Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18939 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2018-11-15 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via a seventh input field. | |||||
| CVE-2018-17835 | 1 Get-simple | 1 Getsimple Cms | 2018-11-15 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalink Structure parameter, which injects the XSS payload into any page created at the admin/pages.php URI. | |||||
| CVE-2018-17587 | 1 Airties | 2 Air 5750, Air 5750 Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| AirTies Air 5750 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | |||||
| CVE-2018-17830 | 1 Redaxo | 1 Redaxo | 2018-11-15 | 3.5 LOW | 5.4 MEDIUM |
| The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted). The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=&args[ substring. | |||||
| CVE-2018-17589 | 1 Airties | 2 Air 5650, Air 5650 Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| AirTies Air 5650 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | |||||
| CVE-2018-17588 | 1 Airties | 2 Air 5021, Air 5021 Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| AirTies Air 5021 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | |||||
| CVE-2018-17593 | 1 Airties | 2 Air 5453, Air 5453 Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| AirTies Air 5453 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | |||||
| CVE-2018-17590 | 1 Airties | 2 Air 5442, Air 5442 Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| AirTies Air 5442 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | |||||
| CVE-2018-17591 | 1 Airties | 2 Air 5343v2, Air 5343v2 Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| AirTies Air 5343v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | |||||
| CVE-2018-17594 | 1 Airties | 2 Air 5443v2, Air 5443v2 Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| AirTies Air 5443v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | |||||
| CVE-2010-0440 | 1 Cisco | 3 Adaptive Security Appliance Software, Asa 5500, Secure Desktop | 2018-11-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.2(1), 8.1(2.7), and 8.0(5); allows remote attackers to inject arbitrary web script or HTML via a crafted POST parameter, which is not properly handled by an eval statement in binary/mainv.js that writes to start.html. | |||||
| CVE-2018-17312 | 1 Ricoh | 2 Aficio Mp 301spf, Aficio Mp 301spf Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| On the RICOH Aficio MP 301 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | |||||
| CVE-2018-17310 | 1 Ricoh | 2 Mp C1803 Jpn, Mp C1803 Jpn Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| On the RICOH MP C1803 JPN printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | |||||
| CVE-2018-17314 | 1 Ricoh | 2 Mp 305\+, Mp 305\+ Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| On the RICOH Aficio MP 305+ printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | |||||
| CVE-2018-17311 | 1 Ricoh | 2 Mp C6503, Mp C6503 Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| On the RICOH MP C6503 Plus printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | |||||
| CVE-2018-17313 | 1 Ricoh | 2 Mp C307, Mp C307 Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| On the RICOH MP C307 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | |||||
| CVE-2018-17316 | 1 Ricoh | 2 Mp C6003, Mp C6003 Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| On the RICOH MP C6003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | |||||
| CVE-2018-17309 | 1 Ricoh | 2 Mp C406z, Mp C406zspf Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| On the RICOH MP C406Z printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | |||||
| CVE-2018-17315 | 1 Ricoh | 2 Mp C2003, Mp C2003sp Firmware | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| On the RICOH MP C2003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | |||||
| CVE-2018-17571 | 1 Vanillaforums | 1 Vanilla | 2018-11-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Vanilla before 2.6.1 allows XSS via the email field of a profile. | |||||