Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16226 | 1 Mitel | 1 Mivoice Office 400 | 2018-12-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 (v8839a1) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack, due to insufficient validation for the start.asp page. A successful exploit could allow the attacker to execute arbitrary scripts to access sensitive browser-based information. | |||||
| CVE-2018-3699 | 1 Intel | 1 Raid Web Console 3 | 2018-12-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in the Intel RAID Web Console v3 for Windows may allow an unauthenticated user to elevate privilege via remote access. | |||||
| CVE-2014-5411 | 2 Aveva, Schneider-electric | 2 Clearscada, Scada Expert Clearscada | 2018-12-31 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-3144 | 2 Aveva, Schneider-electric | 3 Clearscada, Scx 67, Scx 68 | 2018-12-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-17256 | 1 Umbraco | 1 Umbraco Cms | 2018-12-31 | 3.5 LOW | 4.8 MEDIUM |
| Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content (Blog, Content Page, etc.). The vulnerability is exploited when updating or removing public access of a content. | |||||
| CVE-2018-20012 | 1 Phpcmf | 1 Phpcmf | 2018-12-31 | 3.5 LOW | 4.8 MEDIUM |
| PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=member&c=register&m=index URI. | |||||
| CVE-2018-19919 | 1 Pixelimity | 1 Pixelimity | 2018-12-31 | 3.5 LOW | 4.8 MEDIUM |
| Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php data[title] parameter, as demonstrated by a crafted onload attribute of an SVG element. | |||||
| CVE-2018-19849 | 1 Yzmcms | 1 Yzmcms | 2018-12-31 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in YzmCMS 5.2. XSS exists via the admin/content/search.html searinfo parameter. | |||||
| CVE-2018-1002006 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2018-12-30 | 3.5 LOW | 4.8 MEDIUM |
| These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes | |||||
| CVE-2018-20017 | 1 Sem-cms | 1 Semcms | 2018-12-28 | 3.5 LOW | 4.8 MEDIUM |
| SEMCMS 3.5 has XSS via the first text box to the SEMCMS_Main.php URI. | |||||
| CVE-2018-7810 | 1 Schneider-electric | 8 Modicom Bmxnor0200h, Modicom Bmxnor0200h Firmware, Modicom M340 and 5 more | 2018-12-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to craft a URL containing JavaScript that will be executed within the user's browser, potentially impacting the machine the browser is running on. | |||||
| CVE-2018-1002005 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2018-12-28 | 3.5 LOW | 4.8 MEDIUM |
| These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter. | |||||
| CVE-2018-19750 | 1 Domainmod | 1 Domainmod | 2018-12-27 | 3.5 LOW | 5.4 MEDIUM |
| DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields. | |||||
| CVE-2018-1002007 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2018-12-27 | 3.5 LOW | 4.8 MEDIUM |
| There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id. | |||||
| CVE-2018-1002008 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2018-12-27 | 3.5 LOW | 4.8 MEDIUM |
| There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable. | |||||
| CVE-2018-1002004 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2018-12-27 | 3.5 LOW | 4.8 MEDIUM |
| There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. | |||||
| CVE-2018-1002002 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2018-12-27 | 3.5 LOW | 4.8 MEDIUM |
| There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. | |||||
| CVE-2018-1002003 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2018-12-27 | 3.5 LOW | 4.8 MEDIUM |
| There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. | |||||
| CVE-2018-1002001 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2018-12-27 | 3.5 LOW | 4.8 MEDIUM |
| There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. | |||||
| CVE-2018-1002009 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2018-12-27 | 3.5 LOW | 4.8 MEDIUM |
| There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable. | |||||