Total
38498 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-6824 | 1 Cozy | 1 Cozy | 2024-11-21 | N/A |
| Cozy version 2 has XSS allowing remote attackers to obtain administrative access via JavaScript code in the url parameter to the /api/proxy URI, as demonstrated by an XMLHttpRequest call with an 'email:"[email protected]"' request, which can be followed by a password reset. | ||||
| CVE-2018-6811 | 1 Citrix | 2 Netscaler Application Delivery Controller Firmware, Netscaler Gateway Firmware | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Citrix NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to inject arbitrary web script or HTML via the Citrix NetScaler interface. | ||||
| CVE-2018-6796 | 1 Multilanguage Real Estate Mlm Script Project | 1 Multilanguage Real Estate Mlm Script | 2024-11-21 | N/A |
| PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Stored XSS via every profile input field. | ||||
| CVE-2018-6795 | 1 Naukri Clone Script Project | 1 Naukri Clone Script | 2024-11-21 | N/A |
| PHP Scripts Mall Naukri Clone Script 3.0.3 has Stored XSS via every profile input field. | ||||
| CVE-2018-6682 | 1 Mcafee | 1 True Key | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site. | ||||
| CVE-2018-6681 | 1 Mcafee | 1 Network Security Manager | 2024-11-21 | 5.4 Medium |
| Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface. | ||||
| CVE-2018-6659 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | N/A |
| Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows remote authenticated users to exploit an XSS issue via not sanitizing the user input. | ||||
| CVE-2018-6655 | 1 Doctor Search Script Project | 1 Doctor Search Script | 2024-11-21 | N/A |
| PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS via an arbitrary profile field. | ||||
| CVE-2018-6643 | 1 Infoblox | 1 Netmri | 2024-11-21 | N/A |
| Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the /api/docs/index.php query parameter. | ||||
| CVE-2018-6603 | 1 Promise | 1 Webpam Proe | 2024-11-21 | N/A |
| Promise Technology WebPam Pro-E devices allow remote attackers to conduct XSS, HTTP Response Splitting, and CRLF Injection attacks via JavaScript code in a PHPSESSID cookie. | ||||
| CVE-2018-6590 | 1 Broadcom | 1 Ca Api Developer Portal | 2024-11-21 | 6.1 Medium |
| CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability. | ||||
| CVE-2018-6588 | 1 Ca | 1 Api Developer Portal | 2024-11-21 | 6.1 Medium |
| CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer. | ||||
| CVE-2018-6587 | 1 Ca | 1 Api Developer Portal | 2024-11-21 | 6.1 Medium |
| CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable. | ||||
| CVE-2018-6586 | 1 Ca | 1 Api Developer Portal | 2024-11-21 | 6.1 Medium |
| CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored cross-site scripting vulnerability related to profile picture processing. | ||||
| CVE-2018-6561 | 1 Dojotoolkit | 1 Dojo | 2024-11-21 | N/A |
| dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element. | ||||
| CVE-2018-6550 | 1 Monstra | 1 Monstra | 2024-11-21 | N/A |
| Monstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php. | ||||
| CVE-2018-6545 | 1 Ipswitch | 1 Moveit | 2024-11-21 | N/A |
| Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability, as demonstrated by human.aspx. Attackers can leverage this vulnerability to send malicious messages to other users in order to steal session cookies and launch client-side attacks. | ||||
| CVE-2018-6529 | 1 Dlink | 6 Dir-860l, Dir-860l Firmware, Dir-865l and 3 more | 2024-11-21 | 6.1 Medium |
| XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi. | ||||
| CVE-2018-6528 | 1 Dlink | 6 Dir-860l, Dir-860l Firmware, Dir-865l and 3 more | 2024-11-21 | 6.1 Medium |
| XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi. | ||||
| CVE-2018-6527 | 1 Dlink | 6 Dir-860l, Dir-860l Firmware, Dir-865l and 3 more | 2024-11-21 | 6.1 Medium |
| XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi. | ||||