Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20212 | 1 Twiki | 1 Twiki | 2019-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| bin/statistics in TWiki 6.0.2 allows cross-site scripting (XSS) via the webs parameter. | |||||
| CVE-2018-20140 | 1 Zenphoto | 1 Zenphoto | 2019-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zenphoto 1.4.14 has multiple cross-site scripting (XSS) vulnerabilities via different URL parameters. | |||||
| CVE-2018-20632 | 1 Advance B2b Script Project | 1 Advance B2b Script | 2019-03-21 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Advance B2B Script 2.1.4 has stored Cross-Site Scripting (XSS) via the FIRST NAME or LAST NAME field. | |||||
| CVE-2018-16519 | 1 Coyoapp | 1 Coyo | 2019-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| COYO 9.0.8, 10.0.11 and 12.0.4 has cross-site scripting (XSS) via URLs used by "iFrame" widgets. | |||||
| CVE-2018-20121 | 1 Podcastgenerator | 1 Podcast Generator | 2019-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Podcast Generator 2.7 has stored cross-site scripting (XSS) via the URL addcategory parameter. | |||||
| CVE-2018-12638 | 1 Bose | 1 Soundtouch | 2019-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app. | |||||
| CVE-2018-19509 | 1 Ens | 1 Webgalamb | 2019-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars() instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to XSS. | |||||
| CVE-2018-19191 | 1 Webmin | 1 Webmin | 2019-03-21 | 3.5 LOW | 5.4 MEDIUM |
| Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter. | |||||
| CVE-2018-1763 | 1 Ibm | 1 Rational Quality Manager | 2019-03-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148617. | |||||
| CVE-2018-1764 | 1 Ibm | 1 Rational Quality Manager | 2019-03-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148618. | |||||
| CVE-2018-1759 | 1 Ibm | 1 Rational Quality Manager | 2019-03-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148613. | |||||
| CVE-2017-1000015 | 1 Phpmyadmin | 1 Phpmyadmin | 2019-03-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters | |||||
| CVE-2018-11343 | 1 Asustor | 1 Soundsgood | 2019-03-20 | 3.5 LOW | 5.4 MEDIUM |
| A persistent cross site scripting vulnerability in playlistmanger.cgi in the ASUSTOR SoundsGood application allows attackers to store cross site scripting payloads via the 'playlist' POST parameter. | |||||
| CVE-2017-8550 | 1 Microsoft | 1 Office | 2019-03-19 | 4.3 MEDIUM | 5.4 MEDIUM |
| A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business Remote Code Execution Vulnerability". | |||||
| CVE-2017-7985 | 1 Joomla | 1 Joomla\! | 2019-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components. | |||||
| CVE-2017-6562 | 1 Agora-project | 1 Agora-project | 2019-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=file&targetObjId=fileFolder-2&targetObjIdChild=[XSS] attack. | |||||
| CVE-2017-6561 | 1 Agora-project | 1 Agora-project | 2019-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action=[XSS] attack. | |||||
| CVE-2017-6559 | 1 Agora-project | 1 Agora-project | 2019-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS in Agora-Project 3.2.2 exists with an index.php?disconnect=1&msgNotif[]=[XSS] attack. | |||||
| CVE-2019-6229 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2019-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| A logic issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
| CVE-2017-8551 | 1 Microsoft | 1 Project Server | 2019-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| An elevation of privilege vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint XSS vulnerability". | |||||