Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12431 | 1 Seacms | 1 Seacms | 2018-08-02 | 3.5 LOW | 4.8 MEDIUM |
| SeaCMS V6.61 has XSS via the site name parameter on an adm1n/admin_config.php page (aka a system management page). | |||||
| CVE-2018-12432 | 1 Javamelody Project | 1 Javamelody | 2018-08-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| JavaMelody through 1.60.0 has XSS via the counter parameter in a clear_counter action to the /monitoring URI. | |||||
| CVE-2018-5143 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-08-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| URLs using "javascript:" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks, but if a tab character is embedded in the "javascript:" URL the protocol is not removed and the script will execute. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Firefox < 59. | |||||
| CVE-2018-12501 | 1 Nagios | 1 Fusion | 2018-08-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335. | |||||
| CVE-2018-12339 | 1 Articlecms Project | 1 Articlecms | 2018-08-02 | 3.5 LOW | 5.4 MEDIUM |
| ArticleCMS through 2017-02-19 has XSS via an "add an article" action. | |||||
| CVE-2018-12273 | 1 Ximdex | 1 Ximdex | 2018-08-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| The /edit URI in the DMS component in Ximdex 4.0 has XSS via the Ciudad or Nombre parameter. | |||||
| CVE-2018-12272 | 1 Ximdex | 1 Ximdex | 2018-08-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| xowl/request.php in Ximdex 4.0 has XSS via the content parameter. | |||||
| CVE-2018-5521 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2018-08-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| On F5 BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, carefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to XSS. | |||||
| CVE-2018-12094 | 1 Dimofinf | 1 Dimofinf Cms | 2018-08-01 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in news.php in Dimofinf CMS Version 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2018-12095 | 1 Oecms Project | 1 Oecms | 2018-08-01 | 3.5 LOW | 5.4 MEDIUM |
| A Reflected Cross-Site Scripting web vulnerability has been discovered in the OEcms v3.1 web-application. The vulnerability is located in the mod parameter of info.php. | |||||
| CVE-2016-9903 | 1 Mozilla | 1 Firefox | 2018-08-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting content and script into an add-on's context. This vulnerability affects Firefox < 50.1. | |||||
| CVE-2018-12030 | 1 Chevereto | 1 Chevereto | 2018-08-01 | 3.5 LOW | 5.4 MEDIUM |
| Chevereto Free before 1.0.13 has XSS. | |||||
| CVE-2018-11553 | 1 Sgin | 1 Xiangyun Platform | 2018-07-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| SGIN.CN xiangyun platform V9.4.10 has XSS via the login_url parameter to /login.php. | |||||
| CVE-2017-18286 | 1 Nzedb | 1 Nzedb | 2018-07-31 | 3.5 LOW | 5.4 MEDIUM |
| nZEDb v0.7.3.3 has XSS in the 404 error page. | |||||
| CVE-2018-9182 | 1 Lynxtechnology | 1 Twonky Server | 2018-07-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Twonky Server before 8.5.1 has XSS via a modified "language" parameter in the Language section. | |||||
| CVE-2018-12111 | 1 Canon | 1 Efi Printme | 2018-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Canon PrintMe EFI webinterface allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /wt3/mydocs.php URI. | |||||
| CVE-2010-0432 | 1 Apache | 1 Ofbiz | 2018-07-30 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus. | |||||
| CVE-2018-12266 | 1 Hongcms Project | 1 Hongcms | 2018-07-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| system\errors\404.php in HongCMS 3.0.0 has XSS via crafted input that triggers a 404 HTTP status code. | |||||
| CVE-2018-12353 | 1 Knowage-suite | 1 Knowage | 2018-07-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name field to the "Business Model's Catalogue" catalogue. | |||||
| CVE-2018-11735 | 1 Ximdex | 1 Ximdex | 2018-07-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or fname parameter. | |||||