Total
40791 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-7274 | 1 Quarx Cms Project | 1 Quarx Cms | 2024-11-21 | 6.1 Medium |
| Yab Quarx through 2.4.3 is prone to multiple persistent cross-site scripting vulnerabilities: Blog (Title), FAQ (Question), Pages (Title), Widgets (Name), and Menus (Name). | ||||
| CVE-2018-7265 | 1 Shimmie2 Project | 1 Shimmie2 | 2024-11-21 | N/A |
| Shimmie 2 2.6.0 allows an attacker to upload a crafted SVG file that enables stored XSS. | ||||
| CVE-2018-7261 | 1 Radiantcms | 1 Radiant Cms | 2024-11-21 | N/A |
| There are multiple Persistent XSS vulnerabilities in Radiant CMS 1.1.4. They affect Personal Preferences (Name and Username) and Configuration (Site Title, Dev Site Domain, Page Parts, and Page Fields). | ||||
| CVE-2018-7260 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2018-7203 | 1 Lynxtechnology | 1 Twonky Server | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/set_all. | ||||
| CVE-2018-7202 | 1 Projectsend | 1 Projectsend | 2024-11-21 | N/A |
| An issue was discovered in ProjectSend before r1053. XSS exists in the "Name" field on the My Account page. | ||||
| CVE-2018-7198 | 1 Octobercms | 1 October | 2024-11-21 | N/A |
| October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page. | ||||
| CVE-2018-7197 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | N/A |
| An issue was discovered in Pluck through 4.7.4. A stored cross-site scripting (XSS) vulnerability allows remote unauthenticated users to inject arbitrary web script or HTML into admin/blog Reaction Comments via a crafted URL. | ||||
| CVE-2018-7196 | 1 Osticket | 1 Osticket | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "sort" parameter. | ||||
| CVE-2018-7193 | 1 Osticket | 1 Osticket | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "order" parameter. | ||||
| CVE-2018-7192 | 1 Osticket | 1 Osticket | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "message" parameter. | ||||
| CVE-2018-7188 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | N/A |
| An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php. | ||||
| CVE-2018-7117 | 1 Hp | 20 Integrated Lights-out 5 Firmware, Proliant Bl460c Gen10, Proliant Dl120 Gen10 and 17 more | 2024-11-21 | N/A |
| A remote Cross-Site Scripting in HPE iLO 5 Web User Interface vulnerability was identified in HPE Integrated Lights-Out 5 (iLO 5) for Gen10 ProLiant Servers earlier than version v1.40. | ||||
| CVE-2018-7090 | 1 Hp | 1 Xp 9000 Command View | 2024-11-21 | N/A |
| HPE XP P9000 Command View Advanced Edition Software (CVAE) has local and remote cross site scripting vulnerability in versions 7.0.0-00 to earlier than 8.60-00 of DevMgr, TSMgr and RepMgr. | ||||
| CVE-2018-7075 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A remote cross-site scripting (XSS) vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT version v7.3 (E0506). The vulnerability is fixed in Intelligent Management Center PLAT 7.3 E0605P04 or subsequent version. | ||||
| CVE-2018-7064 | 2 Arubanetworks, Siemens | 3 Aruba Instant, Scalance W1750d, Scalance W1750d Firmware | 2024-11-21 | N/A |
| A reflected cross-site scripting (XSS) vulnerability is present in an unauthenticated Aruba Instant web interface. An attacker could use this vulnerability to trick an IAP administrator into clicking a link which could then take administrative actions on the Instant cluster, or expose the session cookie for an administrative session. Workaround: Administrators should make sure they log out of the Aruba Instant UI when not actively managing the system, and should use caution clicking links from external sources while logged into the IAP administrative interface. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0 | ||||
| CVE-2018-7057 | 1 Steelcase | 2 Roomwizard, Roomwizard Firmware | 2024-11-21 | N/A |
| RoomWizard before 4.4.x allows XSS via the HelpAction.action pageName parameter. | ||||
| CVE-2018-7049 | 1 Wowza | 1 Streaming Engine | 2024-11-21 | N/A |
| An issue was discovered in Wowza Streaming Engine before 4.7.1. There is an XSS vulnerability in the HTTP providers (com.wowza.wms.http.HTTPProviderMediaList and com.wowza.wms.http.streammanager.HTTPStreamManager) causing script injection and/or reflection via a crafted HTTP request. | ||||
| CVE-2018-7035 | 1 Gleezcms | 1 Gleez Cms | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers (users) to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode in an Add Blog action. | ||||
| CVE-2018-6958 | 1 Vmware | 1 Vrealize Automation | 2024-11-21 | N/A |
| VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. Exploitation of this issue may lead to the compromise of the vRA user's workstation. | ||||