Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10571 | 1 Open-emr | 1 Openemr | 2018-06-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple reflected cross-site scripting (XSS) vulnerabilities in OpenEMR before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) patient parameter to interface/main/finder/finder_navigation.php; (2) key parameter to interface/billing/get_claim_file.php; (3) formid or (4) formseq parameter to interface/orders/types.php; (5) eraname, (6) paydate, (7) post_to_date, (8) deposit_date, (9) debug, or (10) InsId parameter to interface/billing/sl_eob_process.php; (11) form_source, (12) form_paydate, (13) form_deposit_date, (14) form_amount, (15) form_name, (16) form_pid, (17) form_encounter, (18) form_date, or (19) form_to_date parameter to interface/billing/sl_eob_search.php; (20) codetype or (21) search_term parameter to interface/de_identification_forms/find_code_popup.php; (22) search_term parameter to interface/de_identification_forms/find_drug_popup.php; (23) search_term parameter to interface/de_identification_forms/find_immunization_popup.php; (24) id parameter to interface/forms/CAMOS/view.php; (25) id parameter to interface/forms/reviewofs/view.php; or (26) list_id parameter to library/custom_template/personalize.php. | |||||
| CVE-2018-0578 | 1 Pixelyoursite | 1 Pixelyoursite | 2018-06-13 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in PixelYourSite plugin prior to version 5.3.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-6362 | 1 Ehcp | 1 Easy Hosting Control Panel | 2018-06-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the domainop action parameter, as demonstrated by reading the PHPSESSID cookie. | |||||
| CVE-2018-6361 | 1 Ehcp | 1 Easy Hosting Control Panel | 2018-06-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the op parameter, as demonstrated by adding a backdoor FTP account. | |||||
| CVE-2018-10817 | 1 Severalnines | 1 Clustercontrol | 2018-06-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Severalnines ClusterControl before 1.6.0-4699 allows XSS. | |||||
| CVE-2018-1000177 | 1 Jenkins | 1 S3 Publisher | 2018-06-13 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control file names of uploaded files to define file names containing JavaScript that would be executed in another user's browser when that user performs some UI actions. | |||||
| CVE-2017-8896 | 1 Owncloud | 1 Owncloud | 2018-06-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2 are vulnerable to XSS on error pages by injecting code in url parameters. | |||||
| CVE-2018-10371 | 1 Wunderfarm | 1 Wf Cookie Consent | 2018-06-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the wunderfarm WF Cookie Consent plugin 1.1.3 for WordPress. A persistent cross-site scripting vulnerability has been identified in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in a victim's web browser via a page title. | |||||
| CVE-2011-3984 | 1 Kent-web | 1 Web Forum | 2018-06-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to "web form entries." | |||||
| CVE-2011-3383 | 1 Kent-web | 1 Web Forum | 2018-06-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to "the web page to be output." | |||||
| CVE-2011-4172 | 1 Kent-web | 1 Web Forum | 2018-06-13 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in KENT-WEB WEB FORUM before 5.1 allow remote attackers to inject arbitrary web script or HTML via (1) an e-mail address field or (2) a cookie, a related issue to CVE-2011-3383, CVE-2011-3983, and CVE-2011-3984. | |||||
| CVE-2018-5303 | 1 Impinj | 2 R420 Rfid Reader, R420 Rfid Reader Firmware | 2018-06-13 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The license key parameter of the web application is vulnerable to Cross Site Scripting; this vulnerability allows an attacker to send malicious code to another user. | |||||
| CVE-2018-9111 | 1 Foxconn | 2 Ap-fc4064-t, Ap-fc4064-t Firmware | 2018-06-13 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists on the Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE Build 15 via the configuration of a user account. An attacker can execute arbitrary script on an unsuspecting user's browser. | |||||
| CVE-2018-10314 | 1 Opmantek | 1 Open-audit | 2018-06-13 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scripts -> Download section. | |||||
| CVE-2018-10310 | 1 Catapultthemes | 1 Cookie Consent | 2018-06-13 | 3.5 LOW | 5.4 MEDIUM |
| A persistent cross-site scripting vulnerability has been identified in the web interface of the Catapult UK Cookie Consent plugin before 2.3.10 for WordPress that allows the execution of arbitrary HTML/script code in the context of a victim's browser. | |||||
| CVE-2018-10686 | 1 Vestacp | 1 Control Panel | 2018-06-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $_REQUEST['path'] to the view/file/index.php URI, which can lead to remote PHP code execution via vectors involving a file_put_contents call in web/upload/UploadHandler.php. | |||||
| CVE-2018-10165 | 1 Tp-link | 1 Eap Controller | 2018-06-12 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the userName parameter in the local user creation functionality. This is fixed in version 2.6.1_Windows. | |||||
| CVE-2018-10164 | 1 Tp-link | 1 Eap Controller | 2018-06-12 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the implementation of portalPictureUpload functionality. This is fixed in version 2.6.1_Windows. | |||||
| CVE-2018-1000172 | 1 Imagely | 1 Nextgen Gallery | 2018-06-07 | 3.5 LOW | 4.8 MEDIUM |
| Imagely NextGEN Gallery version 2.2.30 and earlier contains a Cross Site Scripting (XSS) vulnerability in Image Alt & Title Text. This attack appears to be exploitable via a victim viewing the image in the administrator page. This vulnerability appears to have been fixed in 2.2.45. | |||||
| CVE-2018-10570 | 1 Frogcms Project | 1 Frogcms | 2018-06-07 | 3.5 LOW | 4.8 MEDIUM |
| Frog CMS 0.9.5 has XSS in /install/index.php via the ['config']['admin_username'] field. | |||||