Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 21765 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-14698 1 Drobo 2 5n2, 5n2 Firmware 2018-12-20 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the "username" URL parameter.
CVE-2018-14697 1 Drobo 2 5n2, 5n2 Firmware 2018-12-20 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the username URL parameter.
CVE-2018-13357 1 Terra-master 1 Terramaster Operating System 2018-12-19 3.5 LOW 5.4 MEDIUM
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing Shared Folders via JavaScript in Shared Folders' names.
CVE-2018-16096 1 Lenovo 8 System Management Module Firmware, Thinkagile Hx Enclosure 7x81, Thinkagile Hx Enclosure 7y87 and 5 more 2018-12-19 4.3 MEDIUM 6.1 MEDIUM
In System Management Module (SMM) versions prior to 1.06, the SMM web interface for changing Enclosure VPD fails to sufficiently sanitize all input for HTML tags, possibly opening a path for cross-site scripting.
CVE-2018-13351 1 Terra-master 1 Terramaster Operating System 2018-12-19 3.5 LOW 4.8 MEDIUM
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form.
CVE-2018-13349 1 Terra-master 1 Terramaster Operating System 2018-12-19 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting in the web application taskbar in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the user's username.
CVE-2018-13335 1 Terra-master 1 Terramaster Operating System 2018-12-19 3.5 LOW 5.4 MEDIUM
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared folders via their descriptions.
CVE-2018-13333 1 Terra-master 1 Terramaster Operating System 2018-12-19 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames.
CVE-2018-13329 1 Terra-master 1 Terramaster Operating System 2018-12-19 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "lines" URL parameter.
CVE-2018-13334 1 Terra-master 1 Terramaster Operating System 2018-12-19 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "options[sysname]" parameter.
CVE-2018-13312 1 Totolink 2 A3002ru, A3002ru Firmware 2018-12-19 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "Input your notice URL" field.
CVE-2018-13308 1 Totolink 2 A3002ru, A3002ru Firmware 2018-12-19 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field.
CVE-2018-13309 1 Totolink 2 A3002ru, A3002ru Firmware 2018-12-19 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password.
CVE-2018-13310 1 Totolink 2 A3002ru, A3002ru Firmware 2018-12-19 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's username.
CVE-2018-6076 3 Debian, Google, Redhat 5 Debian Linux, Chrome, Linux Desktop and 2 more 2018-12-19 4.3 MEDIUM 6.1 MEDIUM
Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page.
CVE-2018-19469 1 Articlecms Project 1 Articlecms 2018-12-19 4.3 MEDIUM 6.1 MEDIUM
ArticleCMS through 2017-02-19 has XSS via the /update_personal_infomation realname or email parameter.
CVE-2018-19547 1 Jtbc 1 Jtbc Php 2018-12-19 4.3 MEDIUM 6.1 MEDIUM
JTBC(PHP) 3.0.1.7 has XSS via the console/xml/manage.php?type=action&action=edit content parameter.
CVE-2018-19564 1 Goldplugins 1 Easy Testimonials 2018-12-18 4.3 MEDIUM 6.1 MEDIUM
Stored XSS was discovered in the Easy Testimonials plugin 3.2 for WordPress. Three wp-admin/post.php parameters (_ikcf_client and _ikcf_position and _ikcf_other) have Cross-Site Scripting.
CVE-2018-19433 1 Showdoc 1 Showdoc 2018-12-18 4.3 MEDIUM 6.1 MEDIUM
ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value.
CVE-2018-19324 1 Kimsq 1 Rb 2018-12-17 3.5 LOW 5.4 MEDIUM
kimsQ Rb 2.3.0 allows XSS via the second input field to the /?r=home&mod=mypage&page=info URI.