Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19768 | 1 Infovista | 1 Vistaportal | 2019-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "SubPagePackages.jsp" has reflected XSS via the ConnPoolName and GroupId parameters. | |||||
| CVE-2018-19765 | 1 Infovista | 1 Vistaportal | 2019-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "EditCurrentPresentSpace.jsp" has reflected XSS via the ConnPoolName, GroupId, and ParentId parameters. | |||||
| CVE-2018-19814 | 1 Infovista | 1 Vistaportal | 2019-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Subscriptions.jsp" has reflected XSS via the ConnPoolName or GroupId parameter. | |||||
| CVE-2018-19819 | 1 Infovista | 1 Vistaportal | 2019-01-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Rights.jsp" has reflected XSS via the ConnPoolName parameter. | |||||
| CVE-2018-19816 | 1 Infovista | 1 Vistaportal | 2019-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/categorytree/ChooseCategory.jsp" has reflected XSS via the ConnPoolName parameter. | |||||
| CVE-2018-19815 | 1 Infovista | 1 Vistaportal | 2019-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/UserPopupAddNewProp.jsp" has reflected XSS via the ConnPoolName parameter. | |||||
| CVE-2018-19813 | 1 Infovista | 1 Vistaportal | 2019-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Subscribers.jsp" has reflected XSS via the ConnPoolName or GroupId parameter. | |||||
| CVE-2018-19812 | 1 Infovista | 1 Vistaportal | 2019-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/SubFolderPackages.jsp" has reflected XSS via the GroupId parameter. | |||||
| CVE-2018-19811 | 1 Infovista | 1 Vistaportal | 2019-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Import.jsp" has reflected XSS via the ConnPoolName parameter. | |||||
| CVE-2018-19770 | 1 Infovista | 1 Vistaportal | 2019-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "Users.jsp" has reflected XSS via the ConnPoolName parameter. | |||||
| CVE-2018-19774 | 1 Infovista | 1 Vistaportal | 2019-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "PresentSpace.jsp" has reflected XSS via the GroupId and ConnPoolName parameters. | |||||
| CVE-2018-19772 | 1 Infovista | 1 Vistaportal | 2019-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "EditCurrentPresentSpace.jsp" has reflected XSS via the ConnPoolName, GroupId, and ParentId parameters. | |||||
| CVE-2018-19775 | 1 Infovista | 1 Vistaportal | 2019-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "Variables.jsp" has reflected XSS via the ConnPoolName and GroupId parameters. | |||||
| CVE-2018-18362 | 1 Symantec | 1 Norton Password Manager | 2019-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Norton Password Manager for Android (formerly Norton Identity Safe) may be susceptible to a cross site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. | |||||
| CVE-2018-19927 | 1 Zenitel | 2 Ip-stationweb, Ip-stationweb Firmware | 2019-01-02 | 3.5 LOW | 4.8 MEDIUM |
| Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zForm_save_changes sip_nick parameter. The password of alphaadmin for the admin account may be used for authentication in some cases. | |||||
| CVE-2018-19926 | 1 Zenitel | 2 Ip-stationweb, Ip-stationweb Firmware | 2019-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zenitel Norway IP-StationWeb before 4.2.3.9 allows reflected XSS via the goform/ PATH_INFO. | |||||
| CVE-2018-19630 | 1 Openwrt | 2 Lede, Openwrt | 2018-12-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?[XSS] URI. | |||||
| CVE-2018-0679 | 1 Fxc | 20 Ae1021, Ae1021 Firmware, Ae1021pe and 17 more | 2018-12-31 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting vulnerability in multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions) allows attacker with administrator rights to inject arbitrary web script or HTML via the administrative page. | |||||
| CVE-2018-18864 | 1 Loadbalancer | 1 Enterprise Va Max | 2018-12-31 | 9.3 HIGH | 9.6 CRITICAL |
| Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed. | |||||
| CVE-2018-19301 | 1 Tp4a | 1 Teleport | 2018-12-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| tp4a TELEPORT 3.1.0 allows XSS via the login page because a crafted username is mishandled when an administrator later views the system log. | |||||