Vulnerabilities (CVE)

Filtered by CWE-79
Total 35377 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-15740 1 Zohocorp 1 Manageengine Admanager Plus 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen.
CVE-2018-15714 1 Nagios 1 Nagios Xi 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters.
CVE-2018-15713 1 Nagios 1 Nagios Xi 2024-11-21 3.5 LOW 5.4 MEDIUM
Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php.
CVE-2018-15712 1 Nagios 1 Nagios Xi 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php.
CVE-2018-15707 1 Advantech 1 Webaccess 2024-11-21 3.5 LOW 5.4 MEDIUM
Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things.
CVE-2018-15703 1 Advantech 1 Webaccess 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser.
CVE-2018-15699 1 Asustor 1 Data Master 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version field.
CVE-2018-15679 1 Btiteam 1 Xbtit 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in BTITeam XBTIT 2.5.4. The "keywords" parameter in the search function available at /index.php?page=forums&action=search is vulnerable to reflected cross-site scripting.
CVE-2018-15678 1 Btiteam 1 Xbtit 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in BTITeam XBTIT 2.5.4. The "act" parameter in the sign-up page available at /index.php?page=signup is vulnerable to reflected cross-site scripting.
CVE-2018-15677 1 Btiteam 1 Xbtit 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has stored XSS via the title of a news item. This is also exploitable via CSRF.
CVE-2018-15676 1 Btiteam 1 Xbtit 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in BTITeam XBTIT. By using String.replace and eval, it is possible to bypass the includes/crk_protection.php anti-XSS mechanism that looks for a number of dangerous fingerprints.
CVE-2018-15641 1 Odoo 1 Odoo 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) issue in web module in Odoo Community 11.0 through 14.0 and Odoo Enterprise 11.0 through 14.0, allows remote authenticated internal users to inject arbitrary web script in the browser of a victim via crafted calendar event attributes.
CVE-2018-15638 1 Odoo 1 Odoo 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) issue in mail module in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via crafted channel names.
CVE-2018-15635 1 Odoo 1 Odoo 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
Cross-site scripting vulnerability in the Discuss App of Odoo Community 12.0 and earlier, and Odoo Enterprise 12.0 and earlier allows remote attackers to inject arbitrary web script in the browser of an internal user of the system by tricking them into inviting a follower on a document with a crafted name.
CVE-2018-15634 1 Odoo 1 Odoo 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) issue in attachment management in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via a crafted link.
CVE-2018-15633 1 Odoo 1 Odoo 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) issue in "document" module in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via crafted attachment filenames.
CVE-2018-15614 1 Avaya 1 Ip Office 2024-11-21 3.5 LOW 6.8 MEDIUM
A vulnerability in the one-x Portal component of IP Office could allow an authenticated user to perform stored cross site scripting attacks via fields in the Conference Scheduler Service that could affect other application users. Affected versions of IP Office include 10.0 through 10.1 SP3 and 11.0 versions prior to 11.0 SP1.
CVE-2018-15613 1 Avaya 1 Aura Orchestration Designer 2024-11-21 4.3 MEDIUM 8.3 HIGH
A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1.
CVE-2018-15608 1 Manageengine 1 Admanager Plus 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen.
CVE-2018-15606 1 Salesagility 1 Suitecrm 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An XSS issue was discovered in SalesAgility SuiteCRM 7.x before 7.8.21 and 7.10.x before 7.10.8, related to phishing an error message.