Total
35377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10763 | 1 Synametrics | 1 Synaman | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1) Main heading or (2) Sub heading fields in the Partial Branding configuration page. | |||||
| CVE-2018-10752 | 1 Tagregator Project | 1 Tagregator | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Tagregator plugin 0.6 for WordPress has stored XSS via the title field in an Add New action. | |||||
| CVE-2018-10727 | 1 Fabrikar | 1 Fabrik | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) vulnerability in the fabrik_referrer hidden field in the Fabrikar Fabrik component through v3.8.1 for Joomla! allows remote attackers to inject arbitrary web script via the HTTP Referer header. | |||||
| CVE-2018-10726 | 1 Datenstrom | 1 Yellow | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored XSS vulnerability was found in Datenstrom Yellow 0.7.3 via an "Edit page" action. NOTE: the vendor disputes the relevance of this report because an installation accessible to untrusted users is supposed to have parserSafeMode=1 in system/config/config.ini to prevent XSS | |||||
| CVE-2018-10704 | 1 Yii2cmf Project | 1 Yii2cmf | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| yidashi yii2cmf 2.0 has XSS via the /search q parameter. | |||||
| CVE-2018-10700 | 1 Moxa | 2 Awk-3121, Awk-3121 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter "iw_board_deviceName" is susceptible to this injection. | |||||
| CVE-2018-10692 | 1 Moxa | 2 Awk-3121, Awk-3121 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on Moxa AWK-3121 1.14 devices. The session cookie "Password508" does not have an HttpOnly flag. This allows an attacker who is able to execute a cross-site scripting attack to steal the cookie very easily. | |||||
| CVE-2018-10686 | 1 Vestacp | 1 Control Panel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $_REQUEST['path'] to the view/file/index.php URI, which can lead to remote PHP code execution via vectors involving a file_put_contents call in web/upload/UploadHandler.php. | |||||
| CVE-2018-10680 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to "Web site settings --> Basic setting --> Website title" and enters an XSS payload via the zb_system/cmd.php ZC_BLOG_NAME parameter. NOTE: the vendor disputes the security relevance, noting it is "just a functional bug. | |||||
| CVE-2018-10665 | 1 Ilias | 1 Ilias | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to shib_logout.php and third-party demo files. | |||||
| CVE-2018-10649 | 1 Citrix | 1 Xenmobile Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3. | |||||
| CVE-2018-10609 | 1 Martem | 4 Telem-gw6, Telem-gw6 Firmware, Telem-gwm and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges. | |||||
| CVE-2018-10586 | 1 Netgain-systems | 1 Enterprise Manager | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| NetGain Enterprise Manager (EM) is affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities in versions before 10.1.12. | |||||
| CVE-2018-10580 | 1 Latest Posts On Profile Project | 1 Latest Posts On Profile | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The "Latest Posts on Profile" plugin 1.1 for MyBB has XSS because there is an added section in a user profile that displays that user's most recent posts without sanitizing the tsubject (aka thread subject) field. | |||||
| CVE-2018-10571 | 1 Open-emr | 1 Openemr | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple reflected cross-site scripting (XSS) vulnerabilities in OpenEMR before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) patient parameter to interface/main/finder/finder_navigation.php; (2) key parameter to interface/billing/get_claim_file.php; (3) formid or (4) formseq parameter to interface/orders/types.php; (5) eraname, (6) paydate, (7) post_to_date, (8) deposit_date, (9) debug, or (10) InsId parameter to interface/billing/sl_eob_process.php; (11) form_source, (12) form_paydate, (13) form_deposit_date, (14) form_amount, (15) form_name, (16) form_pid, (17) form_encounter, (18) form_date, or (19) form_to_date parameter to interface/billing/sl_eob_search.php; (20) codetype or (21) search_term parameter to interface/de_identification_forms/find_code_popup.php; (22) search_term parameter to interface/de_identification_forms/find_drug_popup.php; (23) search_term parameter to interface/de_identification_forms/find_immunization_popup.php; (24) id parameter to interface/forms/CAMOS/view.php; (25) id parameter to interface/forms/reviewofs/view.php; or (26) list_id parameter to library/custom_template/personalize.php. | |||||
| CVE-2018-10570 | 1 Frogcms Project | 1 Frogcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Frog CMS 0.9.5 has XSS in /install/index.php via the ['config']['admin_username'] field. | |||||
| CVE-2018-10569 | 1 Edimax | 2 Edimax Ew-7438rpn V2 Firmware, Ew-7438rpn Mini V2 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Edimax EW-7438RPn Mini v2 before version 1.26. There is XSS in an SSID field. | |||||
| CVE-2018-10568 | 1 Flexense | 1 Disksorter | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Flexense DiskSorter Enterprise from v9.5.12 to v10.7. | |||||
| CVE-2018-10567 | 1 Flexense | 1 Vx Search | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Flexense VX Search Enterprise from v10.1.12 to v10.7. | |||||
| CVE-2018-10566 | 1 Flexense | 1 Dupscout | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Flexense DupScout Enterprise from v10.0.18 to v10.7. | |||||