Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20370 | 1 The-sz | 1 Netchat | 2019-01-09 | 3.5 LOW | 5.4 MEDIUM |
| SZ NetChat before 7.9 has XSS in the MyName input field of the Options module. Attackers are able to inject commands to compromise the enabled HTTP server web frontend. | |||||
| CVE-2018-20351 | 1 Evernote | 1 Evernote | 2019-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Markdown component in Evernote (Chinese) before 8.3.2 on macOS allows stored XSS, aka MAC-832. | |||||
| CVE-2018-20462 | 1 Jsmol2wp Project | 1 Jsmol2wp | 2019-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter. | |||||
| CVE-2018-12651 | 1 Myadrenalin | 1 Human Resource Management Software | 2019-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the ShiftEmployeeSearch.aspx prntFrmName or prntDDLCntrlName parameter. | |||||
| CVE-2018-1000860 | 1 Phpipam | 1 Phpipam | 2019-01-08 | 2.6 LOW | 4.7 MEDIUM |
| phpipam version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in The value of the phpipamredirect cookie is copied into an HTML tag on the login page encapsulated in single quotes. Editing the value of the cookie to r5zkh'><script>alert(1)</script>quqtl exploits an XSS vulnerability. that can result in Arbitrary code executes in victims browser.. This attack appear to be exploitable via Needs to be chained with another exploit that allows an attacker to set or modify a cookie for the phpIPAM instance's domain.. | |||||
| CVE-2018-1000870 | 1 Phpipam | 1 Phpipam | 2019-01-08 | 3.5 LOW | 5.4 MEDIUM |
| PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in /app/admin/users/print-user.php that can result in Execute code in the victims browser. This attack appear to be exploitable via Attacker change theme parameter in user settings. Admin(Victim) views user in admin-panel and gets exploited.. This vulnerability appears to have been fixed in 1.4. | |||||
| CVE-2018-20520 | 1 1234n | 1 Minicms | 2019-01-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| MiniCMS V1.10 has XSS via the mc-admin/post-edit.php query string, a related issue to CVE-2018-10296 and CVE-2018-16233. | |||||
| CVE-2018-0723 | 1 Qnap | 1 Q\'center Virtual Appliance | 2019-01-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0724. | |||||
| CVE-2018-0724 | 1 Qnap | 1 Q\'center Virtual Appliance | 2019-01-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0723. | |||||
| CVE-2018-20306 | 1 Pulsesecure | 1 Virtual Traffic Manager | 2019-01-08 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the web administration user interface of Pulse Secure Virtual Traffic Manager may allow a remote authenticated attacker to inject web script or HTML via a crafted website and steal sensitive data and credentials. Affected releases are Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1. | |||||
| CVE-2018-1000847 | 1 Freshdns Project | 1 Freshdns | 2019-01-08 | 3.5 LOW | 5.4 MEDIUM |
| FreshDNS version 1.0.3 and prior contains a Cross Site Scripting (XSS) vulnerability in Account data form; Zone editor that can result in Execution of attacker's JavaScript code in victim's session. This attack appear to be exploitable via The attacker stores a specially crafted string as their Full Name in their account details. The victim (e.g. the administrator of the FreshDNS instance) opens the User List in the admin interface.. This vulnerability appears to have been fixed in 1.0.5 and later. | |||||
| CVE-2018-1000816 | 1 Grafana | 1 Grafana | 2019-01-07 | 3.5 LOW | 5.4 MEDIUM |
| Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting (XSS) vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where the payload was previously inserted.. | |||||
| CVE-2018-1000868 | 1 Webidsupport | 1 Webid | 2019-01-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| WeBid version up to current version 1.2.2 contains a Cross Site Scripting (XSS) vulnerability in user_login.php, register.php that can result in Javascript execution in the user's browser, injection of malicious markup into the page. This attack appear to be exploitable via The victim user must click a malicous link. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f. | |||||
| CVE-2018-16778 | 1 Jenzabar | 1 Jenzabar | 2019-01-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Jenzabar v8.2.1 through 9.2.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter (aka the Search Field). | |||||
| CVE-2018-2486 | 1 Sap | 2 Marketing Sapscore, Marketing Uicuan | 2019-01-07 | 3.5 LOW | 5.4 MEDIUM |
| SAP Marketing (UICUAN (1.20, 1.30, 1.40), SAPSCORE (1.13, 1.14)) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2018-2502 | 1 Sap | 1 Business One On Hana | 2019-01-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| TRACE method is enabled in SAP Business One Service Layer . Attacker can use XST (Cross Site Tracing) attack if frontend applications that are using Service Layer has a XSS vulnerability. This has been fixed in SAP Business One Service Layer (B1_ON_HANA, versions 9.2, 9.3). | |||||
| CVE-2018-20172 | 1 Nagios | 1 Nagios Xi | 2019-01-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Nagios XI before 5.5.8. The rss_url parameter of rss_dashlet/magpierss/scripts/magpie_slashbox.php is not filtered, resulting in an XSS vulnerability. | |||||
| CVE-2018-20171 | 1 Nagios | 1 Nagios Xi | 2019-01-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Nagios XI before 5.5.8. The url parameter of rss_dashlet/magpierss/scripts/magpie_simple.php is not filtered, resulting in an XSS vulnerability. | |||||
| CVE-2018-2505 | 1 Sap | 1 Hybris | 2019-01-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability in storefronts that are based on the product. Fixed in versions (SAP Hybris Commerce, versions 6.2, 6.3, 6.4, 6.5, 6.6, 6.7). | |||||
| CVE-2018-19439 | 1 Oracle | 1 Secure Global Desktop | 2019-01-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). helpwindow.jsp has reflected XSS via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter. | |||||