Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1188 | 1 Dell | 1 Emc Isilon | 2018-04-19 | 3.5 LOW | 4.8 MEDIUM |
| Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and versions 7.2.1.x is affected by a cross-site scripting vulnerability in the Authorization Providers page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. | |||||
| CVE-2018-1186 | 1 Dell | 1 Emc Isilon | 2018-04-19 | 3.5 LOW | 4.8 MEDIUM |
| Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Cluster description of the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. | |||||
| CVE-2017-7632 | 1 Qnap | 1 Qts | 2018-04-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in File Station of QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2017-7631 | 1 Qnap | 1 Qts | 2018-04-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the share link function of File Station of QNAP 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2018-8973 | 1 Otcms | 1 Otcms | 2018-04-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| OTCMS 3.20 allows XSS by adding a keyword or link to an article, as demonstrated by an admin/keyWord_deal.php?mudi=add request. | |||||
| CVE-2018-8978 | 1 Open-audit | 1 Open-audit | 2018-04-18 | 3.5 LOW | 5.4 MEDIUM |
| Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an IMG element within a URI. | |||||
| CVE-2018-9130 | 1 Ibos | 1 Ibos | 2018-04-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBOS 4.4.3 has XSS via a company full name. | |||||
| CVE-2015-9257 | 1 Bmc | 1 Remedy Action Request System | 2018-04-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| BMC Remedy Action Request (AR) System 9.0 before 9.0.00 Service Pack 2 hot fix 1 has persistent XSS. | |||||
| CVE-2018-8957 | 1 Covercms Project | 1 Covercms | 2018-04-18 | 3.5 LOW | 5.4 MEDIUM |
| CoverCMS v1.1.6 has XSS via the fourth input box to index.php, related to admina/mconfigs.inc.php. | |||||
| CVE-2018-8942 | 1 Xiuno Bbs Project | 1 Xiuno Bbs | 2018-04-18 | 3.5 LOW | 5.4 MEDIUM |
| Xiuno BBS 4.0.0 has XSS in the adminpage sitename parameter. | |||||
| CVE-2018-8903 | 1 Open-audit | 1 Open-audit | 2018-04-18 | 3.5 LOW | 5.4 MEDIUM |
| Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen. | |||||
| CVE-2018-8906 | 1 Dsmall Project | 1 Dsmall | 2018-04-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| dsmall v20180320 has XSS via a crafted street address to public/index.php/home/memberaddress/index.html, which is mishandled at public/index.php/home/memberaddress/edit/address_id/2.html. | |||||
| CVE-2018-8899 | 1 Identityserver | 1 Identityserver4 | 2018-04-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations. | |||||
| CVE-2017-18094 | 1 Atlassian | 2 Crucible, Fisheye | 2018-04-18 | 3.5 LOW | 4.8 MEDIUM |
| Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allow remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the base path setting of a configured file system repository. | |||||
| CVE-2018-9016 | 1 Dsmall Project | 1 Dsmall | 2018-04-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| dsmall v20180320 allows XSS via the main page search box at the public/index.php/home URI. | |||||
| CVE-2018-9017 | 1 Dsmall Project | 1 Dsmall | 2018-04-18 | 3.5 LOW | 5.4 MEDIUM |
| dsmall v20180320 allows XSS via the member search box at the public/index.php/home/membersnsfriend/findlist.html URI. | |||||
| CVE-2018-9307 | 1 Dsmall Project | 1 Dsmall | 2018-04-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| dsmall v20180320 allows XSS via the pdr_sn parameter to public/index.php/home/predeposit/index.html. | |||||
| CVE-2018-9015 | 1 Dsmall Project | 1 Dsmall | 2018-04-18 | 3.5 LOW | 5.4 MEDIUM |
| dsmall v20180320 allows XSS via the public/index.php/home/predeposit/index.html pdr_sn parameter (aka the CMS search box). | |||||
| CVE-2018-9123 | 1 Crea8social | 1 Crea8social | 2018-04-18 | 3.5 LOW | 5.4 MEDIUM |
| In Crea8social 2018.2, there is Stored Cross-Site Scripting via a User Profile. | |||||
| CVE-2018-9121 | 1 Crea8social | 1 Crea8social | 2018-04-18 | 3.5 LOW | 5.4 MEDIUM |
| In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post comment. | |||||