Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14504 | 1 Mantisbt | 1 Mantisbt | 2018-10-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. A cross-site scripting (XSS) vulnerability in the Edit Filter page allows execution of arbitrary code (if CSP settings permit it) when displaying a filter with a crafted name (e.g., 'foobar" onclick="alert(1)'). | |||||
| CVE-2018-14777 | 1 Dleviet | 1 Datalife Engine | 2018-10-02 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in DataLife Engine (DLE) through 13.0. An attacker can use XSS (related to the /addnews.html and /index.php?do=addnews URIs) to send a malicious script to unsuspecting Admins or users. | |||||
| CVE-2018-0614 | 1 Necplatforms | 16 Calsos Csdj-a, Calsos Csdj-a Firmware, Calsos Csdj-b and 13 more | 2018-10-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-14929 | 1 Matera | 1 Banco | 2018-10-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Matera Banco 1.0.0 is vulnerable to multiple reflected XSS, as demonstrated by the /contingency/web/index.jsp (aka home page) url parameter. | |||||
| CVE-2018-14924 | 1 Matera | 1 Banco | 2018-10-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Matera Banco 1.0.0 is vulnerable to multiple stored XSS, as demonstrated by the sca/privilegio/consultarUsuario.jsf "Nome Completo" (aka user fullname) field. | |||||
| CVE-2018-1999029 | 1 Jenkins | 1 Shelve Project | 2018-10-01 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability exists in Jenkins Shelve Project Plugin 1.5 and earlier in ShelveProjectAction/index.jelly, ShelvedProjectsAction/index.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other user performs some UI actions. | |||||
| CVE-2018-12944 | 1 Seeddms | 1 Seeddms | 2018-09-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Persistent Cross-Site Scripting (XSS) vulnerability in the "Categories" feature in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the name field. | |||||
| CVE-2018-14835 | 1 Subrion | 1 Subrion Cms | 2018-09-28 | 3.5 LOW | 5.4 MEDIUM |
| Subrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping added to the tooltip information being displayed in multiple areas. | |||||
| CVE-2018-14838 | 1 Rejucms Project | 1 Rejucms | 2018-09-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| rejucms 2.1 has stored XSS via the admin/book.php content parameter. | |||||
| CVE-2018-14686 | 1 Xycms Project | 1 Xycms | 2018-09-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| system/edit_book.php in XYCMS 1.7 has stored XSS via a crafted add_do.php request, related to add_book.php. | |||||
| CVE-2018-7649 | 1 Fibranet | 1 Monitorix | 2018-09-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Monitorix before 3.10.1 allows XSS via CGI variables. | |||||
| CVE-2018-14497 | 1 Tendacn | 2 D152, D152 Firmware | 2018-09-28 | 3.5 LOW | 5.4 MEDIUM |
| Tenda D152 ADSL routers allow XSS via a crafted SSID. | |||||
| CVE-2018-14776 | 1 Clickstudios | 1 Passwordstate | 2018-09-27 | 3.5 LOW | 5.4 MEDIUM |
| Click Studios Passwordstate before 8.3 Build 8397 allows XSS by authenticated users via an uploaded HTML document. | |||||
| CVE-2018-14541 | 1 Readymadeb2bscript | 1 Basic B2b | 2018-09-27 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields. | |||||
| CVE-2017-6213 | 1 Paypal | 1 Php Invoice Sdk | 2018-09-27 | 3.5 LOW | 5.4 MEDIUM |
| paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in code execution. | |||||
| CVE-2017-6215 | 1 Paypal | 1 Php Permissions Sdk | 2018-09-27 | 3.5 LOW | 5.4 MEDIUM |
| paypal/permissions-sdk-php is vulnerable to reflected XSS in the samples/GetAccessToken.php verification_code parameter, resulting in code execution. | |||||
| CVE-2018-14873 | 1 Rincewind Project | 1 Rincewind | 2018-09-27 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Rincewind 0.1. There is a cross-site scripting (XSS) vulnerability involving a p=account request to index.php and another file named commonPages.php. | |||||
| CVE-2018-14904 | 1 Samsung | 1 Syncthru Web Service | 2018-09-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on several parameters, as demonstrated by ruiFw_pid. | |||||
| CVE-2018-14877 | 1 Weaselcms Project | 1 Weaselcms | 2018-09-27 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in WeaselCMS v0.3.5. XSS exists via Site Language, Site Title, Site Description, and Site Keywords on the SETTINGS page. | |||||
| CVE-2018-14905 | 1 3cx | 1 3cx Web Server | 2018-09-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter. | |||||