Total
26605 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19649 | 1 Infovista | 1 Vistaportal | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in InfoVista VistaPortal SE Version 5.1 (build 51029). VPortal/mgtconsole/RolePermissions.jsp has reflected XSS via the ConnPoolName parameter. | |||||
| CVE-2018-1002003 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
| There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. | |||||
| CVE-2019-8953 | 1 Netgate | 1 Haproxy | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php. | |||||
| CVE-2018-1000416 | 1 Jobconfighistory Project | 1 Jobconfighistory | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting vulnerability exists in Jenkins Job Config History Plugin 2.18 and earlier in all Jelly files that shows arbitrary attacker-specified HTML in Jenkins to users with Job/Configure access. | |||||
| CVE-2018-20590 | 1 Generic Content Management System Project | 1 Generic Content Management System | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
| Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/users.php user ID. | |||||
| CVE-2018-1002008 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
| There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable. | |||||
| CVE-2018-20676 | 1 Getbootstrap | 1 Bootstrap | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute. | |||||
| CVE-2018-18259 | 1 Luya | 1 Luya Cms | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS has been discovered in version 1.0.12 of the LUYA CMS software via /admin/api-cms-nav/create-page. | |||||
| CVE-2017-18358 | 1 Limesurvey | 1 Limesurvey | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| LimeSurvey before 2.72.4 has Stored XSS by using the Continue Later (aka Resume later) feature to enter an email address, which is mishandled in the admin panel. | |||||
| CVE-2019-1655 | 1 Cisco | 1 Webex Meetings Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2018-12310 | 1 Asustor | 2 As602t, Data Master | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature. | |||||
| CVE-2018-1000998 | 1 Freebsd | 1 Cvsweb | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| FreeBSD CVSweb version 2.x contains a Cross Site Scripting (XSS) vulnerability in all pages that can result in limited impact--CVSweb is anonymous & read-only. It might impact other sites on same domain. This attack appears to be exploitable via victim must load specially crafted url. This vulnerability appears to have been fixed in 3.x. | |||||
| CVE-2018-19772 | 1 Infovista | 1 Vistaportal | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "EditCurrentPresentSpace.jsp" has reflected XSS via the ConnPoolName, GroupId, and ParentId parameters. | |||||
| CVE-2017-17541 | 1 Fortinet | 2 Fortianalyzer Firmware, Fortimanager Firmware | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature. | |||||
| CVE-2018-7090 | 1 Hp | 1 Xp 9000 Command View | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| HPE XP P9000 Command View Advanced Edition Software (CVAE) has local and remote cross site scripting vulnerability in versions 7.0.0-00 to earlier than 8.60-00 of DevMgr, TSMgr and RepMgr. | |||||
| CVE-2018-18082 | 1 Bijiadao | 1 Waimai Super Cms | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Waimai Super Cms 20150505 via the fname parameter to the admin.php?m=Food&a=addsave or admin.php?m=Food&a=editsave URI. | |||||
| CVE-2018-17061 | 1 Bullguard | 1 Safe Browsing | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| BullGuard Safe Browsing before 18.1.355.9 allows XSS on Google, Bing, and Yahoo! pages via domains indexed in search results. | |||||
| CVE-2017-15515 | 1 Netapp | 1 Snapcenter Server | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
| NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scripting vulnerability that could allow a privileged user to inject arbitrary scripts into the custom secondary policy label field. | |||||
| CVE-2018-19289 | 1 Valine.js | 1 Valine | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file. | |||||
| CVE-2018-17062 | 1 Seacms | 1 Seacms | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in SeaCMS 6.64. XSS exists in admin_video.php via the action, area, type, yuyan, jqtype, v_isunion, v_recycled, v_ismoney, or v_ispsd parameter. | |||||