Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19799 | 1 Dolibarr | 1 Dolibarr | 2019-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS. | |||||
| CVE-2018-16165 | 1 Jpcert | 1 Logontracer | 2019-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in LogonTracer 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-20486 | 1 Metinfo | 1 Metinfo | 2019-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| MetInfo 6.x through 6.1.3 has XSS via the /admin/login/login_check.php url_array[] parameter. | |||||
| CVE-2018-19414 | 1 Plikli | 1 Plikli Cms | 2019-01-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Plikli CMS 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to groups.php; (2) username parameter to login.php; or (3) date parameter to search.php. | |||||
| CVE-2018-20379 | 1 Technicolor | 2 Dpc3928sl, Dpc3928sl Firmware | 2019-01-14 | 2.6 LOW | 4.7 MEDIUM |
| Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-160428a devices allow XSS via a Cross Protocol Injection attack with setSSID of 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.1.1.3.10001. | |||||
| CVE-2018-20373 | 1 Tendacn | 2 Adsl, Adsl Firmware | 2019-01-14 | 3.5 LOW | 5.4 MEDIUM |
| Tenda ADSL modem routers 1.0.1 allow XSS via the hostname of a DHCP client. | |||||
| CVE-2018-16173 | 1 Thimpress | 1 Learnpress | 2019-01-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-19924 | 1 Sales \& Company Management System Project | 1 Sales \& Company Management System | 2019-01-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. An email address can be modified in between the request for a validation code and the entry of the validation code, leading to storage of an XSS payload contained in the modified address. | |||||
| CVE-2018-20680 | 1 Frog Cms Project | 1 Frog Cms | 2019-01-11 | 3.5 LOW | 4.8 MEDIUM |
| Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field. | |||||
| CVE-2018-12672 | 1 Sv3c | 4 H.264 Poe Ip Camera Firmware, Sv-b01poe-1080p-l, Sv-b11vpoe-1080p-l and 1 more | 2019-01-11 | 3.5 LOW | 5.4 MEDIUM |
| The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B) does not perform proper validation on user-supplied input and is vulnerable to cross-site scripting attacks. If proper authorization was implemented, this vulnerability could be leveraged to perform actions on behalf of another user or the administrator. | |||||
| CVE-2018-20372 | 1 Tp-link | 2 Td-w8961nd, Td-w8961nd Firmware | 2019-01-11 | 3.5 LOW | 5.4 MEDIUM |
| TP-Link TD-W8961ND devices allow XSS via the hostname of a DHCP client. | |||||
| CVE-2018-1000629 | 1 Battelle | 1 V2i Hub | 2019-01-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by api/SystemConfigActions.php?action=add and the index.php script. A remote attacker could exploit this vulnerability using the parameterName or _login_username parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | |||||
| CVE-2018-20464 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-01-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php. This vulnerability is triggered upon an attempt to modify a user's mailbox with the wrong format. The response contains the user's previously entered email address. | |||||
| CVE-2018-20454 | 1 74cms | 1 74cms | 2019-01-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in 74cms v4.2.111. upload/index.php?c=resume&a=resume_list has XSS via the key parameter. | |||||
| CVE-2019-5311 | 1 Yunucms | 1 Yunucms | 2019-01-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in YUNUCMS V1.1.8. app/index/controller/Show.php has an XSS vulnerability via the index.php/index/show/index cw parameter. | |||||
| CVE-2019-5310 | 1 Yunucms | 1 Yunucms | 2019-01-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the sys.php file, as demonstrated by site_title in an admin/system/basic POST request. | |||||
| CVE-2018-7355 | 1 Zte | 4 Mf65, Mf65 Firmware, Mf65m1 and 1 more | 2019-01-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scripting vulnerability. Due to improper neutralization of input during web page generation, an attacker could exploit this vulnerability to conduct reflected XSS or HTML injection attacks on the devices. | |||||
| CVE-2018-20302 | 1 Emetrotel | 1 Xain | 2019-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in Steve Pallen Xain before 0.6.2 via the order parameter. | |||||
| CVE-2018-20611 | 1 Txjia | 1 Imcat | 2019-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo.php?cookie URI. | |||||
| CVE-2018-20589 | 1 Generic Content Management System Project | 1 Generic Content Management System | 2019-01-09 | 3.5 LOW | 4.8 MEDIUM |
| Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/add_pictures.php article ID. | |||||