Total
40736 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-18551 | 1 Serverscheck | 1 Monitoring Software | 2024-11-21 | N/A |
| ServersCheck Monitoring Software through 14.3.3 has Persistent and Reflected XSS via the sensors.html status parameter, sensors.html type parameter, sensors.html device parameter, report.html location parameter, group_delete.html group parameter, report_save.html query parameter, sensors.html location parameter, or group_delete.html group parameter. | ||||
| CVE-2018-18548 | 1 Ajenti | 1 Ajenticp | 2024-11-21 | N/A |
| ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager. | ||||
| CVE-2018-18547 | 1 Vestacp | 1 Control Panel | 2024-11-21 | N/A |
| Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dir_a parameter, or the filename to the list/directory/ URI. | ||||
| CVE-2018-18545 | 1 Fiyo | 1 Fiyo Cms | 2024-11-21 | 6.1 Medium |
| Fiyo CMS 2.0.7 has XSS via the dapur\apps\app_user\edit_user.php name parameter. | ||||
| CVE-2018-18540 | 1 Teakki | 1 Teakki | 2024-11-21 | N/A |
| TeaKKi 2.7 allows XSS via a crafted onerror attribute for a picture's URL. | ||||
| CVE-2018-18524 | 1 Evernote | 1 Evernote | 2024-11-21 | N/A |
| Evernote 6.15 on Windows has an incorrectly repaired stored XSS vulnerability. An attacker can use this XSS issue to inject Node.js code under Present mode. After a victim opens an affected note under Present mode, the attacker can read the victim's files and achieve remote execution command on the victim's computer. | ||||
| CVE-2018-18517 | 1 Citrix | 1 Netscaler Gateway Firmware | 2024-11-21 | N/A |
| Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1.59.004, 12.0.x before 12.0.58.7, and 12.1.x before 12.1.49.1 has XSS. | ||||
| CVE-2018-18478 | 1 Librenms | 1 Librenms | 2024-11-21 | N/A |
| Persistent Cross-Site Scripting (XSS) issues in LibreNMS before 1.44 allow remote attackers to inject arbitrary web script or HTML via the dashboard_name parameter in the /ajax_form.php resource, related to html/includes/forms/add-dashboard.inc.php, html/includes/forms/delete-dashboard.inc.php, and html/includes/forms/edit-dashboard.inc.php. | ||||
| CVE-2018-18460 | 1 3cx | 1 Live Chat | 2024-11-21 | N/A |
| XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.php wplivechat-menu-gdpr-page request. | ||||
| CVE-2018-18437 | 1 Axiositalia | 1 Registro Elettronico | 2024-11-21 | N/A |
| In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0, secret/relogoff.aspx has XSS via the Error_Desc parameter. | ||||
| CVE-2018-18433 | 1 Destoon | 1 Destoon B2b | 2024-11-21 | N/A |
| An issue was discovered in DESTOON B2B 7.0. admin/category.inc.php has XSS via the category[catname] parameter to the admin.php URI. | ||||
| CVE-2018-18431 | 1 Destoon | 1 Destoon B2b | 2024-11-21 | N/A |
| An issue was discovered in DESTOON B2B 7.0. XSS exists via certain text boxes to the admin.php?moduleid=2&action=add URI. | ||||
| CVE-2018-18430 | 1 Destoon | 1 Destoon B2b | 2024-11-21 | N/A |
| An issue was discovered in DESTOON B2B 7.0. admin\setting.inc.php has XSS via the first text box to the admin.php URI. | ||||
| CVE-2018-18419 | 1 Ardawan | 1 User Management | 2024-11-21 | N/A |
| Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1, as demonstrated by a .jpg filename to the /account URI. | ||||
| CVE-2018-18417 | 1 Creativeitem | 1 Ekushey Project Manager | 2024-11-21 | N/A |
| In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI. | ||||
| CVE-2018-18416 | 1 Pokkho | 1 Lango | 2024-11-21 | N/A |
| LANGO Codeigniter Multilingual Script 1.0 has XSS in the input and upload sections, as demonstrated by the site_name parameter to the admin/settings/update URI. | ||||
| CVE-2018-18405 | 1 Jquery | 1 Jquery | 2024-11-21 | 6.1 Medium |
| jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry | ||||
| CVE-2018-18381 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | 5.4 Medium |
| Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments. | ||||
| CVE-2018-18379 | 1 Elementor | 1 Elementor Page Builder | 2024-11-21 | 6.1 Medium |
| The elementor-edit-template class in wp-admin/customize.php in the Elementor Pro plugin before 2.0.10 for WordPress has XSS. | ||||
| CVE-2018-18374 | 1 Metinfo | 1 Metinfo | 2024-11-21 | N/A |
| XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter. | ||||