Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-8254 | 1 Microsoft | 3 Project Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft Project Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8252. | |||||
| CVE-2018-8252 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8254. | |||||
| CVE-2018-8247 | 1 Microsoft | 2 Office Online Server, Office Web Apps | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Microsoft Office Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Office Online Server. This CVE ID is unique from CVE-2018-8245. | |||||
| CVE-2018-8168 | 1 Microsoft | 1 Sharepoint Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8149, CVE-2018-8155, CVE-2018-8156. | |||||
| CVE-2018-8159 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server. | |||||
| CVE-2018-8156 | 1 Microsoft | 2 Project Server, Sharepoint Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint, Microsoft Project Server. This CVE ID is unique from CVE-2018-8149, CVE-2018-8155, CVE-2018-8168. | |||||
| CVE-2018-8155 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8149, CVE-2018-8156, CVE-2018-8168. | |||||
| CVE-2018-8152 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server. | |||||
| CVE-2018-8149 | 1 Microsoft | 1 Sharepoint Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8155, CVE-2018-8156, CVE-2018-8168. | |||||
| CVE-2018-8108 | 1 Bui Project | 1 Bui | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The select component in bui through 2018-03-13 has XSS because it performs an escape operation on already-escaped text, as demonstrated by workGroupList text. | |||||
| CVE-2018-8078 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| YzmCMS 3.7 has Stored XSS via the title parameter to advertisement/adver/edit.html. | |||||
| CVE-2018-8071 | 1 Mautic | 1 Mautic | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mautic before v2.13.0 has stored XSS via a theme config file. | |||||
| CVE-2018-8070 | 1 Qcms | 1 Qcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| QCMS version 3.0 has XSS via the title parameter to the /guest/index.html URI. | |||||
| CVE-2018-8069 | 1 Qcms | 1 Qcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| QCMS version 3.0 has XSS via the webname parameter to the /backend/system.html URI. | |||||
| CVE-2018-8062 | 1 Comtrend | 2 Ar-5387un, Ar-5387un Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04_R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service. | |||||
| CVE-2018-8058 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (CMSMS) 2.2.6 has XSS in admin/moduleinterface.php via the pagedata parameter. | |||||
| CVE-2018-8048 | 2 Debian, Loofah Project | 2 Debian Linux, Loofah | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment. | |||||
| CVE-2018-8047 | 1 Vtiger | 1 Vtiger Crm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| vtiger CRM 7.0.1 is affected by one reflected Cross-Site Scripting (XSS) vulnerability affecting version 7.0.1 and probably prior versions. This vulnerability could allow remote unauthenticated attackers to inject arbitrary web script or HTML via index.php?module=Contacts&view=List (app parameter). | |||||
| CVE-2018-8046 | 1 Sencha | 1 Ext Js | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The getTip() method of Action Columns of Sencha Ext JS 4 to 6 before 6.6.0 is vulnerable to XSS attacks, even when passed HTML-escaped data. This framework brings no built-in XSS protection, so the developer has to ensure that data is correctly sanitized. However, the getTip() method of Action Columns takes HTML-escaped data and un-escapes it. If the tooltip contains user-controlled data, an attacker could exploit this to create a cross-site scripting attack, even when developers took precautions and escaped data. | |||||
| CVE-2018-8035 | 1 Apache | 1 Uimaducc | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC (<= 2.2.2) which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code. | |||||