Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0589 | 1 Apple | 1 Iphone Os | 2018-11-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0588. | |||||
| CVE-2012-0590 | 1 Apple | 1 Iphone Os | 2018-11-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a drag-and-drop operation. | |||||
| CVE-2012-0586 | 1 Apple | 1 Iphone Os | 2018-11-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0587, CVE-2012-0588, and CVE-2012-0589. | |||||
| CVE-2017-5934 | 4 Canonical, Debian, Moinmo and 1 more | 4 Ubuntu Linux, Debian Linux, Moinmoin and 1 more | 2018-11-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-11559 | 1 Domainmod | 1 Domainmod | 2018-11-29 | 3.5 LOW | 5.4 MEDIUM |
| DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_last_name parameter. | |||||
| CVE-2018-11558 | 1 Domainmod | 1 Domainmod | 2018-11-29 | 3.5 LOW | 5.4 MEDIUM |
| DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_first_name parameter. | |||||
| CVE-2018-17337 | 1 Intelbras | 2 Nplug, Nplug Firmware | 2018-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is received via a network broadcast. | |||||
| CVE-2018-18270 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action. | |||||
| CVE-2018-18282 | 1 Zeit | 1 Next.js | 2018-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page. | |||||
| CVE-2018-18296 | 1 Metinfo | 1 Metinfo | 2018-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| MetInfo 6.1.2 has XSS via the /admin/index.php bigclass parameter in an n=column&a=doadd action. | |||||
| CVE-2018-18259 | 1 Luya | 1 Luya Cms | 2018-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS has been discovered in version 1.0.12 of the LUYA CMS software via /admin/api-cms-nav/create-page. | |||||
| CVE-2018-18271 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action. | |||||
| CVE-2018-18062 | 1 Tecrail | 1 Responsive Filemanager | 2018-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. A reflected XSS vulnerability allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2018-18374 | 1 Metinfo | 1 Metinfo | 2018-11-27 | 3.5 LOW | 5.4 MEDIUM |
| XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter. | |||||
| CVE-2018-8488 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2018-11-27 | 3.5 LOW | 5.4 MEDIUM |
| An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8480, CVE-2018-8498, CVE-2018-8518. | |||||
| CVE-2018-18208 | 1 Virtualmin | 1 Virtualmin | 2018-11-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Virtualmin 6.03 allows XSS via the query string, as demonstrated by the webmin_search.cgi URI. | |||||
| CVE-2018-15903 | 1 Claromentis | 1 Claromentis | 2018-11-26 | 3.5 LOW | 5.4 MEDIUM |
| The Discuss v1.2.1 module in Claromentis 8.2.2 is vulnerable to stored Cross Site Scripting (XSS). An authenticated attacker will be able to place malicious JavaScript in the discussion forum, which is present in the login landing page. A low privilege user can use this to steal the session cookies from high privilege accounts and hijack these, enabling them to hijack the elevated session and perform actions in their security context. | |||||
| CVE-2018-2470 | 1 Sap | 1 Netweaver | 2018-11-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2018-18087 | 1 Bixie | 1 Portfolio | 2018-11-24 | 3.5 LOW | 5.4 MEDIUM |
| The Bixie Portfolio plugin 1.2.0 for Pagekit has XSS: a logged-in user who has the "Manage portfolio" privilege can inject arbitrary web script or HTML via the Image URL field in the portfolio editor. The vulnerability is triggered by visiting /portfolio/${project_title}. | |||||
| CVE-2018-2472 | 1 Sap | 1 Businessobjects Bi Platform | 2018-11-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 (Web Intelligence DHTML client) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||