Total
35377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-13335 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared folders via their descriptions. | |||||
| CVE-2018-13334 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "options[sysname]" parameter. | |||||
| CVE-2018-13333 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames. | |||||
| CVE-2018-13331 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing users by placing JavaScript in their usernames. | |||||
| CVE-2018-13329 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "lines" URL parameter. | |||||
| CVE-2018-13323 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie. | |||||
| CVE-2018-13317 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to obtain the plaintext password for the admin user by making a GET request for password.htm. | |||||
| CVE-2018-13312 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "Input your notice URL" field. | |||||
| CVE-2018-13310 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's username. | |||||
| CVE-2018-13309 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password. | |||||
| CVE-2018-13308 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field. | |||||
| CVE-2018-13256 | 1 Chartered Accountant \ | 1 Auditor Website Project | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Auditor Website 2.0.1 has XSS via the lastname or firstname parameter. | |||||
| CVE-2018-13252 | 1 Entrustdatacard | 1 Syntera Customization Suite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Entrust Datacard Syntera CS 5.x has XSS via the name field of "Domain or Computer Name" in the login page. | |||||
| CVE-2018-13137 | 1 Pixelite | 1 Events Manager | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?post_type=event&page=events-manager-options URI. | |||||
| CVE-2018-13136 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen. | |||||
| CVE-2018-13134 | 1 Tp-link | 2 Archer C1200, Archer C1200 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATH_INFO to the /webpages/data URI. | |||||
| CVE-2018-13106 | 1 Clippercms | 1 Clippercms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| ClipperCMS 1.3.3 has stored XSS via the "Tools -> Configuration" screen of the manager/ URI. | |||||
| CVE-2018-13104 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID) | |||||
| CVE-2018-13065 | 1 Trustwave | 1 Modsecurity | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured | |||||
| CVE-2018-13055 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO. | |||||