Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17596 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2018-11-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter. | |||||
| CVE-2018-17595 | 1 Fork-cms | 1 Fork Cms | 2018-11-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI. | |||||
| CVE-2018-17868 | 1 Dasan | 2 H660gw, H660gw Firmware | 2018-11-16 | 3.5 LOW | 4.8 MEDIUM |
| DASAN H660GW devices have Stored XSS in the Port Forwarding functionality. | |||||
| CVE-2018-9081 | 1 Lenovo | 40 Ez Media \& Backup Center, Ez Media \& Backup Center Firmware, Ix2 and 37 more | 2018-11-16 | 2.6 LOW | 4.7 MEDIUM |
| For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content Viewer with a cross site scripting payload in its name, and wait for a user to try and rename the file for their payload to trigger. | |||||
| CVE-2018-17884 | 1 Gwolle Guestbook Project | 1 Gwolle Guestbook | 2018-11-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook (gwolle-gb) plugin before 2.5.4 for WordPress via the PATH_INFO to wp-admin/index.php | |||||
| CVE-2018-12806 | 1 Adobe | 1 Experience Manager | 2018-11-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2018-5005 | 1 Adobe | 1 Experience Manager | 2018-11-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a Cross-site Scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2018-11581 | 1 Brother | 4 Hl-l2340d, Hl-l2340d Firmware, Hl-l2380dw and 1 more | 2018-11-16 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability on Brother HL series printers allows remote attackers to inject arbitrary web script or HTML via the url parameter to etc/loginerror.html. | |||||
| CVE-2018-15365 | 1 Trendmicro | 1 Deep Discovery Inspector | 2018-11-16 | 3.5 LOW | 5.4 MEDIUM |
| A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro Deep Discovery Inspector 3.85 and below could allow an attacker to bypass CSRF protection and conduct an attack on vulnerable installations. An attacker must be an authenticated user in order to exploit the vulnerability. | |||||
| CVE-2018-18939 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2018-11-15 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via a seventh input field. | |||||
| CVE-2018-17835 | 1 Get-simple | 1 Getsimple Cms | 2018-11-15 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalink Structure parameter, which injects the XSS payload into any page created at the admin/pages.php URI. | |||||
| CVE-2018-17587 | 1 Airties | 2 Air 5750, Air 5750 Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| AirTies Air 5750 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | |||||
| CVE-2018-17830 | 1 Redaxo | 1 Redaxo | 2018-11-15 | 3.5 LOW | 5.4 MEDIUM |
| The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted). The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=&args[ substring. | |||||
| CVE-2018-17589 | 1 Airties | 2 Air 5650, Air 5650 Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| AirTies Air 5650 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | |||||
| CVE-2018-17588 | 1 Airties | 2 Air 5021, Air 5021 Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| AirTies Air 5021 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | |||||
| CVE-2018-17590 | 1 Airties | 2 Air 5442, Air 5442 Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| AirTies Air 5442 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | |||||
| CVE-2018-17593 | 1 Airties | 2 Air 5453, Air 5453 Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| AirTies Air 5453 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | |||||
| CVE-2018-17591 | 1 Airties | 2 Air 5343v2, Air 5343v2 Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| AirTies Air 5343v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | |||||
| CVE-2018-17594 | 1 Airties | 2 Air 5443v2, Air 5443v2 Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| AirTies Air 5443v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | |||||
| CVE-2018-17312 | 1 Ricoh | 2 Aficio Mp 301spf, Aficio Mp 301spf Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| On the RICOH Aficio MP 301 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | |||||