Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11715 | 1 Recent Threads Project | 1 Recent Threads | 2018-07-18 | 3.5 LOW | 5.4 MEDIUM |
| The Recent Threads plugin before 1.1 for MyBB allows XSS via a thread subject. | |||||
| CVE-2018-1000202 | 1 Jenkins | 1 Groovy Postbuild | 2018-07-18 | 3.5 LOW | 5.4 MEDIUM |
| A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and older in various Jelly files that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions. | |||||
| CVE-2018-7747 | 1 Calderalabs | 1 Caldera Forms | 2018-07-17 | 3.5 LOW | 4.8 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a greeting message, (2) the email transaction log, or (3) an imported form. | |||||
| CVE-2018-11709 | 1 Gvectors | 1 Wpforo Forum | 2018-07-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI. | |||||
| CVE-2012-6662 | 2 Jqueryui, Redhat | 5 Jquery Ui, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 2 more | 2018-07-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo. | |||||
| CVE-2018-11568 | 1 Cactusthemes | 1 Gameplan-event And Gym Fitness | 2018-07-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS is possible in the GamePlan theme through 1.5.13.2 for WordPress because of insufficient input sanitization, as demonstrated by the s parameter. In some (but not all) cases, the '<' and '>' characters have < and > representations. | |||||
| CVE-2017-7636 | 1 Qnap | 1 Nas Proxy Server | 2018-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2018-12047 | 1 Ximdex | 1 Ximdex | 2018-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| xfind/search in Ximdex 4.0 has XSS via the filter[n][value] parameters for non-negative values of n, as demonstrated by n equal to 0 through 12. | |||||
| CVE-2018-9177 | 1 Lynxtechnology | 1 Twonky Server | 2018-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Twonky Server before 8.5.1 has XSS via a folder name on the Shared Folders screen. | |||||
| CVE-2018-12043 | 1 Getsymphony | 1 Symphony | 2018-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the pages content page. | |||||
| CVE-2013-0595 | 1 Ibm | 2 Lotus Domino, Lotus Inotes | 2018-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3. | |||||
| CVE-2016-6615 | 1 Phpmyadmin | 1 Phpmyadmin | 2018-07-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature (a specially-crafted database name can be used to trigger an XSS attack); the "Tracking" feature (a specially-crafted query can be used to trigger an XSS attack); and GIS visualization feature. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected. | |||||
| CVE-2018-11564 | 1 Pagekit | 1 Pagekit | 2018-07-05 | 3.5 LOW | 4.8 MEDIUM |
| Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG format. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/poc.svg" that will point to http://localhost/pagekit/storage/poc.svg. When a user comes along to click that link, it will trigger a XSS attack. | |||||
| CVE-2018-7976 | 1 Huawei | 1 Espace Desktop | 2018-07-05 | 3.5 LOW | 5.4 MEDIUM |
| There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS attack. A successful exploit could cause the eSpace Desktop to hang up, and the function will restore to normal after restarting the eSpace Desktop. | |||||
| CVE-2018-11580 | 1 Multidots | 1 Mass Pages\/posts Creator | 2018-07-05 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in mass-pages-posts-creator.php in the MULTIDOTS Mass Pages/Posts Creator plugin 1.2.2 for WordPress. Any logged in user can launch Mass Pages/Posts creation with custom content. There is no nonce or user capability check, so anyone can launch a DoS attack against a site and create hundreds of thousands of posts with custom content. | |||||
| CVE-2018-11628 | 1 Emssoftware | 1 Ems Master Calendar | 2018-07-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Data input into EMS Master Calendar before 8.0.0.201805210 via URL parameters is not properly sanitized, allowing malicious attackers to send a crafted URL for XSS. | |||||
| CVE-2018-11522 | 1 Yosoro Project | 1 Yosoro | 2018-07-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Yosoro 1.0.4 has stored XSS. | |||||
| CVE-2018-11552 | 1 Nch | 1 Axon Pbx | 2018-07-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON->Auto-Dialer->Agents->Name" field. The vulnerability exists due to insufficient filtration of user-supplied data. A remote attacker can execute arbitrary HTML and script code in a browser in the context of the vulnerable application. | |||||
| CVE-2018-11486 | 1 Multidots | 1 Advance Search For Woocommerce | 2018-07-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting (XSS) vulnerability. A non-authenticated user can save the plugin settings and inject malicious JavaScript code in the Custom CSS textarea field, which will be loaded on every site page. | |||||
| CVE-2018-11485 | 1 Multidots | 1 Woocommerce Quick Reports | 2018-07-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress is vulnerable to Stored XSS. It allows an attacker to inject malicious JavaScript code on the WooCommerce -> Orders admin page. The attack is possible by modifying the "referral_site" cookie to have an XSS payload, and placing an order. | |||||