Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0565 | 1 Cybozu | 1 Office | 2018-08-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-12654 | 1 Slims Akasia Project | 1 Slims Akasia | 2018-08-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) exists in the Bibliography module in SLiMS 8 Akasia 8.3.1 via an admin/modules/bibliography/index.php?keywords= URI. | |||||
| CVE-2018-12657 | 1 Slims Akasia Project | 1 Slims Akasia | 2018-08-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) exists in the Master File module in SLiMS 8 Akasia 8.3.1 via an admin/modules/master_file/rda_cmc.php?keywords= URI. | |||||
| CVE-2018-12656 | 1 Slims Akasia Project | 1 Slims Akasia | 2018-08-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) exists in the Membership module in SLiMS 8 Akasia 8.3.1 via an admin/modules/membership/index.php?keywords= URI. | |||||
| CVE-2018-12655 | 1 Slims Akasia Project | 1 Slims Akasia | 2018-08-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) exists in the Circulation module in SLiMS 8 Akasia 8.3.1 via an admin/modules/circulation/loan_rules.php?keywords= URI, a related issue to CVE-2017-7242. | |||||
| CVE-2017-5393 | 1 Mozilla | 1 Firefox | 2018-08-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "mozAddonManager" allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites. This vulnerability affects Firefox < 51. | |||||
| CVE-2017-5458 | 1 Mozilla | 1 Firefox | 2018-08-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| When a "javascript:" URL is drag and dropped by a user into the addressbar, the URL will be processed and executed. This allows for users to be socially engineered to execute an XSS attack on themselves. This vulnerability affects Firefox < 53. | |||||
| CVE-2016-9490 | 1 Manageengine | 1 Applications Manager | 2018-08-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. Applications Manager is prone to a Cross-Site Scripting vulnerability in parameter LIMIT, in URL path /DiagAlertAction.do?REQTYPE=AJAX&LIMIT=1233. The URL is also available without authentication. | |||||
| CVE-2018-8252 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2018-08-06 | 3.5 LOW | 5.4 MEDIUM |
| An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8254. | |||||
| CVE-2018-8254 | 1 Microsoft | 3 Project Server, Sharepoint Foundation, Sharepoint Server | 2018-08-06 | 3.5 LOW | 5.4 MEDIUM |
| An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft Project Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8252. | |||||
| CVE-2018-12290 | 1 Yii2-statemachine | 1 Yii2-statemachine | 2018-08-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Yii2-StateMachine extension v2.x.x for Yii2 has XSS. | |||||
| CVE-2018-5754 | 1 Open-xchange | 1 Open-xchange Appsuite | 2018-08-02 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related to copying content to the clipboard. | |||||
| CVE-2018-5164 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-08-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the "multipart/x-mixed-replace" MIME type. This could allow for script to run where CSP should block it, allowing for cross-site scripting (XSS) and other attacks. This vulnerability affects Firefox < 60. | |||||
| CVE-2018-11223 | 1 Pandorafms | 1 Artica Pandora Fms | 2018-08-02 | 3.5 LOW | 5.4 MEDIUM |
| XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to execute arbitrary code via a crafted "refr" parameter in a "/pandora_console/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=" call. | |||||
| CVE-2018-12432 | 1 Javamelody Project | 1 Javamelody | 2018-08-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| JavaMelody through 1.60.0 has XSS via the counter parameter in a clear_counter action to the /monitoring URI. | |||||
| CVE-2018-12431 | 1 Seacms | 1 Seacms | 2018-08-02 | 3.5 LOW | 4.8 MEDIUM |
| SeaCMS V6.61 has XSS via the site name parameter on an adm1n/admin_config.php page (aka a system management page). | |||||
| CVE-2018-5143 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-08-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| URLs using "javascript:" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks, but if a tab character is embedded in the "javascript:" URL the protocol is not removed and the script will execute. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Firefox < 59. | |||||
| CVE-2018-12501 | 1 Nagios | 1 Fusion | 2018-08-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335. | |||||
| CVE-2018-12339 | 1 Articlecms Project | 1 Articlecms | 2018-08-02 | 3.5 LOW | 5.4 MEDIUM |
| ArticleCMS through 2017-02-19 has XSS via an "add an article" action. | |||||
| CVE-2018-12273 | 1 Ximdex | 1 Ximdex | 2018-08-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| The /edit URI in the DMS component in Ximdex 4.0 has XSS via the Ciudad or Nombre parameter. | |||||