Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12696 | 1 Mao10 | 1 Mao10cms | 2018-08-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| mao10cms 6 allows XSS via the article page. | |||||
| CVE-2018-12695 | 1 Mao10 | 1 Mao10cms | 2018-08-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| mao10cms 6 allows XSS via the m=bbs&a=index page. | |||||
| CVE-2018-12580 | 1 Dragonbyte-tech | 1 Vbsecurity | 2018-08-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session['user_agent'] in the "Login Sessions" feature. | |||||
| CVE-2018-12588 | 1 Public Knowledge Project | 1 Open Monograph Press | 2018-08-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in templates/frontend/pages/searchResults.tpl in Public Knowledge Project (PKP) Open Monograph Press (OMP) v1.2.0 through 3.1.1-2 before 3.1.1-3 allows remote attackers to inject arbitrary web script or HTML via the catalog.noTitlesSearch parameter (aka the Search field). | |||||
| CVE-2018-12073 | 1 Eminent-online | 1 Em4544 | 2018-08-11 | 2.9 LOW | 5.3 MEDIUM |
| An issue was discovered on Eminent EM4544 9.10 devices. The device does not require the user's current password to set a new one within the web interface. Therefore, it is possible to exploit this issue (e.g., in combination with a successful XSS, or at an unattended workstation) to change the admin password to an attacker-chosen value without knowing the current password. | |||||
| CVE-2018-12104 | 1 Airbnb | 1 Knowledge Repo | 2018-08-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Airbnb Knowledge Repo 0.7.4 allows remote attackers to inject arbitrary web scripts or HTML via the post comments functionality, as demonstrated by the post/posts/new_report.kp URI. | |||||
| CVE-2017-13072 | 1 Qnap | 1 Qts | 2018-08-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and their earlier versions could allow remote attackers to inject Javascript code. | |||||
| CVE-2018-9027 | 1 Ca | 1 Ca Privileged Access Manager | 2018-08-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link. | |||||
| CVE-2018-9036 | 1 Checksec | 1 Canopy | 2018-08-10 | 3.5 LOW | 4.8 MEDIUM |
| CheckSec Canopy 3.x before 3.0.7 has stored XSS via the Login Page Disclaimer, allowing attacks by low-privileged users against higher-privileged users. | |||||
| CVE-2018-12581 | 1 Phpmyadmin | 1 Phpmyadmin | 2018-08-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature. | |||||
| CVE-2017-0110 | 1 Microsoft | 1 Exchange Server | 2018-08-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Microsoft Exchange Outlook Web Access (OWA) allows remote attackers to inject arbitrary web script or HTML via a crafted email or chat client, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." | |||||
| CVE-2017-7823 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2018-08-09 | 4.3 MEDIUM | 5.4 MEDIUM |
| The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | |||||
| CVE-2017-5466 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2018-08-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. | |||||
| CVE-2017-7799 | 1 Mozilla | 1 Firefox | 2018-08-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| JavaScript in the "about:webrtc" page is not sanitized properly being assigned to "innerHTML". Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly be used for a cross-site scripting (XSS) attack. This vulnerability affects Firefox < 55. | |||||
| CVE-2018-0527 | 1 Cybozu | 1 Office | 2018-08-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-11647 | 1 Oauth2orize-fprm Project | 1 Oauth2orize-fprm | 2018-08-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| index.js in oauth2orize-fprm before 0.2.1 has XSS via a crafted URL. | |||||
| CVE-2018-0557 | 1 Cybozu | 1 Mailwise | 2018-08-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'E-mail Details Screen' via unspecified vectors. | |||||
| CVE-2018-12229 | 1 Sfu | 1 Open Journal System | 2018-08-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Public Knowledge Project (PKP) Open Journal System (OJS) 3.0.0 to 3.1.1-1 allows remote attackers to inject arbitrary web script or HTML via the templates/frontend/pages/search.tpl parameter (aka the By Author field). | |||||
| CVE-2018-0558 | 1 Cybozu | 1 Mailwise | 2018-08-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in 'System settings' via unspecified vectors. | |||||
| CVE-2018-0559 | 1 Cybozu | 1 Mailwise | 2018-08-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'Address' via unspecified vectors. | |||||