeyword with the input ><script>alert(1)</script> as part of POST Request leads to cross site scripting (Persistent). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2018-25038 | 1 Technicolor | 2 Thomson Tcw710, Thomson Tcw710 Firmware | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been classified as problematic. This affects an unknown part of the file /goform/RgDhcp. The manipulation of the argument PppUserName with the input ><script>alert(1)</script> as part of POST Request leads to cross site scripting (Persistent). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2018-25037 | 1 Technicolor | 2 Thomson Tcw710, Thomson Tcw710 Firmware | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A vulnerability was found in Thomson TCW710 ST5D.10.05 and classified as problematic. Affected by this issue is some unknown functionality of the file /goform/RgDdns. The manipulation of the argument DdnsHostName with the input ><script>alert(1)</script> as part of POST Request leads to cross site scripting (Persistent). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2018-25036 | 1 Technicolor | 2 Thomson Tcw710, Thomson Tcw710 Firmware | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A vulnerability has been found in Thomson TCW710 ST5D.10.05 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /goform/RgTime. The manipulation of the argument TimeServer1/TimeServer2/TimeServer3 with the input ><script>alert(1)</script> as part of POST Request leads to cross site scripting (Persistent). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2018-25035 | 1 Technicolor | 2 Thomson Tcw710, Thomson Tcw710 Firmware | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A vulnerability, which was classified as problematic, was found in Thomson TCW710 ST5D.10.05. Affected is an unknown function of the file /goform/RGFirewallEL. The manipulation of the argument EmailAddress/SmtpServerName with the input ><script>alert(1)</script> as part of POST Request leads to cross site scripting (Persistent). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2018-25034 | 1 Technicolor | 2 Thomson Tcw710, Thomson Tcw710 Firmware | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A vulnerability, which was classified as problematic, has been found in Thomson TCW710 ST5D.10.05. This issue affects some unknown processing of the file /goform/wlanPrimaryNetwork. The manipulation of the argument ServiceSetIdentifier with the input ><script>alert(1)</script> as part of POST Request leads to basic cross site scripting (Persistent). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-126695. | |||||
| CVE-2018-21209 | 1 Netgear | 20 Jnr1010, Jnr1010 Firmware, Jr6150 and 17 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by reflected XSS. This affects JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.20, R6050 before 1.0.1.10, R6220 before 1.1.0.60, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.46, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46. | |||||
| CVE-2018-21167 | 1 Netgear | 42 D6100, D6100 Firmware, Dm200 and 39 more | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.57, DM200 before 1.0.0.50, EX2700 before 1.0.1.32, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.70, EX6200v2 before 1.0.1.62, EX6400 before 1.0.1.78, EX7300 before 1.0.1.78, EX8000 before 1.0.0.114, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.42, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. | |||||
| CVE-2018-21155 | 1 Netgear | 20 D7800, D7800 Firmware, Dm200 and 17 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.52, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.4.2, R9000 before 1.0.3.16, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. | |||||
| CVE-2018-21095 | 1 Netgear | 4 Srr60, Srr60 Firmware, Srs60 and 1 more | 2024-11-21 | 2.3 LOW | 4.3 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects SRR60 before 2.2.1.210 and SRS60 before 2.2.1.210. | |||||
| CVE-2018-21030 | 1 Jupyter | 1 Notebook | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document. | |||||
| CVE-2018-21014 | 1 Buddyboss | 1 Buddymoss Media | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The buddyboss-media plugin through 3.2.3 for WordPress has stored XSS. | |||||
| CVE-2018-21012 | 1 Vsourz | 1 Cf7 Invisible Recaptcha | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress has XSS. | |||||
| CVE-2018-21001 | 1 Bologer | 1 Anycomment | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The anycomment plugin before 0.0.33 for WordPress has XSS. | |||||
| CVE-2018-20986 | 1 Advancedcustomfields | 1 Advanced Custom Fields | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin before 5.7.8 for WordPress has XSS by authors. | |||||
| CVE-2018-20983 | 1 Meowapps | 1 Wp Retina 2x | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-retina-2x plugin before 5.2.3 for WordPress has XSS. | |||||
| CVE-2018-20982 | 1 Davidlingren | 1 Media Library Assistant | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The media-library-assistant plugin before 2.74 for WordPress has XSS via the Media/Assistant or Settings/Media Library assistant admin submenu screens. | |||||
| CVE-2018-20978 | 1 Soflyy | 1 Wp All Import | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-all-import plugin before 3.4.7 for WordPress has XSS. | |||||
| CVE-2018-20977 | 1 Brainstormforce | 1 Schema | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The all-in-one-schemaorg-rich-snippets plugin before 1.5.0 for WordPress has XSS on the settings page. | |||||