Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16619 | 1 Sonatype | 1 Nexus Repository Manager | 2018-12-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sonatype Nexus Repository Manager before 3.14 allows XSS. | |||||
| CVE-2018-19340 | 1 Guriddo | 1 Form Php | 2018-12-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Guriddo Form PHP 5.3 has XSS via the demos/jqform/defaultnodb/default.php OrderID, ShipName, ShipAddress, ShipCity, ShipPostalCode, ShipCountry, Freight, or details parameter. | |||||
| CVE-2018-0695 | 1 Usvn | 1 Usvn | 2018-12-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in User-friendly SVN (USVN) Version 1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-19189 | 1 Amazon | 1 Payfort-php-sdk | 2018-12-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in an error.php echo statement. | |||||
| CVE-2018-19190 | 1 Amazon | 1 Payfort-php-sdk | 2018-12-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the error.php error_msg parameter. | |||||
| CVE-2018-19186 | 1 Amazon | 1 Payfort-php-sdk | 2018-12-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the route.php paymentMethod parameter. | |||||
| CVE-2018-19187 | 1 Amazon | 1 Payfort-php-sdk | 2018-12-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in a success.php echo statement. | |||||
| CVE-2018-19188 | 1 Amazon | 1 Payfort-php-sdk | 2018-12-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the success.php fort_id parameter. | |||||
| CVE-2018-8600 | 1 Microsoft | 1 Azure App Service On Azure Stack | 2018-12-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Azure App Services on Azure Stack does not properly sanitize user provided input, aka "Azure App Service Cross-site Scripting Vulnerability." This affects Azure App. | |||||
| CVE-2018-19352 | 1 Jupyter | 1 Notebook | 2018-12-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely. | |||||
| CVE-2018-19350 | 1 Seacms | 1 Seacms | 2018-12-17 | 3.5 LOW | 5.4 MEDIUM |
| In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element. | |||||
| CVE-2018-0697 | 1 Metabase | 1 Metabase | 2018-12-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Metabase version 0.29.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-0699 | 1 Hyuki | 1 Yukiwiki | 2018-12-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in YukiWiki 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-14935 | 1 Polycom | 2 Trio 8500, Trio 8500 Firmware | 2018-12-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS. | |||||
| CVE-2018-0687 | 1 Neo | 2 Debun Imap, Debun Pop | 2018-12-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-19287 | 1 Ninjaforma | 1 Ninja Forms | 2018-12-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote Attackers to execute JavaScript via the includes/Admin/Menus/Submissions.php (aka submissions page) begin_date, end_date, or form_id parameter. | |||||
| CVE-2018-6081 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Linux Desktop and 2 more | 2018-12-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page. | |||||
| CVE-2018-8605 | 1 Microsoft | 1 Dynamics 365 | 2018-12-14 | 3.5 LOW | 5.4 MEDIUM |
| A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8606, CVE-2018-8607, CVE-2018-8608. | |||||
| CVE-2018-8607 | 1 Microsoft | 1 Dynamics 365 | 2018-12-14 | 3.5 LOW | 5.4 MEDIUM |
| A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8605, CVE-2018-8606, CVE-2018-8608. | |||||
| CVE-2018-8606 | 1 Microsoft | 1 Dynamics 365 | 2018-12-14 | 3.5 LOW | 5.4 MEDIUM |
| A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8605, CVE-2018-8607, CVE-2018-8608. | |||||