Total
21765 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-15184 | 1 Naukri Clone Script Project | 1 Naukri Clone Script | 2018-10-09 | 3.5 LOW | 5.4 MEDIUM |
PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 has Stored XSS via the USERNAME field, a related issue to CVE-2018-6795. | |||||
CVE-2016-8527 | 1 Hp | 1 Airwave | 2018-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into AirWave in the same browser. | |||||
CVE-2018-15190 | 1 Hotel Booking Script Project | 1 Hotel Booking Script | 2018-10-06 | 3.5 LOW | 5.4 MEDIUM |
PHP Scripts Mall hotel-booking-script 2.0.4 allows XSS via the First Name, Last Name, or Address field. | |||||
CVE-2018-15189 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2018-10-05 | 3.5 LOW | 5.4 MEDIUM |
PHP Scripts Mall advanced-real-estate-script has XSS via the Name field of a profile. | |||||
CVE-2018-14503 | 1 Coremail | 1 Coremail Xt | 2018-10-05 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in intervalCheck.jsp in Coremail XT 3.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. | |||||
CVE-2018-14837 | 1 Wolfcms | 1 Wolf Cms | 2018-10-05 | 3.5 LOW | 4.8 MEDIUM |
Wolf CMS 0.8.3.1 has XSS in the Snippets tab, as demonstrated by a ?/admin/snippet/edit/1 URI. | |||||
CVE-2016-4392 | 1 Hp | 1 Business Service Management | 2018-10-05 | 3.5 LOW | 5.4 MEDIUM |
A remote cross site scripting vulnerability has been identified in HP Business Service Management software v9.1x, v9.20 - v9.25IP1. | |||||
CVE-2018-15182 | 1 Car Rental Script Project | 1 Car Rental Script | 2018-10-05 | 3.5 LOW | 5.4 MEDIUM |
PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the FirstName and LastName fields. | |||||
CVE-2018-15130 | 1 Thinksaas | 1 Thinksaas | 2018-10-05 | 3.5 LOW | 5.4 MEDIUM |
ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter. | |||||
CVE-2017-8991 | 1 Hp | 1 Centralview Fraud Risk Management | 2018-10-05 | 3.5 LOW | 5.4 MEDIUM |
HPE has identified a cross site scripting (XSS) vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version. | |||||
CVE-2018-7075 | 1 Hp | 1 Intelligent Management Center | 2018-10-05 | 4.3 MEDIUM | 6.1 MEDIUM |
A remote cross-site scripting (XSS) vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT version v7.3 (E0506). The vulnerability is fixed in Intelligent Management Center PLAT 7.3 E0605P04 or subsequent version. | |||||
CVE-2018-15129 | 1 Thinksaas | 1 Thinksaas | 2018-10-05 | 3.5 LOW | 5.4 MEDIUM |
ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&ac=comment&ts=do content parameter. | |||||
CVE-2018-15169 | 1 Zohocorp | 1 Manageengine Applications Manager | 2018-10-05 | 4.3 MEDIUM | 6.1 MEDIUM |
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter. | |||||
CVE-2016-4400 | 1 Hp | 1 Network Node Manager I | 2018-10-04 | 3.5 LOW | 5.4 MEDIUM |
A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS). | |||||
CVE-2016-4399 | 1 Hp | 1 Network Node Manager I | 2018-10-04 | 3.5 LOW | 5.4 MEDIUM |
A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS). | |||||
CVE-2018-12943 | 1 Seeddms | 1 Seeddms | 2018-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-Site Scripting (XSS) vulnerability in every page that includes the "action" URL parameter in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||||
CVE-2006-3756 | 1 Geeklog | 1 Geeklog | 2018-10-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Geeklog 1.4.0sr4 and earlier, and 1.3.11sr6 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when validating comments in (1) lib-comment.php (1.4.0sr4) or (2) comment.php (0.3.11sr6). | |||||
CVE-2018-13055 | 1 Mantisbt | 1 Mantisbt | 2018-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO. | |||||
CVE-2016-4406 | 1 Hp | 3 Integrated Lights-out, Integrated Lights-out 3 Firmware, Integrated Lights-out 4 Firmware | 2018-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
A remote cross site scripting vulnerability was identified in HPE iLO 3 all version prior to v1.88 and HPE iLO 4 all versions prior to v2.44. | |||||
CVE-2018-14964 | 1 Emlsoft Project | 1 Emlsoft | 2018-10-04 | 3.5 LOW | 5.4 MEDIUM |
An issue was discovered in EMLsoft 5.4.5. XSS exists via the eml/upload/eml/?action=address&do=edit page. |