Total
40733 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-15896 | 1 Website Seller Script Project | 1 Website Seller Script | 2024-11-21 | N/A |
| PHP Scripts Mall Website Seller Script 2.0.5 has XSS via Personal Address or Company Name. | ||||
| CVE-2018-15891 | 2 Freepbx, Sangoma | 2 Freepbx, Freepbx | 2024-11-21 | N/A |
| An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, and 5.0.1beta4. By crafting a request for adding Asterisk modules, an attacker is able to store JavaScript commands in a module name. | ||||
| CVE-2018-15884 | 1 Ricoh | 2 Mp C4504ex, Mp C4504ex Firmware | 2024-11-21 | N/A |
| RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter. | ||||
| CVE-2018-15880 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| An issue was discovered in Joomla! before 3.8.12. Inadequate output filtering on the user profile page could lead to a stored XSS attack. | ||||
| CVE-2018-15875 | 1 Dlink | 2 Dir-615, Dir-615 Firmware | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request. | ||||
| CVE-2018-15874 | 1 Dlink | 2 Dir-615, Dir-615 Firmware | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request. | ||||
| CVE-2018-15847 | 1 Puppycms | 1 Puppycms | 2024-11-21 | N/A |
| An issue was discovered in puppyCMS 5.1. There is an XSS vulnerability via menu.php in the "Add Page/URL" URL link field. | ||||
| CVE-2018-15843 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | N/A |
| GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field. | ||||
| CVE-2018-15842 | 1 Wolfcms | 1 Wolf Cms | 2024-11-21 | N/A |
| WolfCMS 0.8.3.1 has XSS via the /?/admin/page/add slug parameter. | ||||
| CVE-2018-15820 | 1 Easyio | 2 Easyio 30p, Easyio 30p Firmware | 2024-11-21 | 6.1 Medium |
| EasyIO EasyIO-30P devices before 2.0.5.27 allow XSS via the dev.htm GDN parameter. | ||||
| CVE-2018-15740 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | 6.1 Medium |
| Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen. | ||||
| CVE-2018-15714 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | N/A |
| Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters. | ||||
| CVE-2018-15713 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | N/A |
| Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php. | ||||
| CVE-2018-15712 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | N/A |
| Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php. | ||||
| CVE-2018-15707 | 1 Advantech | 1 Webaccess | 2024-11-21 | N/A |
| Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things. | ||||
| CVE-2018-15703 | 1 Advantech | 1 Webaccess | 2024-11-21 | N/A |
| Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser. | ||||
| CVE-2018-15699 | 1 Asustor | 1 Data Master | 2024-11-21 | N/A |
| ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version field. | ||||
| CVE-2018-15679 | 1 Btiteam | 1 Xbtit | 2024-11-21 | N/A |
| An issue was discovered in BTITeam XBTIT 2.5.4. The "keywords" parameter in the search function available at /index.php?page=forums&action=search is vulnerable to reflected cross-site scripting. | ||||
| CVE-2018-15678 | 1 Btiteam | 1 Xbtit | 2024-11-21 | N/A |
| An issue was discovered in BTITeam XBTIT 2.5.4. The "act" parameter in the sign-up page available at /index.php?page=signup is vulnerable to reflected cross-site scripting. | ||||
| CVE-2018-15677 | 1 Btiteam | 1 Xbtit | 2024-11-21 | N/A |
| The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has stored XSS via the title of a news item. This is also exploitable via CSRF. | ||||