Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6913 | 1 Open-xchange | 1 Open-xchange Appsuite | 2018-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail before 7.6.3-rev28 allows remote attackers to inject arbitrary web script or HTML via the event attribute in a time tag. | |||||
| CVE-2018-16786 | 1 Dedecms | 1 Dedecms | 2018-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax.php. | |||||
| CVE-2008-5325 | 1 Ibm | 1 Rational Clearquest | 2018-11-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-17039 | 2 1234n, Microsoft | 2 Minicms, Internet Explorer | 2018-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| MiniCMS 1.10, when Internet Explorer is used, allows XSS via a crafted URI because $_SERVER['REQUEST_URI'] is mishandled. | |||||
| CVE-2018-17138 | 1 Nickelpro | 1 Jibu Pro | 2018-11-08 | 3.5 LOW | 5.4 MEDIUM |
| The Jibu Pro plugin through 1.7 for WordPress is prone to Stored XSS via the wp-content/plugins/jibu-pro/quiz_action.php name (aka Quiz Name) field. | |||||
| CVE-2017-10795 | 1 Intelliants | 1 Subrion | 2018-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Subrion CMS 4.1.4 allows remote attackers to inject arbitrary web script or HTML via the body to blog/add/, a different vulnerability than CVE-2017-6069. | |||||
| CVE-2018-15596 | 1 Mybb | 1 Mybb | 2018-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in inc/class_feedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles (within title elements of the generated XML documents) aren't sanitized, leading to XSS. | |||||
| CVE-2018-14890 | 1 Vectra | 1 Cognito | 2018-11-07 | 3.5 LOW | 5.4 MEDIUM |
| Vectra Networks Cognito Brain and Sensor before 4.2 contains a cross-site scripting (XSS) vulnerability in the Web Management Console. | |||||
| CVE-2018-1000665 | 1 Dojotoolkit | 1 Dojo | 2018-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/_base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliver malware, steal HTTP cookies, bypass CORS trust. This attack appear to be exploitable via Victims are typically lured to a web site under the attacker's control; the XSS vulnerability on the target domain is silently exploited without the victim's knowledge. This vulnerability appears to have been fixed in 1.14. | |||||
| CVE-2018-17321 | 1 Seacms | 1 Seacms | 2018-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in SeaCMS 6.64. XSS exists in admin_datarelate.php via the time or maxHit parameter in a dorandomset action. | |||||
| CVE-2018-7795 | 1 Schneider-electric | 2 Powerlogic Pm5560, Powerlogic Pm5560 Firmware | 2018-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code. | |||||
| CVE-2018-17031 | 1 Gogs | 1 Gogs | 2018-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Gogs 0.11.53, an attacker can use a crafted .eml file to trigger MIME type sniffing, which leads to XSS, as demonstrated by Internet Explorer, because an "X-Content-Type-Options: nosniff" header is not sent. | |||||
| CVE-2018-1000670 | 1 Koha | 1 Koha | 2018-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Scripting (XSS) vulnerability in Multiple fields on multiple pages including /cgi-bin/koha/acqui/supplier.pl?op=enter , /cgi-bin/koha/circ/circulation.pl?borrowernumber=[number] , /cgi-bin/koha/serials/subscription-add.pl that can result in Privilege escalation by taking control of higher privileged users browser sessions. This attack appear to be exploitable via Victims must be socially engineered to visit a vulnerable webpage containing malicious payload. This vulnerability appears to have been fixed in 17.11. | |||||
| CVE-2018-17021 | 1 Asus | 2 Gt-ac5300, Gt-ac5300 Firmware | 2018-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability on ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allows remote attackers to inject arbitrary web script or HTML via the appGet.cgi hook parameter. | |||||
| CVE-2018-17034 | 1 Ucms Project | 1 Ucms | 2018-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| UCMS 1.4.6 has XSS via the install/index.php mysql_dbname parameter. | |||||
| CVE-2018-17062 | 1 Seacms | 1 Seacms | 2018-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in SeaCMS 6.64. XSS exists in admin_video.php via the action, area, type, yuyan, jqtype, v_isunion, v_recycled, v_ismoney, or v_ispsd parameter. | |||||
| CVE-2018-17085 | 1 Otcms | 1 Otcms | 2018-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in OTCMS 3.61. XSS exists in admin/users.php via these parameters: dataTypeCN dataMode dataModeStr. | |||||
| CVE-2018-17086 | 1 Otcms | 1 Otcms | 2018-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in OTCMS 3.61. XSS exists in admin/share_switch.php via these parameters: fieldName fieldName2 tabName. | |||||
| CVE-2018-17128 | 1 Mybb | 1 Mybb | 2018-11-07 | 3.5 LOW | 5.4 MEDIUM |
| A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode. | |||||
| CVE-2018-16607 | 1 Opmantek | 1 Open-audit | 2018-11-07 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field. | |||||