Total
35377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10565 | 1 Flexense | 1 Disksavvy | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Flexense DiskSavvy Enterprise from v10.4 to v10.7. | |||||
| CVE-2018-10564 | 1 Flexense | 1 Diskpulse | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Flexense DiskPulse Enterprise from v10.4 to v10.7. | |||||
| CVE-2018-10563 | 1 Flexense | 1 Syncbreeze | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS in Flexense SyncBreeze affects all versions (tested from SyncBreeze Enterprise from v10.1 to v10.7). | |||||
| CVE-2018-10554 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; (2) includes/components/xicore/downtime.php, related to the update_pages function; (3) the ajaxhelper.php opts or background parameter; (4) the i[] array parameter to ajax_handler.php; or (5) the deploynotification.php title parameter. | |||||
| CVE-2018-10547 | 4 Canonical, Debian, Netapp and 1 more | 4 Ubuntu Linux, Debian Linux, Storage Automation Store and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712. | |||||
| CVE-2018-10527 | 1 Easycms Project | 1 Easycms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| EasyCMS 1.3 is prone to Stored XSS when posting an article; four fields are affected: title, keyword, abstract, and content, as demonstrated by the /admin/index/index.html#listarticle URI. | |||||
| CVE-2018-10430 | 1 Dilicms | 1 Dilicms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. There is a Stored XSS Vulnerability in the fourth textbox of "System setting->site setting" of admin/index.php. | |||||
| CVE-2018-10428 | 1 Ilias | 1 Ilias | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting. | |||||
| CVE-2018-10422 | 1 Hongcms Project | 1 Hongcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in HongCMS 3.0.0. The post news feature has Stored XSS via the content field. | |||||
| CVE-2018-10391 | 1 Wuzhicms | 1 Wuzhi Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the email parameter to the index.php?m=member&v=register URI. | |||||
| CVE-2018-10383 | 1 Lantronix | 2 Securelinx Spider, Securelinx Spider Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Lantronix SecureLinx Spider (SLS) 2.2+ devices have XSS in the auth.asp login page. | |||||
| CVE-2018-10382 | 1 Modx | 1 Modx Revolution | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| MODX Revolution 2.6.3 has XSS. | |||||
| CVE-2018-10379 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. The Move Issue feature contained a persistent XSS vulnerability. | |||||
| CVE-2018-10374 | 1 Easycms | 1 Easycms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value) in an index.php?s=/index/search/index.html request. | |||||
| CVE-2018-10371 | 1 Wunderfarm | 1 Wf Cookie Consent | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the wunderfarm WF Cookie Consent plugin 1.1.3 for WordPress. A persistent cross-site scripting vulnerability has been identified in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in a victim's web browser via a page title. | |||||
| CVE-2018-10369 | 1 Intelbras | 2 Win 240, Win 240 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An attacker can change the Admin Password without a Login. | |||||
| CVE-2018-10368 | 1 Wuzhicms | 1 Wuzhi Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in WUZHI CMS 4.1.0. The "Extension Module -> System Announcement" feature has Stored XSS via an announcement. | |||||
| CVE-2018-10367 | 1 Wuzhicms | 1 Wuzhi Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in WUZHI CMS 4.1.0. The content-management feature has Stored XSS via the title or content section. | |||||
| CVE-2018-10366 | 1 User Project | 1 User | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the Users (aka Front-end user management) plugin 1.4.5 for October CMS. XSS exists in the name field. | |||||
| CVE-2018-10365 | 1 Threads To Link Project | 1 Threads To Link | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An XSS issue was discovered in the Threads to Link plugin 1.3 for MyBB. When editing a thread, the user is given the option to convert the thread to a link. The thread link input box is not properly sanitized. | |||||