Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15313 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2018-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page. | |||||
| CVE-2018-15703 | 1 Advantech | 1 Webaccess | 2018-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser. | |||||
| CVE-2018-18578 | 1 Dedecms | 1 Dedecms | 2018-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter. | |||||
| CVE-2018-18782 | 1 Dedecms | 1 Dedecms | 2018-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ftype parameter. | |||||
| CVE-2018-18781 | 1 Dedecms | 1 Dedecms | 2018-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or keyword parameter. | |||||
| CVE-2018-18579 | 1 Dedecms | 1 Dedecms | 2018-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter. | |||||
| CVE-2018-18361 | 1 Nconsulting | 1 Nc-cms | 2018-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in nc-cms through 2017-03-10. index.php?action=edit_html allows XSS via the name parameter, as demonstrated by a value beginning with home_content and containing a crafted SRC attribute of an IMG element. | |||||
| CVE-2018-15312 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2018-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, a reflected Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an authenticated user to execute JavaScript for the currently logged-in user. | |||||
| CVE-2018-18372 | 1 Kaasoft | 1 Library Cms | 2018-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Stored XSS vulnerability has been discovered in KAASoft Library CMS - Powerful Book Management System 2.1.1 via the /admin/book/create/ title parameter. | |||||
| CVE-2014-6071 | 1 Jquery | 1 Jquery | 2018-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after. | |||||
| CVE-2018-17964 | 1 Aryanic | 1 Highportal | 2018-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Aryanic HighPortal 12.5 has XSS via an Add Tags action. | |||||
| CVE-2018-15969 | 1 Adobe | 1 Experience Manager | 2018-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2018-15970 | 1 Adobe | 1 Experience Manager | 2018-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2018-15971 | 1 Adobe | 1 Experience Manager | 2018-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2018-15972 | 1 Adobe | 1 Experience Manager | 2018-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2018-15973 | 1 Adobe | 1 Experience Manager | 2018-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2018-18460 | 1 Wp-livechat | 1 Wp Live Chat Support | 2018-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.php wplivechat-menu-gdpr-page request. | |||||
| CVE-2018-15538 | 1 Agentejo | 1 Cockpit | 2018-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Agentejo Cockpit has multiple Cross-Site Scripting vulnerabilities. | |||||
| CVE-2018-17533 | 1 Teltonika | 6 Rut900, Rut900 Firmware, Rut950 and 3 more | 2018-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization. | |||||
| CVE-2018-18431 | 1 Destoon | 1 Destoon B2b | 2018-11-29 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DESTOON B2B 7.0. XSS exists via certain text boxes to the admin.php?moduleid=2&action=add URI. | |||||