Total
26521 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-20756 | 1 Modx | 1 Modx Revolution | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs. | |||||
CVE-2018-17309 | 1 Ricoh | 2 Mp C406z, Mp C406zspf Firmware | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
On the RICOH MP C406Z printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | |||||
CVE-2018-17082 | 3 Debian, Netapp, Php | 3 Debian Linux, Storage Automation Store, Php | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c. | |||||
CVE-2019-7295 | 1 Typora | 1 Typora | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
typora through 0.9.63 has XSS, with resultant remote command execution, during block rendering of a mathematical formula. | |||||
CVE-2018-20232 | 1 Atlassian | 2 Jira, Jira Server | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the rendering of retrieved content from a url location that could be manipulated by the up_projectid widget preference setting. | |||||
CVE-2018-19527 | 1 I4 | 1 Ai Si Assistant | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
i4 assistant 7.85 allows XSS via a crafted machine name field within iOS settings. | |||||
CVE-2018-18635 | 1 Mailcleaner | 1 Mailcleaner | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATH_INFO. | |||||
CVE-2018-15596 | 1 Mybb | 1 Mybb | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in inc/class_feedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles (within title elements of the generated XML documents) aren't sanitized, leading to XSS. | |||||
CVE-2017-15125 | 1 Redhat | 1 Cloudforms Management Engine | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
A flaw was found in CloudForms before 5.9.0.22 in the self-service UI snapshot feature where the name field is not properly sanitized for HTML and JavaScript input. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms. Please note that CSP (Content Security Policy) prevents exploitation of this XSS however not all browsers support CSP. | |||||
CVE-2018-15969 | 1 Adobe | 1 Experience Manager | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
CVE-2018-18739 | 1 Sem-cms | 1 Semcms | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
An XSS issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_Products.php?lgid=1 Keywords field. | |||||
CVE-2018-1422 | 1 Ibm | 1 Rational Doors Next Generation | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Jazz Foundation products (IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 through 6.0.5) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139025. | |||||
CVE-2018-15602 | 1 Zyxel | 2 Vmg3312 B10b, Vmg3312 B10b Firmware | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Zyxel VMG3312 B10B devices are affected by a persistent XSS vulnerability via the pages/connectionStatus/connectionStatus-hostEntry.cmd hostname parameter. | |||||
CVE-2018-1002006 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes | |||||
CVE-2018-18741 | 1 Sem-cms | 1 Semcms | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
An XSS issue was discovered in SEMCMS 3.4 via admin/SEMCMS_Download.php?lgid=1 during editing. | |||||
CVE-2018-1404 | 1 Ibm | 1 Rational Quality Manager | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138440. | |||||
CVE-2018-1000219 | 1 Open-emr | 1 Openemr | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'scan' parameter in line #41 of interface/fax/fax_view.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.. This attack appear to be exploitable via The victim must visit on a specially crafted URL.. | |||||
CVE-2015-9276 | 1 Smartertools | 1 Smartermail | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' passwords could be reset by using an XSS attack, as the password reset page did not need the current password. | |||||
CVE-2018-1967 | 1 Ibm | 1 Security Identity Manager | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153748. | |||||
CVE-2016-8639 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Foreman | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface. |