CWE-79 CVEs and Security Vulnerabilities

Filtered by CWE-79

Search

Switch to Advanced Search (Beta)

Total 40728 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2018-13387	1 Atlassian	2 Jira, Jira Server	2024-11-21	N/A
The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter as the fix for CVE-2017-18039 was incomplete.
CVE-2018-13380	1 Fortinet	2 Fortios, Fortiproxy	2024-11-21	4.7 Medium
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters.
CVE-2018-13375	1 Fortinet	2 Fortianalyzer, Fortimanager	2024-11-21	N/A
An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in FortiAnalyzer and FortiManager (with FortiAnalyzer feature enabled).
CVE-2018-13360	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "filename" URL parameter.
CVE-2018-13359	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "modgroup" parameter.
CVE-2018-13357	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing Shared Folders via JavaScript in Shared Folders' names.
CVE-2018-13351	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form.
CVE-2018-13349	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
Cross-site scripting in the web application taskbar in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the user's username.
CVE-2018-13339	1 Angular Redactor Project	1 Angular Redactor	2024-11-21	N/A
Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035.
CVE-2018-13335	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared folders via their descriptions.
CVE-2018-13334	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "options[sysname]" parameter.
CVE-2018-13333	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames.
CVE-2018-13331	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing users by placing JavaScript in their usernames.
CVE-2018-13329	1 Terra-master	1 Terramaster Operating System	2024-11-21	N/A
Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "lines" URL parameter.
CVE-2018-13323	1 Buffalo	2 Ts5600d1206, Ts5600d1206 Firmware	2024-11-21	N/A
Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie.
CVE-2018-13317	1 Totolink	2 A3002ru, A3002ru Firmware	2024-11-21	N/A
Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to obtain the plaintext password for the admin user by making a GET request for password.htm.
CVE-2018-13312	1 Totolink	2 A3002ru, A3002ru Firmware	2024-11-21	N/A
Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "Input your notice URL" field.
CVE-2018-13310	1 Totolink	2 A3002ru, A3002ru Firmware	2024-11-21	N/A
Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's username.
CVE-2018-13309	1 Totolink	2 A3002ru, A3002ru Firmware	2024-11-21	N/A
Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password.
CVE-2018-13308	1 Totolink	2 A3002ru, A3002ru Firmware	2024-11-21	N/A
Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field.

« first previous Page 1893 of 2037. next last »