Total
35377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1000407 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/Api.java that allows attackers to specify URLs to Jenkins that result in rendering arbitrary attacker-controlled HTML by Jenkins. | |||||
| CVE-2018-1000225 | 1 Cobblerd | 1 Cobbler | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS) vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to be exploitable via "network connectivity". Sending unauthenticated JavaScript payload to the Cobbler XMLRPC API (/cobbler_api). | |||||
| CVE-2018-1000219 | 1 Open-emr | 1 Openemr | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'scan' parameter in line #41 of interface/fax/fax_view.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.. This attack appear to be exploitable via The victim must visit on a specially crafted URL.. | |||||
| CVE-2018-1000218 | 1 Open-emr | 1 Openemr | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'file' parameter in line #43 of interface/fax/fax_view.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.. This attack appear to be exploitable via The victim must visit on a specially crafted URL.. | |||||
| CVE-2018-1000202 | 1 Jenkins | 1 Groovy Postbuild | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and older in various Jelly files that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions. | |||||
| CVE-2018-1000177 | 1 Jenkins | 1 S3 Publisher | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in another user's browser when that user performs some UI actions. | |||||
| CVE-2018-1000172 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Imagely NextGEN Gallery version 2.2.30 and earlier contains a Cross Site Scripting (XSS) vulnerability in Image Alt & Title Text. This attack appears to be exploitable via a victim viewing the image in the administrator page. This vulnerability appears to have been fixed in 2.2.45. | |||||
| CVE-2018-1000170 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in confirmationList.jelly and stopButton.jelly that allows attackers with Job/Configure and/or Job/Create permission to create an item name containing JavaScript that would be executed in another user's browser when that other user performs some UI actions. | |||||
| CVE-2018-1000163 | 1 Projectfloodlight | 1 Floodlight | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Floodlight version 1.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in the web console that can result in javascript injections into the web page. This attack appears to be exploitable via the victim browsing the web console. | |||||
| CVE-2018-1000162 | 1 Parsedown | 1 Parsedown | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Parsedown version prior to 1.7.0 contains a Cross Site Scripting (XSS) vulnerability in `setMarkupEscaped` for escaping HTML that can result in JavaScript code execution. This attack appears to be exploitable via specially crafted markdown that allows it to side step HTML escaping by breaking AST boundaries. This vulnerability appears to have been fixed in 1.7.0 and later. | |||||
| CVE-2018-1000160 | 1 Risingstack | 1 Protect | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| RisingStack protect version 1.2.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in isXss() function in lib/rules/xss.js that can result in dangerous XSS strings being validated as safe. This attack appears to be exploitable via A number of XSS strings(26) detailed in the GitHub issue #16. | |||||
| CVE-2018-1000154 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zammad GmbH Zammad version 2.3.0 and earlier contains a Improper Neutralization of Script-Related HTML Tags in a Web Page (CWE-80) vulnerability in the subject of emails which are not html quoted in certain cases. This can result in the embedding and execution of java script code on users browser. This attack appear to be exploitable via the victim openning a ticket. This vulnerability appears to have been fixed in 2.3.1, 2.2.2 and 2.1.3. | |||||
| CVE-2018-1000144 | 1 Jenkins | 1 Cucumber Living Documentation | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross site scripting vulnerability exists in Jenkins Cucumber Living Documentation Plugin 1.0.12 and older in CukedoctorBaseAction#doDynamic that disables the Content-Security-Policy protection for archived artifacts and workspace files, allowing attackers able to control the content of these files to attack Jenkins users. | |||||
| CVE-2018-1000139 | 1 I-librarian | 1 I Librarian | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| I, Librarian version 4.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in "id" parameter in stable.php that can result in an attacker using the XSS to send a malicious script to an unsuspecting user. | |||||
| CVE-2018-1000129 | 1 Jolokia | 1 Jolokia | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser. | |||||
| CVE-2018-1000113 | 1 Jenkins | 1 Testlink | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScript | |||||
| CVE-2018-1000108 | 1 Jenkins | 1 Cppncss | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting vulnerability exists in Jenkins CppNCSS Plugin 1.1 and earlier in AbstractProjectAction/index.jelly that allow an attacker to craft links to Jenkins URLs that run arbitrary JavaScript in the user's browser when accessed. | |||||
| CVE-2018-1000095 | 1 Redhat | 1 Ovirt-engine | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin application. This vulnerability appears to have been fixed in version 4.2.3. | |||||
| CVE-2018-1000088 | 1 Doorkeeper Project | 1 Doorkeeper | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting (XSS) vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client's name will cause users interacting with it will execute payload. This attack appear to be exploitable via The victim must be tricked to click an opaque link to the web view that runs the XSS payload. A malicious version virtually indistinguishable from a normal link.. This vulnerability appears to have been fixed in 4.2.6, 4.3.0. | |||||
| CVE-2018-1000087 | 1 Wolfcms | 1 Wolf Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| WolfCMS version version 0.8.3.1 contains a Reflected Cross Site Scripting vulnerability in "Create New File" and "Create New Directory" input box from 'files' Tab that can result in Session Hijacking, Spread Worms,Control the browser remotely. . This attack appear to be exploitable via Attacker can execute the JavaScript into the "Create New File" and "Create New Directory" input box from 'files'. | |||||