Total
26605 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-15678 | 1 Btiteam | 1 Xbtit | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in BTITeam XBTIT 2.5.4. The "act" parameter in the sign-up page available at /index.php?page=signup is vulnerable to reflected cross-site scripting. | |||||
CVE-2018-15677 | 1 Btiteam | 1 Xbtit | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has stored XSS via the title of a news item. This is also exploitable via CSRF. | |||||
CVE-2018-2486 | 1 Sap | 2 Marketing Sapscore, Marketing Uicuan | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
SAP Marketing (UICUAN (1.20, 1.30, 1.40), SAPSCORE (1.13, 1.14)) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
CVE-2018-20663 | 1 Haulmont | 2 Cuba Platform, Reporting | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA Platform through 6.10.x has Persistent XSS via the "Reports > Reports" name field. | |||||
CVE-2018-15400 | 1 Cisco | 2 Cloud Services Platform 2100, Cloud Services Platform 2100 Firmware | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in the web-based management interface of Cisco Cloud Services Platform 2100 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. | |||||
CVE-2018-16775 | 1 Victor Cms Project | 1 Victor Cms | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the site name in the "Categories" menu. | |||||
CVE-2018-17835 | 1 Get-simple | 1 Getsimple Cms | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
An issue was discovered in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalink Structure parameter, which injects the XSS payload into any page created at the admin/pages.php URI. | |||||
CVE-2019-7744 | 1 Joomla | 1 Joomla\! | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Joomla! before 3.9.3. Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability. | |||||
CVE-2018-18733 | 1 Catfish-cms | 1 Catfish Cms | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
An XSS issue was discovered in Catfish CMS 4.8.30, related to "write source code," a similar issue to CVE-2018-13999. | |||||
CVE-2019-3911 | 1 Labkey | 1 Labkey Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Reflected cross-site scripting (XSS) vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror parameter in the /__r2/query endpoints. | |||||
CVE-2018-1246 | 1 Dell | 2 Emc Unity Operating Environment, Emc Unityvsa Operating Environment | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Dell EMC Unity and UnityVSA contains reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or Java Script code to Unisphere, which is then reflected back to the victim and executed by the web browser. | |||||
CVE-2018-1659 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144885. | |||||
CVE-2018-14631 | 1 Moodle | 1 Moodle | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the search parameter. | |||||
CVE-2019-8984 | 1 Altn | 1 Mdaemon | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 2 of 2). | |||||
CVE-2018-16324 | 1 Icewarp | 1 Mail Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field. | |||||
CVE-2018-13022 | 1 Mi | 2 Mi Router 3, Miwifi Os | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting vulnerability in the API 404 page on Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary JavaScript via a modified URL path. | |||||
CVE-2018-15970 | 1 Adobe | 1 Experience Manager | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
CVE-2018-16199 | 1 Toshiba | 4 Hem-gw16a, Hem-gw16a Firmware, Hem-gw26a and 1 more | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an remote attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2018-16730 | 1 Chshcms | 1 Cscms | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name. | |||||
CVE-2019-0262 | 1 Sap | 1 Businessobjects Bi Platform | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
SAP WebIntelligence BILaunchPad, versions 4.10, 4.20, does not sufficiently encode user-controlled inputs in generated HTML reports, resulting in Cross-Site Scripting (XSS) vulnerability. |