Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10665 | 1 Ilias | 1 Ilias | 2018-06-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to shib_logout.php and third-party demo files. | |||||
| CVE-2018-1502 | 1 Ibm | 1 Content Manager | 2018-06-06 | 3.5 LOW | 5.4 MEDIUM |
| IBM Content Manager Enterprise Edition Resource Manager 8.4.3 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141338. | |||||
| CVE-2018-1430 | 1 Ibm | 1 Api Connect | 2018-06-06 | 3.5 LOW | 5.4 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.8.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139226. | |||||
| CVE-2018-0711 | 1 Qnap | 1 Qts | 2018-06-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in QNAP QTS 4.3.3 build 20180126, QTS 4.3.4 build 20180315, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2018-10095 | 1 Dolibarr | 1 Dolibarr | 2018-06-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php. | |||||
| CVE-2018-5228 | 1 Atlassian | 2 Crucible, Fisheye | 2018-06-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The /browse/~raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the handling of response headers. | |||||
| CVE-2018-10430 | 1 Dilicms | 1 Dilicms | 2018-06-06 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. There is a Stored XSS Vulnerability in the fourth textbox of "System setting->site setting" of admin/index.php. | |||||
| CVE-2018-7465 | 1 Virtuemart | 1 Virtuemart | 2018-06-06 | 3.5 LOW | 5.4 MEDIUM |
| An XSS issue was discovered in VirtueMart before 3.2.14. All the textareas in the backend of the plugin can be closed by simply adding </textarea> to the value and saving the product/config. By editing back the product/config, the editor's browser will execute everything after the </textarea>, leading to a possible XSS. | |||||
| CVE-2018-10309 | 1 Responsive Cookie Consent Project | 1 Responsive Cookie Consent | 2018-06-06 | 3.5 LOW | 5.4 MEDIUM |
| The Responsive Cookie Consent plugin before 1.8 for WordPress mishandles number fields, leading to XSS. | |||||
| CVE-2018-10527 | 1 Easycms Project | 1 Easycms | 2018-06-05 | 3.5 LOW | 5.4 MEDIUM |
| EasyCMS 1.3 is prone to Stored XSS when posting an article; four fields are affected: title, keyword, abstract, and content, as demonstrated by the /admin/index/index.html#listarticle URI. | |||||
| CVE-2018-8149 | 1 Microsoft | 1 Sharepoint Server | 2018-06-05 | 3.5 LOW | 5.4 MEDIUM |
| An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8155, CVE-2018-8156, CVE-2018-8168. | |||||
| CVE-2018-8156 | 1 Microsoft | 2 Project Server, Sharepoint Server | 2018-06-05 | 3.5 LOW | 5.4 MEDIUM |
| An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint, Microsoft Project Server. This CVE ID is unique from CVE-2018-8149, CVE-2018-8155, CVE-2018-8168. | |||||
| CVE-2018-8155 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2018-06-05 | 3.5 LOW | 5.4 MEDIUM |
| An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8149, CVE-2018-8156, CVE-2018-8168. | |||||
| CVE-2018-8168 | 1 Microsoft | 1 Sharepoint Server | 2018-06-05 | 3.5 LOW | 5.4 MEDIUM |
| An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8149, CVE-2018-8155, CVE-2018-8156. | |||||
| CVE-2018-10259 | 1 Hrsale Project | 1 Hrsale | 2018-06-05 | 3.5 LOW | 5.4 MEDIUM |
| An Authenticated Stored XSS vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user. | |||||
| CVE-2018-10726 | 1 Datenstrom | 1 Yellow | 2018-06-05 | 3.5 LOW | 5.4 MEDIUM |
| ** DISPUTED ** A stored XSS vulnerability was found in Datenstrom Yellow 0.7.3 via an "Edit page" action. NOTE: the vendor disputes the relevance of this report because an installation accessible to untrusted users is supposed to have parserSafeMode=1 in system/config/config.ini to prevent XSS. | |||||
| CVE-2018-10365 | 1 Threads To Link Project | 1 Threads To Link | 2018-06-05 | 3.5 LOW | 5.4 MEDIUM |
| An XSS issue was discovered in the Threads to Link plugin 1.3 for MyBB. When editing a thread, the user is given the option to convert the thread to a link. The thread link input box is not properly sanitized. | |||||
| CVE-2018-10364 | 1 Bigtreecms | 1 Bigtree Cms | 2018-06-05 | 3.5 LOW | 5.4 MEDIUM |
| BigTree before 4.2.22 has XSS in the Users management page via the name or company field. | |||||
| CVE-2018-10294 | 1 Flexense | 1 Diskboss | 2018-06-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Flexense DiskBoss Enterprise v7.4.28 to v9.1.16 has XSS. | |||||
| CVE-2018-10568 | 1 Flexense | 1 Disksorter | 2018-06-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in Flexense DiskSorter Enterprise from v9.5.12 to v10.7. | |||||