Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14604 | 1 Gitlab | 1 Gitlab | 2018-09-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the tooltip of the job inside the CI/CD pipeline. | |||||
| CVE-2018-14606 | 1 Gitlab | 1 Gitlab | 2018-09-18 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur via a Milestone name during a promotion. | |||||
| CVE-2018-14605 | 1 Gitlab | 1 Gitlab | 2018-09-18 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit. | |||||
| CVE-2017-18343 | 1 Sensiolabs | 1 Symfony | 2018-09-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a vulnerability because the debug tools are not intended for production use. NOTE: the Symfony Debug component is used by Laravel Debugbar. | |||||
| CVE-2018-1529 | 1 Ibm | 2 Rational Doors Next Generation, Rational Requirements Composer | 2018-09-18 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational DOORS Next Generation 5.0 through 5.0.2, 6.0 through 6.0.5 and IBM Rational Requirements Composer 5.0 through 5.0.2 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142291. | |||||
| CVE-2018-14415 | 1 Icmsdev | 1 Icms | 2018-09-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in idreamsoft iCMS before 7.0.10. XSS exists via the fourth and fifth input elements on the admincp.php?app=prop&do=add screen. | |||||
| CVE-2018-14422 | 1 Sanscms | 1 Sanscms | 2018-09-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| blog/index.php in SansCMS 0.7 has XSS via the q parameter. | |||||
| CVE-2018-14380 | 1 Graylog | 1 Graylog | 2018-09-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Graylog before 2.4.6, XSS was possible in typeahead components, related to components/common/TypeAheadInput.jsx and components/search/QueryInput.ts. | |||||
| CVE-2018-12429 | 1 Jeesns | 1 Jeesns | 2018-09-14 | 3.5 LOW | 5.4 MEDIUM |
| JEESNS through 1.2.1 allows XSS attacks by ordinary users who publish articles containing a crafted payload in order to capture an administrator cookie. | |||||
| CVE-2018-14082 | 1 Freelancewebdesignerchennai | 1 Job Portal | 2018-09-14 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall JOB SITE (aka Job Portal) 3.0.1 has Cross-site Scripting (XSS) via the search bar. | |||||
| CVE-2018-14513 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2018-09-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[content] parameter to the index.php?m=feedback&f=index&v=contact URI. | |||||
| CVE-2018-14517 | 1 Seacms | 1 Seacms | 2018-09-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| SeaCMS 6.61 has two XSS issues in the admin_config.php file via certain form fields. | |||||
| CVE-2018-14419 | 1 Metinfo | 1 Metinfo | 2018-09-14 | 3.5 LOW | 4.8 MEDIUM |
| MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page. | |||||
| CVE-2018-14392 | 1 Mybb | 1 New Threads | 2018-09-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| The New Threads plugin before 1.2 for MyBB has XSS. | |||||
| CVE-2018-13832 | 1 Techotronic | 1 All In One Favicon | 2018-09-13 | 3.5 LOW | 4.8 MEDIUM |
| Multiple Persistent cross-site scripting (XSS) issues in the Techotronic all-in-one-favicon (aka All In One Favicon) plugin 4.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via Apple-Text, GIF-Text, ICO-Text, PNG-Text, or JPG-Text. | |||||
| CVE-2017-17541 | 1 Fortinet | 2 Fortianalyzer Firmware, Fortimanager Firmware | 2018-09-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature. | |||||
| CVE-2018-5229 | 1 Atlassian | 1 Universal Plugin Manager | 2018-09-12 | 3.5 LOW | 5.4 MEDIUM |
| The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names. | |||||
| CVE-2018-14388 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2018-09-12 | 3.5 LOW | 5.4 MEDIUM |
| joyplus-cms 1.6.0 has XSS via the manager/admin_ajax.php can_search_device array parameter. | |||||
| CVE-2018-14382 | 1 Instantcms | 1 Instantcms | 2018-09-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| InstantCMS 2.10.1 has /redirect?url= XSS. | |||||
| CVE-2018-13865 | 1 Idreamsoft | 1 Icms | 2018-09-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the callback parameter in a public/api.php uploadpic request, bypassing the iWAF protection mechanism. | |||||