Total
35377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14904 | 1 Samsung | 1 Syncthru Web Service | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on several parameters, as demonstrated by ruiFw_pid. | |||||
| CVE-2018-14899 | 1 Epson | 2 Wf-2750, Wf-2750 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| On the EPSON WF-2750 printer with firmware JP02I2, the Web interface AirPrint Setup page is vulnerable to HTML Injection that can redirect users to malicious sites. | |||||
| CVE-2018-14890 | 1 Vectra | 1 Cognito | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Vectra Networks Cognito Brain and Sensor before 4.2 contains a cross-site scripting (XSS) vulnerability in the Web Management Console. | |||||
| CVE-2018-14888 | 1 Thank You\/like Project | 1 Thank You\/like | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| inc/plugins/thankyoulike.php in the Eldenroot Thank You/Like plugin before 3.1.0 for MyBB allows XSS via a post or thread subject. | |||||
| CVE-2018-14877 | 1 Weaselcms Project | 1 Weaselcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in WeaselCMS v0.3.5. XSS exists via Site Language, Site Title, Site Description, and Site Keywords on the SETTINGS page. | |||||
| CVE-2018-14875 | 1 Polarisft | 1 Intellect Core Banking | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in the Core and Portal modules in Polaris FT Intellect Core Banking 9.7.1. Reflected XSS exists with an authenticated session via the Customerid, formName, FrameId, or MODE parameter. | |||||
| CVE-2018-14873 | 1 Rincewind Project | 1 Rincewind | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Rincewind 0.1. There is a cross-site scripting (XSS) vulnerability involving a p=account request to index.php and another file named commonPages.php. | |||||
| CVE-2018-14869 | 1 Php Template Store Script Project | 1 Php Template Store Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Address Line 2, Bank name, or A/C Holder name field in a profile. | |||||
| CVE-2018-14850 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the mouse pointer over a modified link or thumb image. | |||||
| CVE-2018-14849 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php. | |||||
| CVE-2018-14846 | 1 Mondula | 1 Multi Step Form | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Mondula Multi Step Form plugin before 1.2.8 for WordPress has multiple stored XSS via wp-admin/admin-ajax.php. | |||||
| CVE-2018-14840 | 1 Intelliants | 1 Subrion | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads). | |||||
| CVE-2018-14838 | 1 Rejucms Project | 1 Rejucms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| rejucms 2.1 has stored XSS via the admin/book.php content parameter. | |||||
| CVE-2018-14837 | 1 Wolfcms | 1 Wolf Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Wolf CMS 0.8.3.1 has XSS in the Snippets tab, as demonstrated by a ?/admin/snippet/edit/1 URI. | |||||
| CVE-2018-14835 | 1 Subrion | 1 Subrion Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Subrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping added to the tooltip information being displayed in multiple areas. | |||||
| CVE-2018-14784 | 1 Netcommwireless | 2 Nwl-25, Nwl-25 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device is vulnerable to several cross-site scripting attacks, allowing a remote attacker to run arbitrary code on the device. | |||||
| CVE-2018-14777 | 1 Dleviet | 1 Datalife Engine | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in DataLife Engine (DLE) through 13.0. An attacker can use XSS (related to the /addnews.html and /index.php?do=addnews URIs) to send a malicious script to unsuspecting Admins or users. | |||||
| CVE-2018-14776 | 1 Clickstudios | 1 Passwordstate | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Click Studios Passwordstate before 8.3 Build 8397 allows XSS by authenticated users via an uploaded HTML document. | |||||
| CVE-2018-14724 | 1 Mybb | 1 Ban List | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In the Ban List plugin 1.0 for MyBB, any forum user with mod privileges can ban users and input an XSS payload into the ban reason, which is executed on the bans.php page. | |||||
| CVE-2018-14710 | 1 Asus | 2 Rt-ac3200, Rt-ac3200 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute JavaScript via the "hook" URL parameter. | |||||