Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19693 | 1 Tp5cms Project | 1 Tp5cms | 2018-12-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the title parameter. | |||||
| CVE-2018-19785 | 1 Php-proxy | 1 Php-proxy | 2018-12-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP-Proxy through 5.1.0 has Cross-Site Scripting (XSS) via the URL field in index.php. | |||||
| CVE-2018-19527 | 1 I4 | 1 Ai Si Assistant | 2018-12-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| i4 assistant 7.85 allows XSS via a crafted machine name field within iOS settings. | |||||
| CVE-2018-0716 | 1 Qnap | 1 Qts | 2018-12-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application. | |||||
| CVE-2018-13323 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2018-12-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie. | |||||
| CVE-2018-19794 | 1 Internet2 | 1 Grouper | 2018-12-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in UiV2Public.index in Internet2 Grouper 2.2 and 2.3 allows remote attackers to inject arbitrary web script or HTML via the code parameter. | |||||
| CVE-2018-13022 | 1 Mi | 2 Mi Router 3, Miwifi Os | 2018-12-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in the API 404 page on Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary JavaScript via a modified URL path. | |||||
| CVE-2018-18642 | 1 Gitlab | 1 Gitlab | 2018-12-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has XSS. | |||||
| CVE-2018-19892 | 1 Domainmod | 1 Domainmod | 2018-12-21 | 3.5 LOW | 4.8 MEDIUM |
| DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field. | |||||
| CVE-2018-19749 | 1 Domainmod | 1 Domainmod | 2018-12-21 | 3.5 LOW | 4.8 MEDIUM |
| DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field. | |||||
| CVE-2018-19751 | 1 Domainmod | 1 Domainmod | 2018-12-21 | 3.5 LOW | 4.8 MEDIUM |
| DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields. | |||||
| CVE-2018-19752 | 1 Domainmod | 1 Domainmod | 2018-12-21 | 3.5 LOW | 4.8 MEDIUM |
| DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes field for the Registrar. | |||||
| CVE-2018-19913 | 1 Domainmod | 1 Domainmod | 2018-12-21 | 3.5 LOW | 4.8 MEDIUM |
| DomainMOD through 4.11.01 has XSS via the assets/add/registrar-accounts.php UserName, Reseller ID, or notes field. | |||||
| CVE-2018-12310 | 1 Asustor | 2 As602t, Data Master | 2018-12-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature. | |||||
| CVE-2018-12311 | 1 Asustor | 2 As602t, Data Master | 2018-12-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename. | |||||
| CVE-2018-12305 | 1 Asustor | 1 Data Master | 2018-12-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript. | |||||
| CVE-2018-13360 | 1 Terra-master | 1 Terramaster Operating System | 2018-12-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "filename" URL parameter. | |||||
| CVE-2018-14704 | 1 Drobo | 2 5n2, 5n2 Firmware | 2018-12-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in the MySQL API error page in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via a malformed URL path. | |||||
| CVE-2018-13317 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2018-12-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to obtain the plaintext password for the admin user by making a GET request for password.htm. | |||||
| CVE-2018-13331 | 1 Terra-master | 1 Terramaster Operating System | 2018-12-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing users by placing JavaScript in their usernames. | |||||