Total
26824 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-18740 | 1 Sem-cms | 1 Semcms | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
An XSS issue was discovered in SEMCMS 3.4 via the first input field to the admin/SEMCMS_Link.php?lgid=1 URI. | |||||
CVE-2018-19750 | 1 Domainmod | 1 Domainmod | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields. | |||||
CVE-2018-19849 | 1 Yzmcms | 1 Yzmcms | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
An issue was discovered in YzmCMS 5.2. XSS exists via the admin/content/search.html searinfo parameter. | |||||
CVE-2016-10736 | 1 Devpups | 1 Social Pug | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The "Social Pug - Easy Social Share Buttons" plugin before 1.2.6 for WordPress allows XSS via the wp-admin/admin.php?page=dpsp-toolkit dpsp_message_class parameter. | |||||
CVE-2018-2444 | 1 Sap | 1 Businessobjects Financial Consolidation | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
SAP BusinessObjects Financial Consolidation, versions 10.0, 10.1, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
CVE-2017-6913 | 1 Open-xchange | 1 Open-xchange Appsuite | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail before 7.6.3-rev28 allows remote attackers to inject arbitrary web script or HTML via the event attribute in a time tag. | |||||
CVE-2018-18362 | 1 Symantec | 1 Norton Password Manager | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Norton Password Manager for Android (formerly Norton Identity Safe) may be susceptible to a cross site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. | |||||
CVE-2019-1642 | 1 Cisco | 1 Firepower Management Center | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
CVE-2019-4029 | 1 Ibm | 1 Sterling B2b Integrator | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 155907. | |||||
CVE-2018-14493 | 1 Opmantek | 1 Open-audit | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name. | |||||
CVE-2018-10763 | 1 Synametrics | 1 Synaman | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1) Main heading or (2) Sub heading fields in the Partial Branding configuration page. | |||||
CVE-2018-0695 | 1 Usvn | 1 Usvn | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting vulnerability in User-friendly SVN (USVN) Version 1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2018-18198 | 1 Redaxo | 1 Redaxo | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The $opener_input_field variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page. The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=[XSS] request. | |||||
CVE-2018-0715 | 1 Qnap | 1 Photo Station | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting vulnerability in QNAP Photo Station versions 5.7.0 and earlier could allow remote attackers to inject Javascript code in the compromised application. | |||||
CVE-2018-18551 | 1 Serverscheck | 1 Monitoring Software | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
ServersCheck Monitoring Software through 14.3.3 has Persistent and Reflected XSS via the sensors.html status parameter, sensors.html type parameter, sensors.html device parameter, report.html location parameter, group_delete.html group parameter, report_save.html query parameter, sensors.html location parameter, or group_delete.html group parameter. | |||||
CVE-2018-20778 | 1 Frog Cms Project | 1 Frog Cms | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element. | |||||
CVE-2018-18642 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has XSS. | |||||
CVE-2018-19769 | 1 Infovista | 1 Vistaportal | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "UserProperties.jsp" has reflected XSS via the ConnPoolName parameter. | |||||
CVE-2018-16729 | 1 Pluck-cms | 1 Pluck | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages->manage under admin.php?action=files. | |||||
CVE-2018-19787 | 3 Canonical, Debian, Lxml | 3 Ubuntu Linux, Debian Linux, Lxml | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146. |