Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1911 | 1 Sap | 1 Netweaver | 2018-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) Runtime Workbench (RWB) or (2) Pmitest servlet in the Process Monitoring Infrastructure (PMI), aka SAP Security Notes 2206793 and 2234918. | |||||
| CVE-2016-4016 | 1 Sap | 1 Java As | 2018-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) 15 allows remote attackers to inject arbitrary web script or HTML via the title parameter to webdynpro/resources/sap.com/xapps~xmii~ui~admin~navigation/NavigationApplication, aka SAP Security Note 2201295. | |||||
| CVE-2014-1964 | 1 Sap | 2 Netweaver, Netweaver Exchange Infrastructure \(bc-xi\) | 2018-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to the ESR application and a DIR error. | |||||
| CVE-2014-1965 | 1 Sap | 1 Netweaver | 2018-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to PIP. | |||||
| CVE-2013-6819 | 1 Sap | 1 Netweaver | 2018-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-6663 | 1 Sap | 1 Afaria | 2018-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Client form in the Device Inspector page in SAP Afaria 7 allows remote attackers to inject arbitrary web script or HTML via crafted client name data, aka SAP Security Note 2152669. | |||||
| CVE-2011-4707 | 1 Sap | 1 Netweaver | 2018-12-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet. | |||||
| CVE-2018-18952 | 1 Jeecms | 1 Jeecms | 2018-12-10 | 3.5 LOW | 4.8 MEDIUM |
| JEECMS 9.3 has XSS via an index.do#/content/update?type=update URI. | |||||
| CVE-2018-18733 | 1 Catfish-cms | 1 Catfish Cms | 2018-12-07 | 3.5 LOW | 5.4 MEDIUM |
| An XSS issue was discovered in Catfish CMS 4.8.30, related to "write source code," a similar issue to CVE-2018-13999. | |||||
| CVE-2018-18736 | 1 Catfish-cms | 1 Catfish Blog | 2018-12-07 | 3.5 LOW | 5.4 MEDIUM |
| An XSS issue was discovered in catfish blog 2.0.33, related to "write source code." | |||||
| CVE-2018-19051 | 1 Metinfo | 1 Metinfo | 2018-12-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword abt_type parameter. | |||||
| CVE-2018-19050 | 1 Metinfo | 1 Metinfo | 2018-12-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter. | |||||
| CVE-2018-19835 | 1 Metinfo | 1 Metinfo | 2018-12-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Metinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_columnerr4 parameter. | |||||
| CVE-2018-17783 | 1 Mantisbt | 1 Mantisbt | 2018-12-07 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name. | |||||
| CVE-2018-17782 | 1 Mantisbt | 1 Mantisbt | 2018-12-07 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name. | |||||
| CVE-2018-18694 | 1 Monstra | 1 Monstra | 2018-12-06 | 3.5 LOW | 4.8 MEDIUM |
| admin/index.php?id=filesmanager in Monstra CMS 3.0.4 allows remote authenticated administrators to trigger stored XSS via JavaScript content in a file whose name lacks an extension. Such a file is interpreted as text/html in certain cases. | |||||
| CVE-2018-15712 | 1 Nagios | 1 Nagios Xi | 2018-12-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php. | |||||
| CVE-2018-15713 | 1 Nagios | 1 Nagios Xi | 2018-12-06 | 3.5 LOW | 5.4 MEDIUM |
| Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php. | |||||
| CVE-2018-15714 | 1 Nagios | 1 Nagios Xi | 2018-12-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters. | |||||
| CVE-2018-12246 | 1 Symantec | 1 Web Isolation | 2018-12-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker can target end users protected by WI with social engineering attacks using crafted URLs for legitimate web sites. A successful attack allows injecting malicious JavaScript code into the website's rendered copy running inside the end user's web browser. It does not allow injecting code into the real (isolated) copy of the website running on the WI Threat Isolation Engine. | |||||