Total
37552 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-13433 | 1 Boostnote | 1 Boostnote | 2024-11-21 | N/A |
| Boostnote v0.11.7 allows XSS during highlighting of Markdown text, as demonstrated by an onerror attribute of an IMG element. | ||||
| CVE-2018-13423 | 1 Omeka | 1 Omeka | 2024-11-21 | N/A |
| admin/themes/default/items/tag-form.php in Omeka before 2.6.1 allows XSS by adding or editing a tag. | ||||
| CVE-2018-13422 | 1 Tecnick | 1 Tcexam | 2024-11-21 | N/A |
| TCExam before 14.1.2 has XSS via an ff_ or xl_ field. | ||||
| CVE-2018-13409 | 1 Jirafeau | 1 Jirafeau | 2024-11-21 | N/A |
| An issue was discovered in Jirafeau before 3.4.1. The "search file by hash" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges. | ||||
| CVE-2018-13408 | 1 Jirafeau | 1 Jirafeau | 2024-11-21 | N/A |
| An issue was discovered in Jirafeau before 3.4.1. The "search file by link" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges. | ||||
| CVE-2018-13403 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | N/A |
| The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from version 7.13.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a saved filter when displayed on a Jira dashboard. | ||||
| CVE-2018-13395 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | N/A |
| Various resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and before version 7.11.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the epic colour field of an issue while an issue is being moved. | ||||
| CVE-2018-13392 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | N/A |
| Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in linked issue keys. | ||||
| CVE-2018-13388 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | N/A |
| The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in attached files. | ||||
| CVE-2018-13387 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | N/A |
| The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter as the fix for CVE-2017-18039 was incomplete. | ||||
| CVE-2018-13380 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 4.7 Medium |
| A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters. | ||||
| CVE-2018-13375 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | N/A |
| An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in FortiAnalyzer and FortiManager (with FortiAnalyzer feature enabled). | ||||
| CVE-2018-13360 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | N/A |
| Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "filename" URL parameter. | ||||
| CVE-2018-13359 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | N/A |
| Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "modgroup" parameter. | ||||
| CVE-2018-13357 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | N/A |
| Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing Shared Folders via JavaScript in Shared Folders' names. | ||||
| CVE-2018-13351 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | N/A |
| Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form. | ||||
| CVE-2018-13349 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | N/A |
| Cross-site scripting in the web application taskbar in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the user's username. | ||||
| CVE-2018-13339 | 1 Angular Redactor Project | 1 Angular Redactor | 2024-11-21 | N/A |
| Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035. | ||||
| CVE-2018-13335 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | N/A |
| Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared folders via their descriptions. | ||||
| CVE-2018-13334 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | N/A |
| Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "options[sysname]" parameter. | ||||