Total
26831 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-12981 | 1 Wago | 8 762-3000, 762-3000 Firmware, 762-3001 and 5 more | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability can be exploited by authenticated and unauthenticated users by sending special crafted requests to the web server allowing injecting code within the WBM. The code will be rendered and/or executed in the browser of the user's browser. | |||||
CVE-2018-14605 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit. | |||||
CVE-2016-4392 | 1 Hp | 1 Business Service Management | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
A remote cross site scripting vulnerability has been identified in HP Business Service Management software v9.1x, v9.20 - v9.25IP1. | |||||
CVE-2018-14396 | 1 Cremecrm | 1 Cremecrm | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
An issue was discovered in Creme CRM 1.6.12. The salesman creation page is affected by 10 stored cross-site scripting vulnerabilities involving the firstname, lastname, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters. | |||||
CVE-2018-19822 | 1 Infovista | 1 Vistaportal | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/SharedCriteria.jsp" has reflected XSS via the ConnPoolName or GroupId parameter. | |||||
CVE-2018-17949 | 1 Microfocus | 1 Imanager | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross site scripting vulnerability in iManager prior to 3.1 SP2. | |||||
CVE-2018-10937 | 1 Redhat | 1 Openshift Container Platform | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. An attacker with the ability to create pods can use this flaw to perform actions on the K8s API as the victim. | |||||
CVE-2018-19547 | 1 Jtbc | 1 Jtbc Php | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
JTBC(PHP) 3.0.1.7 has XSS via the console/xml/manage.php?type=action&action=edit content parameter. | |||||
CVE-2015-9279 | 1 Mailenable | 1 Mailenable | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
MailEnable before 8.60 allows Stored XSS via malformed use of "<img/src" with no ">" character in the body of an e-mail message. | |||||
CVE-2018-17077 | 1 Yiqicms Project | 1 Yiqicms | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in yiqicms through 2016-11-20. There is stored XSS in comment.php because a length limit can be bypassed. | |||||
CVE-2018-18736 | 1 Catfish-cms | 1 Catfish Blog | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
An XSS issue was discovered in catfish blog 2.0.33, related to "write source code." | |||||
CVE-2018-17574 | 1 Ymfe | 1 Yapi | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
An issue was discovered in YMFE YApi 1.3.23. There is stored XSS in the name field of a project. | |||||
CVE-2018-13359 | 1 Terra-master | 1 Terramaster Operating System | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "modgroup" parameter. | |||||
CVE-2019-1661 | 1 Cisco | 1 Telepresence Management Suite | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. | |||||
CVE-2018-19340 | 1 Guriddo | 1 Form Php | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Guriddo Form PHP 5.3 has XSS via the demos/jqform/defaultnodb/default.php OrderID, ShipName, ShipAddress, ShipCity, ShipPostalCode, ShipCountry, Freight, or details parameter. | |||||
CVE-2018-16235 | 1 Telligent | 1 Community | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Telligent Community 6.x, 7.x, 8.x, 9.x before 9.2.10.11796, 10.1.x before 10.1.10.11792, and 10.2.x before 10.2.3.4725 has XSS via the Feed RSS widget. | |||||
CVE-2018-1772 | 1 Ibm | 1 Spss Analytic Server | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM SPSS Analytic Server 3.1.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148689. | |||||
CVE-2018-19301 | 1 Tp4a | 1 Teleport | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
tp4a TELEPORT 3.1.0 allows XSS via the login page because a crafted username is mishandled when an administrator later views the system log. | |||||
CVE-2018-16978 | 1 Monstra | 1 Monstra | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Monstra CMS V3.0.4 has XSS when ones tries to register an account with a crafted password parameter to users/registration, a different vulnerability than CVE-2018-11473. | |||||
CVE-2018-0652 | 1 Weseek | 1 Growi | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the UserGroup Management section of admin page. |