Total
40736 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-1999005 | 2 Jenkins, Oracle | 2 Jenkins, Communications Cloud Native Core Automated Test Suite | 2024-11-21 | 5.4 Medium |
| A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in BuildTimelineWidget.java, BuildTimelineWidget/control.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other user performs some UI actions. | ||||
| CVE-2018-18997 | 1 Abb | 4 Gate-e1, Gate-e1 Firmware, Gate-e2 and 1 more | 2024-11-21 | N/A |
| Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthenticated attacker using the administrative web interface to insert an HTML/Javascript payload into any of the device properties, which may allow an attacker to display/execute the payload in a visitor browser. | ||||
| CVE-2018-18991 | 1 Spidercontrol | 1 Scada Webserver | 2024-11-21 | N/A |
| Reflected cross-site scripting (non-persistent) in SCADA WebServer (Versions prior to 2.03.0001) could allow an attacker to send a crafted URL that contains JavaScript, which can be reflected off the web application to the victim's browser. | ||||
| CVE-2018-18985 | 1 Tridium | 3 Niagara, Niagara Ax Framework, Niagara Enterprise Security | 2024-11-21 | N/A |
| Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages affecting confidentiality. | ||||
| CVE-2018-18952 | 1 Jeecms | 1 Jeecms | 2024-11-21 | N/A |
| JEECMS 9.3 has XSS via an index.do#/content/update?type=update URI. | ||||
| CVE-2018-18943 | 1 Basercms | 1 Basercms | 2024-11-21 | N/A |
| An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the data[UploaderCategory][name] parameter to an admin/uploader/uploader_categories/edit URI. | ||||
| CVE-2018-18940 | 1 Netscape | 1 Enterprise Server | 2024-11-21 | N/A |
| servlet/SnoopServlet (a servlet installed by default) in Netscape Enterprise 3.63 has reflected XSS via an arbitrary parameter=[XSS] in the query string. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. NOTE: this product is discontinued. | ||||
| CVE-2018-18939 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2024-11-21 | N/A |
| An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via a seventh input field. | ||||
| CVE-2018-18927 | 1 Publiccms | 1 Publiccms | 2024-11-21 | N/A |
| An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list "attached" attribute (which typically has 'class="icon-globe icon-large"' in its value), as demonstrated by an 'UPDATE sys_module SET attached = "[XSS]" WHERE id="page_list"' statement. | ||||
| CVE-2018-18919 | 1 Iiong | 1 Wp Editor.md | 2024-11-21 | N/A |
| The WP Editor.md plugin 10.0.1 for WordPress allows XSS via the comment area. | ||||
| CVE-2018-18909 | 1 Xheditor | 1 Xheditor | 2024-11-21 | N/A |
| xhEditor 1.2.2 allows XSS via JavaScript code in the SRC attribute of an IFRAME element within the editor's source-code view. | ||||
| CVE-2018-18886 | 1 Helpy.io | 1 Helpy | 2024-11-21 | 6.1 Medium |
| Helpy v2.1.0 has Stored XSS via the Ticket title. | ||||
| CVE-2018-18882 | 1 Controlbyweb | 2 X-320m-i, X-320m-i Firmware | 2024-11-21 | N/A |
| A stored cross-site scripting (XSS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can inject arbitrary script via setup.html in the web interface. | ||||
| CVE-2018-18880 | 1 Columbiaweather | 2 Weather Microserver, Weather Microserver Firmware | 2024-11-21 | N/A |
| In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a networkdiags.php reflected Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script. | ||||
| CVE-2018-18875 | 1 Columbiaweather | 2 Weather Microserver, Weather Microserver Firmware | 2024-11-21 | N/A |
| In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a stored Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script via changestationname.php. | ||||
| CVE-2018-18872 | 1 Kieranoshea | 1 Calendar | 2024-11-21 | N/A |
| The Kieran O'Shea Calendar plugin before 1.3.11 for WordPress has Stored XSS via the event_title parameter in a wp-admin/admin.php?page=calendar add action, or the category name during category creation at the wp-admin/admin.php?page=calendar-categories URI. | ||||
| CVE-2018-18868 | 1 No-cms Project | 1 No-cms | 2024-11-21 | N/A |
| No-CMS 1.1.3 is prone to Persistent XSS via a contact_us name parameter, as demonstrated by the VG48Z5PqVWname parameter. | ||||
| CVE-2018-18864 | 1 Loadbalancer | 1 Enterprise Va Max | 2024-11-21 | N/A |
| Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed. | ||||
| CVE-2018-18845 | 1 Advanced Comment System Project | 1 Advanced Comment System | 2024-11-21 | N/A |
| internal/advanced_comment_system/index.php and internal/advanced_comment_system/admin.php in Advanced Comment System, version 1.0, contain a reflected cross-site scripting vulnerability via ACS_path. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The product is discontinued. | ||||
| CVE-2018-18841 | 1 Sem-cms | 1 Semcms | 2024-11-21 | N/A |
| XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexkey parameter. | ||||