Total
35377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14704 | 1 Drobo | 2 5n2, 5n2 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in the MySQL API error page in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via a malformed URL path. | |||||
| CVE-2018-14698 | 1 Drobo | 2 5n2, 5n2 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the "username" URL parameter. | |||||
| CVE-2018-14697 | 1 Drobo | 2 5n2, 5n2 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the username URL parameter. | |||||
| CVE-2018-14691 | 1 Subsonic | 1 Subsonic | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Subsonic 6.1.1. The music tags feature is affected by three stored cross-site scripting vulnerabilities in the c0-param2, c0-param3, and c0-param4 parameters to dwr/call/plaincall/tagService.setTags.dwr that could be used to steal session information of a victim. | |||||
| CVE-2018-14690 | 1 Subsonic | 1 Subsonic | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Subsonic 6.1.1. The general settings are affected by two stored cross-site scripting vulnerabilities in the title and subtitle parameters to generalSettings.view that could be used to steal session information of a victim. | |||||
| CVE-2018-14689 | 1 Subsonic | 1 Subsonic | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the name[x], sourceformats[x], targetFormat[x], step1[x], and step2[x] parameters (where x is an integer) to transcodingSettings.view that could be used to steal session information of a victim. | |||||
| CVE-2018-14688 | 1 Subsonic | 1 Subsonic | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Subsonic 6.1.1. The radio settings are affected by three stored cross-site scripting vulnerabilities in the name[x], streamUrl[x], homepageUrl[x] parameters (where x is an integer) to internetRadioSettings.view that could be used to steal session information of a victim. | |||||
| CVE-2018-14686 | 1 Xycms Project | 1 Xycms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| system/edit_book.php in XYCMS 1.7 has stored XSS via a crafted add_do.php request, related to add_book.php. | |||||
| CVE-2018-14683 | 1 Paessler | 1 Prtg Network Monitor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| PRTG before 19.1.49.1966 has Cross Site Scripting (XSS) in the WEBGUI. | |||||
| CVE-2018-14664 | 1 Theforeman | 1 Foreman | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A flaw was found in foreman from versions 1.18. A stored cross-site scripting vulnerability exists due to an improperly escaped HTML code in the breadcrumbs bar. This allows a user with permissions to edit which attribute is used in the breadcrumbs bar to store code that will be executed on the client side. | |||||
| CVE-2018-14655 | 1 Redhat | 3 Keycloak, Linux, Single Sign-on | 2024-11-21 | 3.5 LOW | 4.6 MEDIUM |
| A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'response_mode=form_post' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login. | |||||
| CVE-2018-14631 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.3 MEDIUM | 8.8 HIGH |
| moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the search parameter. | |||||
| CVE-2018-14606 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur via a Milestone name during a promotion. | |||||
| CVE-2018-14605 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit. | |||||
| CVE-2018-14604 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the tooltip of the job inside the CI/CD pipeline. | |||||
| CVE-2018-14575 | 1 Mybb | 1 Trash Bin | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Trash Bin plugin 1.1.3 for MyBB has cross-site scripting (XSS) via a thread subject and a cross-site request forgery (CSRF) via a post subject. | |||||
| CVE-2018-14541 | 1 Readymadeb2bscript | 1 Basic B2b | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields. | |||||
| CVE-2018-14527 | 1 Xiao5ucompany Project | 1 Xiao5ucompany | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection mechanism in Safe.asp is insufficient (for example, it considers SCRIPT and IMG elements, but does not consider VIDEO elements). | |||||
| CVE-2018-14520 | 1 Getkirby | 1 Kirby | 2024-11-21 | N/A | 5.4 MEDIUM |
| An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into adding web pages. | |||||
| CVE-2018-14517 | 1 Seacms | 1 Seacms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SeaCMS 6.61 has two XSS issues in the admin_config.php file via certain form fields. | |||||