Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16456 | 1 Phpscriptsmall | 1 Website Seller Script | 2018-11-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a keyword. NOTE: This may overlap with CVE-2018-6870 which has XSS via the Listings Search feature. | |||||
| CVE-2018-16326 | 1 Phpscriptsmall | 1 Olx Clone | 2018-11-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Olx Clone 3.4.2 has XSS. | |||||
| CVE-2018-16453 | 1 Domain Lookup Script Project | 1 Domain Lookup Script | 2018-11-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Domain Lookup Script 3.0.5 allows XSS in the search bar. | |||||
| CVE-2018-16050 | 1 Gitlab | 1 Gitlab | 2018-11-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.5 and 11.2.x before 11.2.2. There is Persistent XSS in the Merge Request Changes View. | |||||
| CVE-2018-17849 | 1 Naviwebs | 1 Navigate Cms | 2018-11-19 | 3.5 LOW | 5.4 MEDIUM |
| Navigate CMS 2.8 has Stored XSS via a navigate_upload.php (aka File Upload) request with a multipart/form-data JavaScript payload. | |||||
| CVE-2015-9273 | 1 Wp-slimstat | 1 Slimstat Analytics | 2018-11-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-slimstat (aka Slimstat Analytics) plugin before 4.1.6.1 for WordPress has XSS via an HTTP Referer header, or via a field associated with JavaScript-based Referer tracking. | |||||
| CVE-2018-17946 | 1 Tribulant | 1 Slideshow Gallery | 2018-11-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Tribulant Slideshow Gallery plugin before 1.6.6.1 for WordPress has XSS via the id, method, Gallerymessage, Galleryerror, or Galleryupdated parameter. | |||||
| CVE-2018-17876 | 1 Web-feet | 1 Coaster Cms | 2018-11-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Stored XSS vulnerability has been discovered in the v5.5.0 version of the Coaster CMS product. | |||||
| CVE-2018-17947 | 1 Atmist | 1 Snazzy Maps | 2018-11-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Snazzy Maps plugin before 1.1.5 for WordPress has XSS via the text or tab parameter. | |||||
| CVE-2018-17886 | 1 Jeesns | 1 Jeesns | 2018-11-16 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in JEESNS 1.3. The XSS filter in com.lxinet.jeesns.core.utils.XssHttpServletRequestWrapper.java could be bypassed, as demonstrated by a <svg/onLoad=confirm substring. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-12429. | |||||
| CVE-2018-17596 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2018-11-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter. | |||||
| CVE-2018-17595 | 1 Fork-cms | 1 Fork Cms | 2018-11-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI. | |||||
| CVE-2018-17868 | 1 Dasan | 2 H660gw, H660gw Firmware | 2018-11-16 | 3.5 LOW | 4.8 MEDIUM |
| DASAN H660GW devices have Stored XSS in the Port Forwarding functionality. | |||||
| CVE-2018-9081 | 1 Lenovo | 40 Ez Media \& Backup Center, Ez Media \& Backup Center Firmware, Ix2 and 37 more | 2018-11-16 | 2.6 LOW | 4.7 MEDIUM |
| For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content Viewer with a cross site scripting payload in its name, and wait for a user to try and rename the file for their payload to trigger. | |||||
| CVE-2018-17884 | 1 Gwolle Guestbook Project | 1 Gwolle Guestbook | 2018-11-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook (gwolle-gb) plugin before 2.5.4 for WordPress via the PATH_INFO to wp-admin/index.php | |||||
| CVE-2018-12806 | 1 Adobe | 1 Experience Manager | 2018-11-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2018-5005 | 1 Adobe | 1 Experience Manager | 2018-11-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a Cross-site Scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2018-11581 | 1 Brother | 4 Hl-l2340d, Hl-l2340d Firmware, Hl-l2380dw and 1 more | 2018-11-16 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability on Brother HL series printers allows remote attackers to inject arbitrary web script or HTML via the url parameter to etc/loginerror.html. | |||||
| CVE-2018-18938 | 1 Wuzhicms | 1 Wuzhi Cms | 2018-11-16 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an ontoggle attribute to details/open/ within a second input field. | |||||
| CVE-2018-15365 | 1 Trendmicro | 1 Deep Discovery Inspector | 2018-11-16 | 3.5 LOW | 5.4 MEDIUM |
| A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro Deep Discovery Inspector 3.85 and below could allow an attacker to bypass CSRF protection and conduct an attack on vulnerable installations. An attacker must be an authenticated user in order to exploit the vulnerability. | |||||