Vulnerabilities (CVE)

Filtered by CWE-79
Total 35377 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-16220 1 Audiocodes 2 405hd, 405hd Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting in different input fields (domain field and personal settings) in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an attacker (local or remote) to inject JavaScript into the web interface of the device by manipulating the phone book entries or manipulating the domain name sent to the device from the domain controller.
CVE-2018-16210 1 Wago 2 Wago 750-881 Ethernet Controller Devices, Wago 750-881 Ethernet Controller Devices Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field.
CVE-2018-16206 1 Ohtanz 1 Spam-byebye 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in WordPress plugin spam-byebye 2.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-16205 1 Weseek 1 Growi 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via New Page modal.
CVE-2018-16204 1 Google Xml Sitemaps Project 1 Google Xml Sitemaps 2024-11-21 3.5 LOW 4.8 MEDIUM
Cross-site scripting vulnerability in Google XML Sitemaps Version 4.0.9 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-16199 1 Toshiba 4 Hem-gw16a, Hem-gw16a Firmware, Hem-gw26a and 1 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an remote attacker to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-16193 1 Nec 4 Aterm Wf1200cr, Aterm Wf1200cr Firmware, Aterm Wg1200cr and 1 more 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross-site scripting vulnerability in Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-16180 1 Daj 1 I-filter 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-16173 1 Thimpress 1 Learnpress 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-16165 1 Jpcert 1 Logontracer 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in LogonTracer 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-16164 1 Web-dorado 1 Event Calendar Wd 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross-site scripting vulnerability in Event Calendar WD version 1.1.21 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-16148 1 Opsview 1 Opsview 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting.
CVE-2018-16147 1 Opsview 1 Opsview 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The data parameter of the /settings/api/router endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting.
CVE-2018-16142 1 Phpok 1 Phpok 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
PHPOK 4.8.278 has a Reflected XSS vulnerability in framework/www/login_control.php via the _back parameter to the ok_f function.
CVE-2018-16139 1 Bibliosoft 1 Bibliopac 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in BIBLIOsoft BIBLIOpac 2008 allows remote attackers to inject arbitrary web script or HTML via the db or action parameter to to bin/wxis.exe/bibliopac/.
CVE-2018-16138 1 Ipbrick 1 Ipbrick Os 2024-11-21 3.5 LOW 4.8 MEDIUM
An issue was discovered in the administration page in IPBRICK OS 6.3. There are multiple XSS vulnerabilities.
CVE-2018-16134 1 Cybrotech 1 Cybrohttpserver 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cybrotech CyBroHttpServer 1.0.3 allows XSS via a URI.
CVE-2018-16096 1 Lenovo 8 System Management Module Firmware, Thinkagile Hx Enclosure 7x81, Thinkagile Hx Enclosure 7y87 and 5 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
In System Management Module (SMM) versions prior to 1.06, the SMM web interface for changing Enclosure VPD fails to sufficiently sanitize all input for HTML tags, possibly opening a path for cross-site scripting.
CVE-2018-16084 2 Google, Redhat 4 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain operations to open external programs via a crafted HTML page.
CVE-2018-16061 1 Mitsubishielectric 2 Smartrtu, Smartrtu Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Mitsubishi Electric Europe B.V. SmartRTU devices allow XSS via the username parameter or PATH_INFO to login.php.