Total
40723 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-10568 | 1 Flexense | 1 Disksorter | 2024-11-21 | N/A |
| XSS exists in Flexense DiskSorter Enterprise from v9.5.12 to v10.7. | ||||
| CVE-2018-10567 | 1 Flexense | 1 Vx Search | 2024-11-21 | N/A |
| XSS exists in Flexense VX Search Enterprise from v10.1.12 to v10.7. | ||||
| CVE-2018-10566 | 1 Flexense | 1 Dupscout | 2024-11-21 | N/A |
| XSS exists in Flexense DupScout Enterprise from v10.0.18 to v10.7. | ||||
| CVE-2018-10565 | 1 Flexense | 1 Disksavvy | 2024-11-21 | N/A |
| XSS exists in Flexense DiskSavvy Enterprise from v10.4 to v10.7. | ||||
| CVE-2018-10564 | 1 Flexense | 1 Diskpulse | 2024-11-21 | N/A |
| XSS exists in Flexense DiskPulse Enterprise from v10.4 to v10.7. | ||||
| CVE-2018-10563 | 1 Flexense | 1 Syncbreeze | 2024-11-21 | N/A |
| An XSS in Flexense SyncBreeze affects all versions (tested from SyncBreeze Enterprise from v10.1 to v10.7). | ||||
| CVE-2018-10554 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | N/A |
| An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; (2) includes/components/xicore/downtime.php, related to the update_pages function; (3) the ajaxhelper.php opts or background parameter; (4) the i[] array parameter to ajax_handler.php; or (5) the deploynotification.php title parameter. | ||||
| CVE-2018-10547 | 5 Canonical, Debian, Netapp and 2 more | 6 Ubuntu Linux, Debian Linux, Storage Automation Store and 3 more | 2024-11-21 | N/A |
| An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712. | ||||
| CVE-2018-10527 | 1 Easycms Project | 1 Easycms | 2024-11-21 | N/A |
| EasyCMS 1.3 is prone to Stored XSS when posting an article; four fields are affected: title, keyword, abstract, and content, as demonstrated by the /admin/index/index.html#listarticle URI. | ||||
| CVE-2018-10430 | 1 Dilicms | 1 Dilicms | 2024-11-21 | N/A |
| An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. There is a Stored XSS Vulnerability in the fourth textbox of "System setting->site setting" of admin/index.php. | ||||
| CVE-2018-10428 | 1 Ilias | 1 Ilias | 2024-11-21 | N/A |
| ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting. | ||||
| CVE-2018-10422 | 1 Hongcms Project | 1 Hongcms | 2024-11-21 | N/A |
| An issue was discovered in HongCMS 3.0.0. The post news feature has Stored XSS via the content field. | ||||
| CVE-2018-10383 | 1 Lantronix | 2 Securelinx Spider, Securelinx Spider Firmware | 2024-11-21 | N/A |
| Lantronix SecureLinx Spider (SLS) 2.2+ devices have XSS in the auth.asp login page. | ||||
| CVE-2018-10382 | 1 Modx | 1 Modx Revolution | 2024-11-21 | N/A |
| MODX Revolution 2.6.3 has XSS. | ||||
| CVE-2018-10379 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. The Move Issue feature contained a persistent XSS vulnerability. | ||||
| CVE-2018-10374 | 1 Easycms | 1 Easycms | 2024-11-21 | N/A |
| EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value) in an index.php?s=/index/search/index.html request. | ||||
| CVE-2018-10371 | 1 Wunderfarm | 1 Wf Cookie Consent | 2024-11-21 | N/A |
| An issue was discovered in the wunderfarm WF Cookie Consent plugin 1.1.3 for WordPress. A persistent cross-site scripting vulnerability has been identified in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in a victim's web browser via a page title. | ||||
| CVE-2018-10369 | 1 Intelbras | 2 Win 240, Win 240 Firmware | 2024-11-21 | N/A |
| A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An attacker can change the Admin Password without a Login. | ||||
| CVE-2018-10366 | 1 User Project | 1 User | 2024-11-21 | N/A |
| An issue was discovered in the Users (aka Front-end user management) plugin 1.4.5 for October CMS. XSS exists in the name field. | ||||
| CVE-2018-10365 | 1 Threads To Link Project | 1 Threads To Link | 2024-11-21 | N/A |
| An XSS issue was discovered in the Threads to Link plugin 1.3 for MyBB. When editing a thread, the user is given the option to convert the thread to a link. The thread link input box is not properly sanitized. | ||||