Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17750 | 1 Bose | 1 Soundtouch | 2018-04-19 | 3.5 LOW | 5.4 MEDIUM |
| Bose SoundTouch devices allow XSS via a crafted public playlist from Spotify. | |||||
| CVE-2017-17749 | 1 Bose | 1 Soundtouch | 2018-04-19 | 3.5 LOW | 5.4 MEDIUM |
| Bose SoundTouch devices allow XSS via crafted song data from a music service, as demonstrated by Pandora. | |||||
| CVE-2015-7423 | 1 Ibm | 1 Infosphere Master Data Management | 2018-04-19 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Master Data Management (MDM) - Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 107771. | |||||
| CVE-2018-9140 | 1 Samsung | 1 Samsung Mobile | 2018-04-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| On Samsung mobile devices with M(6.0) software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747. | |||||
| CVE-2018-1201 | 1 Dell | 1 Emc Isilon | 2018-04-19 | 3.5 LOW | 4.8 MEDIUM |
| Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Job Operations Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. | |||||
| CVE-2018-1202 | 1 Dell | 1 Emc Isilon | 2018-04-19 | 3.5 LOW | 4.8 MEDIUM |
| Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the NDMP Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. | |||||
| CVE-2018-1187 | 1 Dell | 1 Emc Isilon | 2018-04-19 | 3.5 LOW | 4.8 MEDIUM |
| Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6 is affected by a cross-site scripting vulnerability in the Network Configuration page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. | |||||
| CVE-2018-1189 | 1 Dell | 1 Emc Isilon | 2018-04-19 | 3.5 LOW | 4.8 MEDIUM |
| Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Antivirus Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. | |||||
| CVE-2018-1188 | 1 Dell | 1 Emc Isilon | 2018-04-19 | 3.5 LOW | 4.8 MEDIUM |
| Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and versions 7.2.1.x is affected by a cross-site scripting vulnerability in the Authorization Providers page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. | |||||
| CVE-2018-1186 | 1 Dell | 1 Emc Isilon | 2018-04-19 | 3.5 LOW | 4.8 MEDIUM |
| Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Cluster description of the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website. | |||||
| CVE-2017-7632 | 1 Qnap | 1 Qts | 2018-04-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in File Station of QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2017-7631 | 1 Qnap | 1 Qts | 2018-04-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the share link function of File Station of QNAP 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2018-8973 | 1 Otcms | 1 Otcms | 2018-04-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| OTCMS 3.20 allows XSS by adding a keyword or link to an article, as demonstrated by an admin/keyWord_deal.php?mudi=add request. | |||||
| CVE-2018-8978 | 1 Open-audit | 1 Open-audit | 2018-04-18 | 3.5 LOW | 5.4 MEDIUM |
| Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an IMG element within a URI. | |||||
| CVE-2018-9130 | 1 Ibos | 1 Ibos | 2018-04-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBOS 4.4.3 has XSS via a company full name. | |||||
| CVE-2018-9020 | 1 Events Manager Project | 1 Events Manager | 2018-04-18 | 3.5 LOW | 5.4 MEDIUM |
| The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature. | |||||
| CVE-2015-9257 | 1 Bmc | 1 Remedy Action Request System | 2018-04-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| BMC Remedy Action Request (AR) System 9.0 before 9.0.00 Service Pack 2 hot fix 1 has persistent XSS. | |||||
| CVE-2018-8957 | 1 Covercms Project | 1 Covercms | 2018-04-17 | 3.5 LOW | 5.4 MEDIUM |
| CoverCMS v1.1.6 has XSS via the fourth input box to index.php, related to admina/mconfigs.inc.php. | |||||
| CVE-2018-8942 | 1 Xiuno Bbs Project | 1 Xiuno Bbs | 2018-04-17 | 3.5 LOW | 5.4 MEDIUM |
| Xiuno BBS 4.0.0 has XSS in the adminpage sitename parameter. | |||||
| CVE-2018-8903 | 1 Open-audit | 1 Open-audit | 2018-04-17 | 3.5 LOW | 5.4 MEDIUM |
| Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen. | |||||