Total
26824 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15903 | 1 Claromentis | 1 Claromentis | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| The Discuss v1.2.1 module in Claromentis 8.2.2 is vulnerable to stored Cross Site Scripting (XSS). An authenticated attacker will be able to place malicious JavaScript in the discussion forum, which is present in the login landing page. A low privilege user can use this to steal the session cookies from high privilege accounts and hijack these, enabling them to hijack the elevated session and perform actions in their security context. | |||||
| CVE-2019-7740 | 1 Joomla | 1 Joomla\! | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! before 3.9.3. Inadequate parameter handling in JavaScript code (core.js writeDynaList) could lead to an XSS attack vector. | |||||
| CVE-2018-17571 | 1 Vanillaforums | 1 Vanilla | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Vanilla before 2.6.1 allows XSS via the email field of a profile. | |||||
| CVE-2018-8607 | 1 Microsoft | 1 Dynamics 365 | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8605, CVE-2018-8606, CVE-2018-8608. | |||||
| CVE-2018-16298 | 1 1234n | 1 Minicms | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in MiniCMS 1.10. There is an mc-admin/post.php?tag= XSS vulnerability for a state=delete, state=draft, or state=publish request. | |||||
| CVE-2019-7337 | 1 Zoneminder | 1 Zoneminder | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
| Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 as the view 'events' (events.php) insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader() in functions.php, which insecurely returns the value of the limit query string parameter without applying any filtration. | |||||
| CVE-2018-1604 | 1 Ibm | 1 Rational Quality Manager | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 143794. | |||||
| CVE-2018-19915 | 1 Domainmod | 1 Domainmod | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
| DomainMOD through 4.11.01 has XSS via the assets/edit/host.php Web Host Name or Web Host URL field. | |||||
| CVE-2018-16471 | 2 Debian, Rack Project | 2 Debian Linux, Rack | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable. | |||||
| CVE-2018-1706 | 1 Ibm | 1 Spectrum Symphony | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| IBM Spectrum Symphony 7.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 146341. | |||||
| CVE-2018-15435 | 1 Cisco | 1 Socialminer | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. | |||||
| CVE-2013-0592 | 1 Ibm | 1 Inotes | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 83815. | |||||
| CVE-2019-9107 | 1 Wuzhicms | 1 Wuzhi Cms | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecut&v=init&imgurl=[XSS] to coreframe/app/attachment/imagecut.php. | |||||
| CVE-2018-14037 | 1 Progress | 1 Kendo Ui | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Serializer toEditableHtml function in kendo.all.min.js. If the victim accesses the editor, the payload gets executed. Furthermore, if the payload is reflected at any other resource that does rely on the sanitisation of the editor itself, the JavaScript payload will be executed in the context of the application. This allows attackers (in the worst case) to take over user sessions. | |||||
| CVE-2018-14698 | 1 Drobo | 2 5n2, 5n2 Firmware | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the "username" URL parameter. | |||||
| CVE-2019-8410 | 1 Maccms | 1 Maccms | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Maccms 8.0 allows XSS via the inc/config/cache.php t_key parameter because template/paody/html/vod_type.html mishandles the keywords parameter, and a/tpl/module/db.php only filters the t_name parameter (not t_key). | |||||
| CVE-2018-18715 | 1 Zohocorp | 1 Manageengine Opmanager | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS. | |||||
| CVE-2018-20172 | 1 Nagios | 1 Nagios Xi | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Nagios XI before 5.5.8. The rss_url parameter of rss_dashlet/magpierss/scripts/magpie_slashbox.php is not filtered, resulting in an XSS vulnerability. | |||||
| CVE-2018-17049 | 1 Cqu Lankers Project | 1 Cqu Lankers | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| CQU-LANKERS through 2017-11-02 has XSS via the public/api.php callback parameter in an uploadpic action. | |||||
| CVE-2019-7332 | 1 Zoneminder | 1 Zoneminder | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'eid' (aka Event ID) parameter value in the view download (download.php) because proper filtration is omitted. | |||||