Total
26560 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0719 | 1 Qnap | 1 Qts | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in NAS devices of QNAP Systems Inc. QTS allows attackers to inject javascript. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions on build 20180710. | |||||
| CVE-2018-10569 | 1 Edimax | 2 Edimax Ew-7438rpn V2 Firmware, Ew-7438rpn Mini V2 | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Edimax EW-7438RPn Mini v2 before version 1.26. There is XSS in an SSID field. | |||||
| CVE-2018-1000816 | 1 Grafana | 1 Grafana | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting (XSS) vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where the payload was previously inserted.. | |||||
| CVE-2018-14904 | 1 Samsung | 1 Syncthru Web Service | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on several parameters, as demonstrated by ruiFw_pid. | |||||
| CVE-2018-13334 | 1 Terra-master | 1 Terramaster Operating System | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "options[sysname]" parameter. | |||||
| CVE-2018-19564 | 1 Goldplugins | 1 Easy Testimonials | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS was discovered in the Easy Testimonials plugin 3.2 for WordPress. Three wp-admin/post.php parameters (_ikcf_client and _ikcf_position and _ikcf_other) have Cross-Site Scripting. | |||||
| CVE-2019-7340 | 1 Zoneminder | 1 Zoneminder | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[Query][terms][0][val]' parameter value in the view filter (filter.php) because proper filtration is omitted. | |||||
| CVE-2018-19922 | 1 Actiontec | 2 C1000a, C1000a Firmware | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Persistent Cross-Site Scripting (XSS) in the advancedsetup_websiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary HTML into the 'TodUrlAdd' URL parameter in a /urlfilter.cmd POST request. | |||||
| CVE-2018-19469 | 1 Articlecms Project | 1 Articlecms | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| ArticleCMS through 2017-02-19 has XSS via the /update_personal_infomation realname or email parameter. | |||||
| CVE-2018-18622 | 1 Bijiadao | 1 Waimai Super Cms | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Waimai Super Cms 20150505. There is XSS via the index.php?m=public&a=doregister username parameter. | |||||
| CVE-2018-0655 | 1 Weseek | 1 Growi | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the app settings section of admin page. | |||||
| CVE-2018-15567 | 1 Cmsuno Project | 1 Cmsuno | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| CMSUno before 1.5.3 has XSS via the title field. | |||||
| CVE-2018-15393 | 1 Cisco | 1 Content Security Management Appliance | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Content Security Management Appliance (SMA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2018-9281 | 1 Eaton | 2 9px Ups, 9px Ups Firmware | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on Eaton UPS 9PX 8000 SP devices. The administration panel is vulnerable to a CSRF attack on the change-password functionality. This vulnerability could be used to force a logged-in administrator to perform a silent password update. The affected forms are also vulnerable to Reflected Cross-Site Scripting vulnerabilities. This flaw could be triggered by driving an administrator logged into the Eaton application to a specially crafted web page. This attack could be done silently. | |||||
| CVE-2019-9078 | 1 Zzcms | 1 Zzcms | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter because inc/stopsqlin.php does not block a mixed-case string such as sCrIpT. | |||||
| CVE-2018-17044 | 1 Yzmcms | 1 Yzmcms | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
| In YzmCMS 5.1, stored XSS exists via the admin/system_manage/user_config_add.html title parameter. | |||||
| CVE-2018-17316 | 1 Ricoh | 2 Mp C6003, Mp C6003 Firmware | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| On the RICOH MP C6003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | |||||
| CVE-2018-0400 | 1 Cisco | 2 Unified Contact Center Express, Unified Ip Interactive Voice Response | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. Cisco Bug IDs: CSCvg70904. | |||||
| CVE-2019-1677 | 1 Cisco | 1 Webex Meetings | 2023-12-10 | 1.9 LOW | 4.6 MEDIUM |
| A vulnerability in Cisco Webex Meetings for Android could allow an unauthenticated, local attacker to perform a cross-site scripting attack against the application. The vulnerability is due to insufficient validation of the application input parameters. An attacker could exploit this vulnerability by sending a malicious request to the Webex Meetings application through an intent. A successful exploit could allow the attacker to execute script code in the context of the Webex Meetings application. Versions prior to 11.7.0.236 are affected. | |||||
| CVE-2018-20756 | 1 Modx | 1 Modx Revolution | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs. | |||||