Total
38068 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-12299 | 1 Seagate | 1 Nas Os | 2024-11-21 | N/A |
| Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via uploaded file names. | ||||
| CVE-2018-12297 | 1 Seagate | 1 Nas Os | 2024-11-21 | N/A |
| Cross-site scripting in API error pages in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via URL path names. | ||||
| CVE-2018-12290 | 1 Yii2-statemachine | 1 Yii2-statemachine | 2024-11-21 | N/A |
| The Yii2-StateMachine extension v2.x.x for Yii2 has XSS. | ||||
| CVE-2018-12273 | 1 Ximdex | 1 Ximdex | 2024-11-21 | N/A |
| The /edit URI in the DMS component in Ximdex 4.0 has XSS via the Ciudad or Nombre parameter. | ||||
| CVE-2018-12272 | 1 Ximdex | 1 Ximdex | 2024-11-21 | N/A |
| xowl/request.php in Ximdex 4.0 has XSS via the content parameter. | ||||
| CVE-2018-12266 | 1 Hongcms Project | 1 Hongcms | 2024-11-21 | N/A |
| system\errors\404.php in HongCMS 3.0.0 has XSS via crafted input that triggers a 404 HTTP status code. | ||||
| CVE-2018-12255 | 1 Invoiceplane | 1 Invoiceplane | 2024-11-21 | N/A |
| An XSS issue was discovered in InvoicePlane 1.5.10 via the "Quote PDF Password(Optional)" field. | ||||
| CVE-2018-12246 | 1 Symantec | 1 Web Isolation | 2024-11-21 | N/A |
| Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker can target end users protected by WI with social engineering attacks using crafted URLs for legitimate web sites. A successful attack allows injecting malicious JavaScript code into the website's rendered copy running inside the end user's web browser. It does not allow injecting code into the real (isolated) copy of the website running on the WI Threat Isolation Engine. | ||||
| CVE-2018-12241 | 1 Symantec | 1 Security Analytics | 2024-11-21 | N/A |
| The Symantec Security Analytics (SA) 7.x prior to 7.3.4 Web UI is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker with knowledge of the SA web UI hostname or IP address can craft a malicious URL for the SA web UI and target SA web UI users with phishing attacks or other social engineering techniques. A successful attack allows injecting malicious JavaScript code into the SA web UI client application. | ||||
| CVE-2018-12234 | 1 Myadrenalin | 1 Adrenalin | 2024-11-21 | N/A |
| A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4.0 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the flexiportal/GeneralInfo.aspx strAction parameter. | ||||
| CVE-2018-12229 | 1 Sfu | 1 Open Journal System | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Public Knowledge Project (PKP) Open Journal System (OJS) 3.0.0 to 3.1.1-1 allows remote attackers to inject arbitrary web script or HTML via the templates/frontend/pages/search.tpl parameter (aka the By Author field). | ||||
| CVE-2018-12111 | 1 Canon | 1 Efi Printme | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the Canon PrintMe EFI webinterface allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /wt3/mydocs.php URI. | ||||
| CVE-2018-12104 | 1 Airbnb | 1 Knowledge Repo | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Airbnb Knowledge Repo 0.7.4 allows remote attackers to inject arbitrary web scripts or HTML via the post comments functionality, as demonstrated by the post/posts/new_report.kp URI. | ||||
| CVE-2018-12101 | 1 Clippercms | 1 Clippercms | 2024-11-21 | N/A |
| CMS Clipper 1.3.3 has XSS in the Security tab search, User Groups, Resource Groups, and User/Resource Group Links fields. | ||||
| CVE-2018-12100 | 1 Sonatype | 1 Nexus Repository Manager | 2024-11-21 | N/A |
| Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS in multiple areas in the Administration UI. | ||||
| CVE-2018-12099 | 3 Grafana, Netapp, Redhat | 4 Grafana, Active Iq Performance Analytics Services, Storagegrid Webscale Nas Bridge and 1 more | 2024-11-21 | N/A |
| Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links. | ||||
| CVE-2018-12095 | 1 Oecms Project | 1 Oecms | 2024-11-21 | N/A |
| A Reflected Cross-Site Scripting web vulnerability has been discovered in the OEcms v3.1 web-application. The vulnerability is located in the mod parameter of info.php. | ||||
| CVE-2018-12094 | 1 Dimofinf | 1 Dimofinf Cms | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in news.php in Dimofinf CMS Version 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2018-12090 | 1 Lamsfoundation | 1 Lams | 2024-11-21 | N/A |
| There is unauthenticated reflected cross-site scripting (XSS) in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change. | ||||
| CVE-2018-12073 | 1 Eminent-online | 1 Em4544 | 2024-11-21 | N/A |
| An issue was discovered on Eminent EM4544 9.10 devices. The device does not require the user's current password to set a new one within the web interface. Therefore, it is possible to exploit this issue (e.g., in combination with a successful XSS, or at an unattended workstation) to change the admin password to an attacker-chosen value without knowing the current password. | ||||