Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7636 | 1 Qnap | 1 Nas Proxy Server | 2018-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2018-12047 | 1 Ximdex | 1 Ximdex | 2018-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| xfind/search in Ximdex 4.0 has XSS via the filter[n][value] parameters for non-negative values of n, as demonstrated by n equal to 0 through 12. | |||||
| CVE-2018-9177 | 1 Lynxtechnology | 1 Twonky Server | 2018-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Twonky Server before 8.5.1 has XSS via a folder name on the Shared Folders screen. | |||||
| CVE-2018-12043 | 1 Getsymphony | 1 Symphony | 2018-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the pages content page. | |||||
| CVE-2013-0595 | 1 Ibm | 2 Lotus Domino, Lotus Inotes | 2018-07-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3. | |||||
| CVE-2016-6615 | 1 Phpmyadmin | 1 Phpmyadmin | 2018-07-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature (a specially-crafted database name can be used to trigger an XSS attack); the "Tracking" feature (a specially-crafted query can be used to trigger an XSS attack); and GIS visualization feature. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected. | |||||
| CVE-2018-11564 | 1 Pagekit | 1 Pagekit | 2018-07-05 | 3.5 LOW | 4.8 MEDIUM |
| Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG format. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/poc.svg" that will point to http://localhost/pagekit/storage/poc.svg. When a user comes along to click that link, it will trigger a XSS attack. | |||||
| CVE-2018-7976 | 1 Huawei | 1 Espace Desktop | 2018-07-05 | 3.5 LOW | 5.4 MEDIUM |
| There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS attack. A successful exploit could cause the eSpace Desktop to hang up, and the function will restore to normal after restarting the eSpace Desktop. | |||||
| CVE-2018-11580 | 1 Multidots | 1 Mass Pages\/posts Creator | 2018-07-05 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in mass-pages-posts-creator.php in the MULTIDOTS Mass Pages/Posts Creator plugin 1.2.2 for WordPress. Any logged in user can launch Mass Pages/Posts creation with custom content. There is no nonce or user capability check, so anyone can launch a DoS attack against a site and create hundreds of thousands of posts with custom content. | |||||
| CVE-2018-11628 | 1 Emssoftware | 1 Ems Master Calendar | 2018-07-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Data input into EMS Master Calendar before 8.0.0.201805210 via URL parameters is not properly sanitized, allowing malicious attackers to send a crafted URL for XSS. | |||||
| CVE-2018-11522 | 1 Yosoro Project | 1 Yosoro | 2018-07-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Yosoro 1.0.4 has stored XSS. | |||||
| CVE-2018-11552 | 1 Nch | 1 Axon Pbx | 2018-07-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON->Auto-Dialer->Agents->Name" field. The vulnerability exists due to insufficient filtration of user-supplied data. A remote attacker can execute arbitrary HTML and script code in a browser in the context of the vulnerable application. | |||||
| CVE-2018-11486 | 1 Multidots | 1 Advance Search For Woocommerce | 2018-07-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting (XSS) vulnerability. A non-authenticated user can save the plugin settings and inject malicious JavaScript code in the Custom CSS textarea field, which will be loaded on every site page. | |||||
| CVE-2018-11485 | 1 Multidots | 1 Woocommerce Quick Reports | 2018-07-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress is vulnerable to Stored XSS. It allows an attacker to inject malicious JavaScript code on the WooCommerce -> Orders admin page. The attack is possible by modifying the "referral_site" cookie to have an XSS payload, and placing an order. | |||||
| CVE-2018-11562 | 1 Misp | 1 Misp | 2018-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in MISP 2.4.91. A vulnerability in app/View/Elements/eventattribute.ctp allows reflected XSS if a user clicks on a malicious link for an event view and then clicks on the deleted attributes quick filter. | |||||
| CVE-2018-11583 | 1 Seacms | 1 Seacms | 2018-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| SeaCMS 6.61 has stored XSS in admin_collect.php via the siteurl parameter. | |||||
| CVE-2018-10379 | 1 Gitlab | 1 Gitlab | 2018-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. The Move Issue feature contained a persistent XSS vulnerability. | |||||
| CVE-2018-11512 | 1 Creatiwity | 1 Witycms | 2018-06-29 | 3.5 LOW | 4.8 MEDIUM |
| Stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to admin/settings/general. | |||||
| CVE-2018-11532 | 1 Changuondyu Advanced Statistics Project | 1 Changuondyu Advanced Statistics | 2018-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the ChangUonDyU Advanced Statistics plugin 1.0.2 for MyBB. changstats.php has XSS, as demonstrated by a subject field. | |||||
| CVE-2018-11133 | 1 Quest | 1 Kace System Management Appliance | 2018-06-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The 'fmt' parameter of the '/common/run_cross_report.php' script in the the Quest KACE System Management Appliance 8.0.318 is vulnerable to cross-site scripting. | |||||