Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18430 | 1 Destoon | 1 Destoon B2b | 2018-11-29 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DESTOON B2B 7.0. admin\setting.inc.php has XSS via the first text box to the admin.php URI. | |||||
| CVE-2018-18433 | 1 Destoon | 1 Destoon B2b | 2018-11-29 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DESTOON B2B 7.0. admin/category.inc.php has XSS via the category[catname] parameter to the admin.php URI. | |||||
| CVE-2012-0587 | 1 Apple | 1 Iphone Os | 2018-11-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0588, and CVE-2012-0589. | |||||
| CVE-2012-0588 | 1 Apple | 1 Iphone Os | 2018-11-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0589. | |||||
| CVE-2012-0589 | 1 Apple | 1 Iphone Os | 2018-11-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0588. | |||||
| CVE-2012-0590 | 1 Apple | 1 Iphone Os | 2018-11-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a drag-and-drop operation. | |||||
| CVE-2012-0586 | 1 Apple | 1 Iphone Os | 2018-11-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0587, CVE-2012-0588, and CVE-2012-0589. | |||||
| CVE-2017-5934 | 4 Canonical, Debian, Moinmo and 1 more | 4 Ubuntu Linux, Debian Linux, Moinmoin and 1 more | 2018-11-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-11558 | 1 Domainmod | 1 Domainmod | 2018-11-29 | 3.5 LOW | 5.4 MEDIUM |
| DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_first_name parameter. | |||||
| CVE-2018-11559 | 1 Domainmod | 1 Domainmod | 2018-11-29 | 3.5 LOW | 5.4 MEDIUM |
| DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_last_name parameter. | |||||
| CVE-2018-17337 | 1 Intelbras | 2 Nplug, Nplug Firmware | 2018-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is received via a network broadcast. | |||||
| CVE-2018-18270 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action. | |||||
| CVE-2018-18282 | 1 Zeit | 1 Next.js | 2018-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page. | |||||
| CVE-2018-18296 | 1 Metinfo | 1 Metinfo | 2018-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| MetInfo 6.1.2 has XSS via the /admin/index.php bigclass parameter in an n=column&a=doadd action. | |||||
| CVE-2018-18259 | 1 Luya | 1 Luya Cms | 2018-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored XSS has been discovered in version 1.0.12 of the LUYA CMS software via /admin/api-cms-nav/create-page. | |||||
| CVE-2018-18271 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action. | |||||
| CVE-2018-18062 | 1 Tecrail | 1 Responsive Filemanager | 2018-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. A reflected XSS vulnerability allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2018-18374 | 1 Metinfo | 1 Metinfo | 2018-11-27 | 3.5 LOW | 5.4 MEDIUM |
| XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter. | |||||
| CVE-2018-8488 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2018-11-27 | 3.5 LOW | 5.4 MEDIUM |
| An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8480, CVE-2018-8498, CVE-2018-8518. | |||||
| CVE-2018-18208 | 1 Virtualmin | 1 Virtualmin | 2018-11-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Virtualmin 6.03 allows XSS via the query string, as demonstrated by the webmin_search.cgi URI. | |||||