Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4665 | 1 Xceedium | 1 Xsuite | 2018-06-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ajax_cmd.php in Xceedium Xsuite 2.4.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the fileName parameter. | |||||
| CVE-2018-0581 | 1 Asus | 2 Rt-ac87u, Rt-ac87u Firmware | 2018-06-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in ASUS RT-AC87U Firmware version prior to 3.0.0.4.378.9383 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-10994 | 1 Signal | 1 Signal-desktop | 2018-06-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL. | |||||
| CVE-2018-11090 | 1 Mybiz | 1 Myprocurenet | 2018-06-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in MyBiz MyProcureNet 5.0.0. This vulnerability within "ProxyPage.aspx" allows an attacker to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site. | |||||
| CVE-2018-10307 | 1 Ilias | 1 Ilias | 2018-06-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| error.php in ILIAS 5.2.x through 5.3.x before 5.3.4 allows XSS via the text of a PDO exception. | |||||
| CVE-2018-11118 | 1 Ilias | 1 Ilias | 2018-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The RSS subsystem in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a URI to Services/Feeds/classes/class.ilExternalFeedItem.php. | |||||
| CVE-2018-11120 | 1 Ilias | 1 Ilias | 2018-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Services/COPage/classes/class.ilPCSourceCode.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS. | |||||
| CVE-2018-11117 | 1 Ilias | 1 Ilias | 2018-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Services/Feeds/classes/class.ilExternalFeedItem.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a link attribute. | |||||
| CVE-2018-0582 | 1 Asus | 2 Rt-ac68u, Rt-ac68u Firmware | 2018-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-0583 | 1 Asus | 2 Rt-ac1200hp, Rt-ac1200hp Firmware | 2018-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in ASUS RT-AC1200HP Firmware version prior to 3.0.0.4.380.4180 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-10580 | 1 Latest Posts On Profile Project | 1 Latest Posts On Profile | 2018-06-14 | 3.5 LOW | 5.4 MEDIUM |
| The "Latest Posts on Profile" plugin 1.1 for MyBB has XSS because there is an added section in a user profile that displays that user's most recent posts without sanitizing the tsubject (aka thread subject) field. | |||||
| CVE-2018-10571 | 1 Open-emr | 1 Openemr | 2018-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple reflected cross-site scripting (XSS) vulnerabilities in OpenEMR before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) patient parameter to interface/main/finder/finder_navigation.php; (2) key parameter to interface/billing/get_claim_file.php; (3) formid or (4) formseq parameter to interface/orders/types.php; (5) eraname, (6) paydate, (7) post_to_date, (8) deposit_date, (9) debug, or (10) InsId parameter to interface/billing/sl_eob_process.php; (11) form_source, (12) form_paydate, (13) form_deposit_date, (14) form_amount, (15) form_name, (16) form_pid, (17) form_encounter, (18) form_date, or (19) form_to_date parameter to interface/billing/sl_eob_search.php; (20) codetype or (21) search_term parameter to interface/de_identification_forms/find_code_popup.php; (22) search_term parameter to interface/de_identification_forms/find_drug_popup.php; (23) search_term parameter to interface/de_identification_forms/find_immunization_popup.php; (24) id parameter to interface/forms/CAMOS/view.php; (25) id parameter to interface/forms/reviewofs/view.php; or (26) list_id parameter to library/custom_template/personalize.php. | |||||
| CVE-2018-8900 | 1 Gemalto | 1 Sentinel Ldk Rte | 2018-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| The License Manager service of HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE 7.80 allows remote attackers to inject malicious web script in the logs page of Admin Control Center (ACC) for cross-site scripting (XSS) vulnerability. | |||||
| CVE-2018-0578 | 1 Pixelyoursite | 1 Pixelyoursite | 2018-06-13 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in PixelYourSite plugin prior to version 5.3.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-6362 | 1 Ehcp | 1 Easy Hosting Control Panel | 2018-06-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the domainop action parameter, as demonstrated by reading the PHPSESSID cookie. | |||||
| CVE-2018-6361 | 1 Ehcp | 1 Easy Hosting Control Panel | 2018-06-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the op parameter, as demonstrated by adding a backdoor FTP account. | |||||
| CVE-2018-10817 | 1 Severalnines | 1 Clustercontrol | 2018-06-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Severalnines ClusterControl before 1.6.0-4699 allows XSS. | |||||
| CVE-2018-1000177 | 1 Jenkins | 1 S3 Publisher | 2018-06-13 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in another user's browser when that user performs some UI actions. | |||||
| CVE-2017-8896 | 1 Owncloud | 1 Owncloud | 2018-06-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2 are vulnerable to XSS on error pages by injecting code in url parameters. | |||||
| CVE-2018-10371 | 1 Wunderfarm | 1 Wf Cookie Consent | 2018-06-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the wunderfarm WF Cookie Consent plugin 1.1.3 for WordPress. A persistent cross-site scripting vulnerability has been identified in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in a victim's web browser via a page title. | |||||