Total
40805 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-8815 | 1 Alkacon | 1 Opencms | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote attackers to inject arbitrary web script or HTML via a malicious SVG image. | ||||
| CVE-2018-8805 | 1 Yxcms | 1 Yxcms | 2024-11-21 | N/A |
| Yxcms building system (compatible cell phone) v1.4.7 has XSS via the content parameter to protected\apps\default\view\default\extend_guestbook.php or protected\apps\default\view\mobile\extend_guestbook.php in an index.php?r=default/column/index&col=guestbook request. | ||||
| CVE-2018-8772 | 1 Coship | 2 Rt3052, Rt3052 Firmware | 2024-11-21 | N/A |
| Coship RT3052 4.0.0.48 devices allow XSS via a crafted SSID field on the "Wireless Setting - Basic" screen. | ||||
| CVE-2018-8767 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2024-11-21 | N/A |
| joyplus-cms 1.6.0 has XSS in manager/admin_ajax.php?action=save&tab={pre}vod_type via the t_name parameter. | ||||
| CVE-2018-8763 | 2 Debian, Ldap-account-manager | 2 Debian Linux, Ldap Account Manager | 2024-11-21 | N/A |
| Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=rename_form URI. | ||||
| CVE-2018-8738 | 1 Airties | 4 5444, 5444 Firmware, 5444tt and 1 more | 2024-11-21 | N/A |
| Airties 5444 1.0.0.18 and 5444TT 1.0.0.18 devices allow XSS. | ||||
| CVE-2018-8737 | 1 Bylancer | 1 Bookme | 2024-11-21 | N/A |
| Bookme Control Panel 2.0 Application is vulnerable to stored XSS within the Customers "Book Me" function. Within the Name and Note (aka custName and custNote) sections of the Customers screen, the application does not sanitize user-supplied input and renders injected JavaScript code to the user's browser. | ||||
| CVE-2018-8732 | 1 Wampserver | 1 Wampserver | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in WampServer 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the virtual_del parameter. | ||||
| CVE-2018-8729 | 1 Pojo | 1 Activity Log | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped. | ||||
| CVE-2018-8728 | 1 Kontena | 1 Kontena | 2024-11-21 | N/A |
| server/app/views/static/code.html in Kontena before 1.5.0 allows XSS in "kontena master login --remote" code display, as demonstrated by /code#code= in a URI. | ||||
| CVE-2018-8722 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | N/A |
| Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has multiple XSS issues that were fixed in build 92026. | ||||
| CVE-2018-8721 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-11-21 | N/A |
| Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has Stored XSS related to the index2.do?url=editAlertForm&tab=alert&alert=profile URI and the Edit Alert Profile screen | ||||
| CVE-2018-8720 | 1 Servicenow | 1 It Service Management | 2024-11-21 | N/A |
| ServiceNow ITSM 2016-06-02 has XSS via the First Name or Last Name field of My Profile (aka navpage.do), or the Search bar of My Portal (aka search_results.do). | ||||
| CVE-2018-8716 | 1 Wso2 | 1 Identity Server | 2024-11-21 | N/A |
| WSO2 Identity Server before 5.5.0 has XSS via the dashboard, allowing attacks by low-privileged attackers. | ||||
| CVE-2018-8652 | 1 Microsoft | 1 Windows Azure Pack Rollup | 2024-11-21 | N/A |
| A Cross-site Scripting (XSS) vulnerability exists when Windows Azure Pack does not properly sanitize user-provided input, aka "Windows Azure Pack Cross Site Scripting Vulnerability." This affects Windows Azure Pack Rollup 13.1. | ||||
| CVE-2018-8651 | 1 Microsoft | 1 Dynamics Nav | 2024-11-21 | N/A |
| A cross site scripting vulnerability exists when Microsoft Dynamics NAV does not properly sanitize a specially crafted web request to an affected Dynamics NAV server, aka "Microsoft Dynamics NAV Cross Site Scripting Vulnerability." This affects Microsoft Dynamics NAV. | ||||
| CVE-2018-8608 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | N/A |
| A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8605, CVE-2018-8606, CVE-2018-8607. | ||||
| CVE-2018-8607 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | N/A |
| A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8605, CVE-2018-8606, CVE-2018-8608. | ||||
| CVE-2018-8606 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | N/A |
| A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8605, CVE-2018-8607, CVE-2018-8608. | ||||
| CVE-2018-8605 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | N/A |
| A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8606, CVE-2018-8607, CVE-2018-8608. | ||||