Total
26831 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-5550 | 1 Epson | 1 Airprint | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Versions of Epson AirPrint released prior to January 19, 2018 contain a reflective cross-site scripting (XSS) vulnerability, which can allow untrusted users on the network to hijack a session cookie or perform other reflected XSS attacks on a currently logged-on user. | |||||
CVE-2018-13252 | 1 Entrustdatacard | 1 Syntera Customization Suite | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Entrust Datacard Syntera CS 5.x has XSS via the name field of "Domain or Computer Name" in the login page. | |||||
CVE-2018-7997 | 1 Eramba | 1 Eramba | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Eramba e1.0.6.033 has Reflected XSS on the Error page of the CSV file inclusion tab of the /importTool/preview URI, with a CSV file polluted with malicious JavaScript. | |||||
CVE-2017-9276 | 1 Netiq | 1 Access Manager | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the "a" parameter. | |||||
CVE-2018-5307 | 1 Sonatype | 1 Nexus Repository Manager | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the "File Upload" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality. | |||||
CVE-2018-12043 | 1 Getsymphony | 1 Symphony | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the pages content page. | |||||
CVE-2017-15092 | 1 Powerdns | 1 Recursor | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content. | |||||
CVE-2017-18086 | 1 Atlassian | 1 Confluence | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuesURL parameter. | |||||
CVE-2018-5521 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
On F5 BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, carefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to XSS. | |||||
CVE-2018-9844 | 1 Iptanus | 1 Wordpress File Upload | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS. | |||||
CVE-2018-6362 | 1 Ehcp | 1 Easy Hosting Control Panel | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the domainop action parameter, as demonstrated by reading the PHPSESSID cookie. | |||||
CVE-2018-3764 | 1 Nextcloud | 1 Contacts | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
In Nextcloud Contacts before 2.1.2, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins. | |||||
CVE-2017-6927 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (as JavaScript output does not typically go through Twig autoescaping). This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vulnerability under certain circumstances. The PHP functions which Drupal provides for HTML escaping are not affected. | |||||
CVE-2018-3755 | 1 Sexstatic Project | 1 Sexstatic | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS in sexstatic <=0.6.2 causes HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with <iframe> element used in directory name. | |||||
CVE-2018-8948 | 1 Misp-project | 1 Misp | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
In MISP before 2.4.89, app/View/Events/resolved_attributes.ctp has multiple XSS issues via a malicious MISP module. | |||||
CVE-2018-7280 | 1 Ninjaforms | 1 Ninja Forms | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The Ninja Forms plugin before 3.2.14 for WordPress has XSS. | |||||
CVE-2018-1000113 | 1 Jenkins | 1 Testlink | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScript | |||||
CVE-2017-5536 | 1 Tibco | 1 Datasynapse Gridserver Manager | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
The GridServer Broker, and GridServer Director components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS). In addition, an authenticated user could be a victim of a cross-site request forgery (CSRF) attack. Affected releases include TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager: versions up to and including 5.1.3; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; and 6.2.0. | |||||
CVE-2018-12657 | 1 Slims Akasia Project | 1 Slims Akasia | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Reflected Cross-Site Scripting (XSS) exists in the Master File module in SLiMS 8 Akasia 8.3.1 via an admin/modules/master_file/rda_cmc.php?keywords= URI. | |||||
CVE-2017-5124 | 2 Debian, Google | 2 Debian Linux, Chrome | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page. |