Total
37603 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-18029 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | N/A |
| Navigate CMS has Stored XSS via the navigate.php Title field in an edit action. | ||||
| CVE-2018-18019 | 1 Tribulant | 1 Slideshow Gallery | 2024-11-21 | N/A |
| XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-slides&method=save Slide[title], Slide[media_file], or Slide[image_url] parameter. | ||||
| CVE-2018-18017 | 1 Tribulant | 1 Slideshow Gallery | 2024-11-21 | N/A |
| XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter. | ||||
| CVE-2018-18005 | 1 Vivotek | 1 Camera | 2024-11-21 | N/A |
| Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter. | ||||
| CVE-2018-17997 | 1 Layerbb | 1 Layerbb | 2024-11-21 | N/A |
| LayerBB 1.1.1 allows XSS via the titles of conversations (PMs). | ||||
| CVE-2018-17989 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2024-11-21 | N/A |
| A stored XSS vulnerability exists in the web interface on D-Link DSL-3782 devices with firmware 1.01 that allows authenticated attackers to inject a JavaScript or HTML payload inside the ACL page. The injected payload would be executed in a user's browser when "/cgi-bin/New_GUI/Acl.asp" is requested. | ||||
| CVE-2018-17981 | 1 Lifesize | 4 Express 220, Express 220 Firmware, Room 220i and 1 more | 2024-11-21 | 6.1 Medium |
| Lifesize Express ls ex2_4.7.10 2000 (14) devices allow XSS via the interface/interface.php brand parameter. | ||||
| CVE-2018-17964 | 1 Aryanic | 1 Highportal | 2024-11-21 | N/A |
| Aryanic HighPortal 12.5 has XSS via an Add Tags action. | ||||
| CVE-2018-17960 | 1 Ckeditor | 1 Ckeditor | 2024-11-21 | N/A |
| CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste. | ||||
| CVE-2018-17952 | 1 Microfocus | 1 Edirectory | 2024-11-21 | N/A |
| Cross site scripting vulnerability in eDirectory prior to 9.1 SP2 | ||||
| CVE-2018-17949 | 1 Microfocus | 1 Imanager | 2024-11-21 | N/A |
| Cross site scripting vulnerability in iManager prior to 3.1 SP2. | ||||
| CVE-2018-17947 | 1 Atmist | 1 Snazzy Maps | 2024-11-21 | N/A |
| The Snazzy Maps plugin before 1.1.5 for WordPress has XSS via the text or tab parameter. | ||||
| CVE-2018-17946 | 1 Tribulant | 1 Slideshow Gallery | 2024-11-21 | N/A |
| The Tribulant Slideshow Gallery plugin before 1.6.6.1 for WordPress has XSS via the id, method, Gallerymessage, Galleryerror, or Galleryupdated parameter. | ||||
| CVE-2018-17904 | 1 Geovap | 1 Reliance 4 | 2024-11-21 | N/A |
| Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This vulnerability could allow an unauthorized attacker to inject arbitrary code. | ||||
| CVE-2018-17886 | 1 Jeesns | 1 Jeesns | 2024-11-21 | N/A |
| An issue was discovered in JEESNS 1.3. The XSS filter in com.lxinet.jeesns.core.utils.XssHttpServletRequestWrapper.java could be bypassed, as demonstrated by a <svg/onLoad=confirm substring. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-12429. | ||||
| CVE-2018-17884 | 1 Gwolle Guestbook Project | 1 Gwolle Guestbook | 2024-11-21 | N/A |
| XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook (gwolle-gb) plugin before 2.5.4 for WordPress via the PATH_INFO to wp-admin/index.php | ||||
| CVE-2018-17876 | 1 Web-feet | 1 Coaster Cms | 2024-11-21 | N/A |
| A Stored XSS vulnerability has been discovered in the v5.5.0 version of the Coaster CMS product. | ||||
| CVE-2018-17874 | 1 Expressionengine | 1 Expressionengine | 2024-11-21 | N/A |
| ExpressionEngine before 4.3.5 has reflected XSS. | ||||
| CVE-2018-17868 | 1 Dasan | 2 H660gw, H660gw Firmware | 2024-11-21 | N/A |
| DASAN H660GW devices have Stored XSS in the Port Forwarding functionality. | ||||
| CVE-2018-17866 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2.0.28 for WordPress allow remote attackers to inject arbitrary web script or HTML via the "Primary button Text" or "Second button text" field. | ||||