Total
38068 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-12047 | 1 Ximdex | 1 Ximdex | 2024-11-21 | N/A |
| xfind/search in Ximdex 4.0 has XSS via the filter[n][value] parameters for non-negative values of n, as demonstrated by n equal to 0 through 12. | ||||
| CVE-2018-12043 | 1 Getsymphony | 1 Symphony | 2024-11-21 | N/A |
| content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the pages content page. | ||||
| CVE-2018-12040 | 1 Sensiolabs | 1 Symfony | 2024-11-21 | N/A |
| Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an _profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool that should never be deployed in production (so, we don't handle those issues as security issues). | ||||
| CVE-2018-12030 | 1 Chevereto | 1 Chevereto | 2024-11-21 | N/A |
| Chevereto Free before 1.0.13 has XSS. | ||||
| CVE-2018-11735 | 1 Ximdex | 1 Ximdex | 2024-11-21 | N/A |
| index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or fname parameter. | ||||
| CVE-2018-11734 | 1 E107 | 1 E107 | 2024-11-21 | N/A |
| In e107 v2.1.7, output without filtering results in XSS. | ||||
| CVE-2018-11715 | 1 Recent Threads Project | 1 Recent Threads | 2024-11-21 | N/A |
| The Recent Threads plugin before 1.1 for MyBB allows XSS via a thread subject. | ||||
| CVE-2018-11709 | 1 Gvectors | 1 Wpforo Forum | 2024-11-21 | N/A |
| wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI. | ||||
| CVE-2018-11690 | 1 Balbooa | 1 Gridbox | 2024-11-21 | N/A |
| The Balbooa Gridbox extension version 2.4.0 and previous versions for Joomla! is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | ||||
| CVE-2018-11689 | 2 Hanwha-security, Samsung | 19 Hrd-1641, Hrd-1641 Firmware, Hrd-1642 and 16 more | 2024-11-21 | 6.1 Medium |
| Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from Samsung to Hanwha.) | ||||
| CVE-2018-11688 | 1 Igniterealtime | 1 Openfire | 2024-11-21 | N/A |
| Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | ||||
| CVE-2018-11651 | 1 Graylog | 1 Graylog | 2024-11-21 | N/A |
| Graylog before v2.4.4 has an XSS security issue with unescaped text in dashboard names, related to components/dashboard/Dashboard.jsx, components/dashboard/EditDashboardModal.jsx, and pages/ShowDashboardPage.jsx. | ||||
| CVE-2018-11650 | 1 Graylog | 1 Graylog | 2024-11-21 | N/A |
| Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js. | ||||
| CVE-2018-11649 | 1 Gethue | 1 Hue | 2024-11-21 | N/A |
| Hue 3.12 has XSS via the /pig/save/ name and script parameters. | ||||
| CVE-2018-11647 | 1 Oauth2orize-fprm Project | 1 Oauth2orize-fprm | 2024-11-21 | N/A |
| index.js in oauth2orize-fprm before 0.2.1 has XSS via a crafted URL. | ||||
| CVE-2018-11628 | 1 Emssoftware | 1 Ems Master Calendar | 2024-11-21 | N/A |
| Data input into EMS Master Calendar before 8.0.0.201805210 via URL parameters is not properly sanitized, allowing malicious attackers to send a crafted URL for XSS. | ||||
| CVE-2018-11627 | 2 Redhat, Sinatrarb | 3 Cloudforms, Cloudforms Managementengine, Sinatra | 2024-11-21 | N/A |
| Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception. | ||||
| CVE-2018-11588 | 1 Centreon | 2 Centreon, Centreon Web | 2024-11-21 | N/A |
| Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php. | ||||
| CVE-2018-11583 | 1 Seacms | 1 Seacms | 2024-11-21 | N/A |
| SeaCMS 6.61 has stored XSS in admin_collect.php via the siteurl parameter. | ||||
| CVE-2018-11581 | 1 Brother | 4 Hl-l2340d, Hl-l2340d Firmware, Hl-l2380dw and 1 more | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability on Brother HL series printers allows remote attackers to inject arbitrary web script or HTML via the url parameter to etc/loginerror.html. | ||||