Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10326 | 1 Printeron | 1 Printeron | 2018-06-19 | 3.5 LOW | 5.4 MEDIUM |
| PrinterOn Enterprise 4.1.3 suffers from multiple authenticated stored XSS vulnerabilities via the (1) department field in the printer configuration, (2) description field in the print server configuration, and (3) username field for authentication to print as guest. | |||||
| CVE-2018-1147 | 1 Tenable | 1 Nessus | 2018-06-19 | 3.5 LOW | 5.4 MEDIUM |
| In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation. A remote authenticated attacker could create and upload a .nessus file, which may be viewed by an administrator allowing for the execution of arbitrary script code in a user's browser session. In other scenarios, XSS could also occur by altering variables from the Advanced Settings. | |||||
| CVE-2017-16860 | 1 Atlassian | 1 Application Links | 2018-06-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The invalidRedirectUrl template in Atlassian Application Links before version 5.2.7, from version 5.3.0 before version 5.3.4 and from version 5.4.0 before version 5.4.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the redirectUrl parameter link in the redirect warning message. | |||||
| CVE-2018-10810 | 1 Livezilla | 1 Livezilla | 2018-06-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| chat/mobile/index.php in LiveZilla Live Chat 7.0.9.5 and prior is affected by Cross-Site Scripting via the Accept-Language HTTP header. | |||||
| CVE-2018-11105 | 1 Wp-livechat | 1 Wp Live Chat Support | 2018-06-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is stored cross site scripting in the wp-live-chat-support plugin before 8.0.08 for WordPress via the "name" (aka wplc_name) and "email" (aka wplc_email) input fields to wp-json/wp_live_chat_support/v1/start_chat whenever a malicious attacker would initiate a new chat with an administrator. NOTE: this issue exists because of an incomplete fix for CVE-2018-9864. | |||||
| CVE-2018-10306 | 1 Ilias | 1 Ilias | 2018-06-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x through 5.3.x before 5.3.4 allow XSS via an invalid date. | |||||
| CVE-2017-7583 | 1 Ilias | 1 Ilias | 2018-06-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| ILIAS before 5.2.3 has XSS via SVG documents. | |||||
| CVE-2017-15538 | 1 Ilias | 1 Ilias | 2018-06-19 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php. | |||||
| CVE-2015-4665 | 1 Xceedium | 1 Xsuite | 2018-06-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ajax_cmd.php in Xceedium Xsuite 2.4.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the fileName parameter. | |||||
| CVE-2018-0581 | 1 Asus | 2 Rt-ac87u, Rt-ac87u Firmware | 2018-06-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in ASUS RT-AC87U Firmware version prior to 3.0.0.4.378.9383 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-10994 | 1 Signal | 1 Signal-desktop | 2018-06-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL. | |||||
| CVE-2018-11090 | 1 Mybiz | 1 Myprocurenet | 2018-06-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in MyBiz MyProcureNet 5.0.0. This vulnerability within "ProxyPage.aspx" allows an attacker to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site. | |||||
| CVE-2018-10307 | 1 Ilias | 1 Ilias | 2018-06-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| error.php in ILIAS 5.2.x through 5.3.x before 5.3.4 allows XSS via the text of a PDO exception. | |||||
| CVE-2018-11118 | 1 Ilias | 1 Ilias | 2018-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The RSS subsystem in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a URI to Services/Feeds/classes/class.ilExternalFeedItem.php. | |||||
| CVE-2018-11120 | 1 Ilias | 1 Ilias | 2018-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Services/COPage/classes/class.ilPCSourceCode.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS. | |||||
| CVE-2018-11117 | 1 Ilias | 1 Ilias | 2018-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Services/Feeds/classes/class.ilExternalFeedItem.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a link attribute. | |||||
| CVE-2018-0582 | 1 Asus | 2 Rt-ac68u, Rt-ac68u Firmware | 2018-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-0583 | 1 Asus | 2 Rt-ac1200hp, Rt-ac1200hp Firmware | 2018-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in ASUS RT-AC1200HP Firmware version prior to 3.0.0.4.380.4180 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-10580 | 1 Latest Posts On Profile Project | 1 Latest Posts On Profile | 2018-06-14 | 3.5 LOW | 5.4 MEDIUM |
| The "Latest Posts on Profile" plugin 1.1 for MyBB has XSS because there is an added section in a user profile that displays that user's most recent posts without sanitizing the tsubject (aka thread subject) field. | |||||
| CVE-2018-8900 | 1 Gemalto | 1 Sentinel Ldk Rte | 2018-06-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| The License Manager service of HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE 7.80 allows remote attackers to inject malicious web script in the logs page of Admin Control Center (ACC) for cross-site scripting (XSS) vulnerability. | |||||