Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20680 | 1 Frog Cms Project | 1 Frog Cms | 2019-01-11 | 3.5 LOW | 4.8 MEDIUM |
| Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field. | |||||
| CVE-2018-12672 | 1 Sv3c | 4 H.264 Poe Ip Camera Firmware, Sv-b01poe-1080p-l, Sv-b11vpoe-1080p-l and 1 more | 2019-01-11 | 3.5 LOW | 5.4 MEDIUM |
| The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B) does not perform proper validation on user-supplied input and is vulnerable to cross-site scripting attacks. If proper authorization was implemented, this vulnerability could be leveraged to perform actions on behalf of another user or the administrator. | |||||
| CVE-2018-20372 | 1 Tp-link | 2 Td-w8961nd, Td-w8961nd Firmware | 2019-01-11 | 3.5 LOW | 5.4 MEDIUM |
| TP-Link TD-W8961ND devices allow XSS via the hostname of a DHCP client. | |||||
| CVE-2018-1000629 | 1 Battelle | 1 V2i Hub | 2019-01-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by api/SystemConfigActions.php?action=add and the index.php script. A remote attacker could exploit this vulnerability using the parameterName or _login_username parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | |||||
| CVE-2018-20464 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-01-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php. This vulnerability is triggered upon an attempt to modify a user's mailbox with the wrong format. The response contains the user's previously entered email address. | |||||
| CVE-2018-20454 | 1 74cms | 1 74cms | 2019-01-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in 74cms v4.2.111. upload/index.php?c=resume&a=resume_list has XSS via the key parameter. | |||||
| CVE-2019-5311 | 1 Yunucms | 1 Yunucms | 2019-01-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in YUNUCMS V1.1.8. app/index/controller/Show.php has an XSS vulnerability via the index.php/index/show/index cw parameter. | |||||
| CVE-2019-5310 | 1 Yunucms | 1 Yunucms | 2019-01-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the sys.php file, as demonstrated by site_title in an admin/system/basic POST request. | |||||
| CVE-2018-7355 | 1 Zte | 4 Mf65, Mf65 Firmware, Mf65m1 and 1 more | 2019-01-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scripting vulnerability. Due to improper neutralization of input during web page generation, an attacker could exploit this vulnerability to conduct reflected XSS or HTML injection attacks on the devices. | |||||
| CVE-2018-20302 | 1 Emetrotel | 1 Xain | 2019-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in Steve Pallen Xain before 0.6.2 via the order parameter. | |||||
| CVE-2018-20611 | 1 Txjia | 1 Imcat | 2019-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo.php?cookie URI. | |||||
| CVE-2018-20589 | 1 Generic Content Management System Project | 1 Generic Content Management System | 2019-01-09 | 3.5 LOW | 4.8 MEDIUM |
| Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/add_pictures.php article ID. | |||||
| CVE-2018-20370 | 1 The-sz | 1 Netchat | 2019-01-09 | 3.5 LOW | 5.4 MEDIUM |
| SZ NetChat before 7.9 has XSS in the MyName input field of the Options module. Attackers are able to inject commands to compromise the enabled HTTP server web frontend. | |||||
| CVE-2018-20351 | 1 Evernote | 1 Evernote | 2019-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Markdown component in Evernote (Chinese) before 8.3.2 on macOS allows stored XSS, aka MAC-832. | |||||
| CVE-2018-20462 | 1 Jsmol2wp Project | 1 Jsmol2wp | 2019-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter. | |||||
| CVE-2018-12651 | 1 Myadrenalin | 1 Human Resource Management Software | 2019-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the ShiftEmployeeSearch.aspx prntFrmName or prntDDLCntrlName parameter. | |||||
| CVE-2018-1000860 | 1 Phpipam | 1 Phpipam | 2019-01-08 | 2.6 LOW | 4.7 MEDIUM |
| phpipam version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in The value of the phpipamredirect cookie is copied into an HTML tag on the login page encapsulated in single quotes. Editing the value of the cookie to r5zkh'><script>alert(1)</script>quqtl exploits an XSS vulnerability. that can result in Arbitrary code executes in victims browser.. This attack appear to be exploitable via Needs to be chained with another exploit that allows an attacker to set or modify a cookie for the phpIPAM instance's domain.. | |||||
| CVE-2018-1000870 | 1 Phpipam | 1 Phpipam | 2019-01-08 | 3.5 LOW | 5.4 MEDIUM |
| PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in /app/admin/users/print-user.php that can result in Execute code in the victims browser. This attack appear to be exploitable via Attacker change theme parameter in user settings. Admin(Victim) views user in admin-panel and gets exploited.. This vulnerability appears to have been fixed in 1.4. | |||||
| CVE-2018-20520 | 1 1234n | 1 Minicms | 2019-01-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| MiniCMS V1.10 has XSS via the mc-admin/post-edit.php query string, a related issue to CVE-2018-10296 and CVE-2018-16233. | |||||
| CVE-2018-0723 | 1 Qnap | 1 Q\'center Virtual Appliance | 2019-01-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0724. | |||||