Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15903 | 1 Claromentis | 1 Claromentis | 2018-11-26 | 3.5 LOW | 5.4 MEDIUM |
| The Discuss v1.2.1 module in Claromentis 8.2.2 is vulnerable to stored Cross Site Scripting (XSS). An authenticated attacker will be able to place malicious JavaScript in the discussion forum, which is present in the login landing page. A low privilege user can use this to steal the session cookies from high privilege accounts and hijack these, enabling them to hijack the elevated session and perform actions in their security context. | |||||
| CVE-2018-2470 | 1 Sap | 1 Netweaver | 2018-11-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2018-18087 | 1 Bixie | 1 Portfolio | 2018-11-23 | 3.5 LOW | 5.4 MEDIUM |
| The Bixie Portfolio plugin 1.2.0 for Pagekit has XSS: a logged-in user who has the "Manage portfolio" privilege can inject arbitrary web script or HTML via the Image URL field in the portfolio editor. The vulnerability is triggered by visiting /portfolio/${project_title}. | |||||
| CVE-2018-2472 | 1 Sap | 1 Businessobjects Bi Platform | 2018-11-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 (Web Intelligence DHTML client) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2018-2479 | 1 Sap | 1 Businessobjects Bi Platform | 2018-11-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (BIWorkspace), versions 4.1 and 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2016-4003 | 1 Apache | 1 Struts | 2018-11-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter. | |||||
| CVE-2015-5169 | 1 Apache | 1 Struts | 2018-11-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20. | |||||
| CVE-2018-17443 | 1 D-link | 1 Central Wifimanager | 2018-11-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS. | |||||
| CVE-2018-18069 | 1 Wpml | 1 Wpml | 2018-11-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php. | |||||
| CVE-2018-2466 | 1 Sap | 1 Data Services | 2018-11-23 | 3.5 LOW | 5.4 MEDIUM |
| In Impact and Lineage Analysis in SAP Data Services, version 4.2, the management console does not sufficiently validate user-controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2018-18029 | 1 Naviwebs | 1 Navigate Cms | 2018-11-23 | 3.5 LOW | 5.4 MEDIUM |
| Navigate CMS has Stored XSS via the navigate.php Title field in an edit action. | |||||
| CVE-2018-18082 | 1 Bijiadao | 1 Waimai Super Cms | 2018-11-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Waimai Super Cms 20150505 via the fname parameter to the admin.php?m=Food&a=addsave or admin.php?m=Food&a=editsave URI. | |||||
| CVE-2018-18198 | 1 Redaxo | 1 Redaxo | 2018-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The $opener_input_field variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page. The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=[XSS] request. | |||||
| CVE-2018-17441 | 1 D-link | 1 Central Wifimanager | 2018-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS. | |||||
| CVE-2018-18199 | 1 Redaxo | 1 Redaxo | 2018-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mediamanager in REDAXO before 5.6.4 has XSS. | |||||
| CVE-2018-18210 | 1 Dilicms | 1 Dilicms | 2018-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_url parameter. | |||||
| CVE-2018-18209 | 1 Dilicms | 1 Dilicms | 2018-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_type parameter. | |||||
| CVE-2018-18307 | 1 Alchemy-cms | 1 Alchemy Cms | 2018-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Stored XSS vulnerability has been discovered in version 4.1.0 of AlchemyCMS via the /admin/pictures image field. | |||||
| CVE-2018-0657 | 2 Ec-cube, Gmo-pg | 3 Ec-cube, Ec-cube Payment Module, Gmo-pg Payment Module | 2018-11-20 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting vulnerability in EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE (EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, and GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier) allow an attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-2420 | 1 Microsoft | 1 System Center Operations Manager | 2018-11-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Microsoft System Center 2012 Operations Manager Gold before Rollup 8, SP1 before Rollup 10, and R2 before Rollup 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "System Center Operations Manager Web Console XSS Vulnerability." | |||||