Total
37474 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-10686 | 1 Vestacp | 1 Control Panel | 2024-11-21 | N/A |
| An issue was discovered in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $_REQUEST['path'] to the view/file/index.php URI, which can lead to remote PHP code execution via vectors involving a file_put_contents call in web/upload/UploadHandler.php. | ||||
| CVE-2018-10680 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | N/A |
| Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to "Web site settings --> Basic setting --> Website title" and enters an XSS payload via the zb_system/cmd.php ZC_BLOG_NAME parameter. NOTE: the vendor disputes the security relevance, noting it is "just a functional bug. | ||||
| CVE-2018-10665 | 1 Ilias | 1 Ilias | 2024-11-21 | N/A |
| ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to shib_logout.php and third-party demo files. | ||||
| CVE-2018-10649 | 1 Citrix | 1 Xenmobile Server | 2024-11-21 | N/A |
| There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3. | ||||
| CVE-2018-10609 | 1 Martem | 4 Telem-gw6, Telem-gw6 Firmware, Telem-gwm and 1 more | 2024-11-21 | N/A |
| Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges. | ||||
| CVE-2018-10586 | 1 Netgain-systems | 1 Enterprise Manager | 2024-11-21 | N/A |
| NetGain Enterprise Manager (EM) is affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities in versions before 10.1.12. | ||||
| CVE-2018-10580 | 1 Latest Posts On Profile Project | 1 Latest Posts On Profile | 2024-11-21 | N/A |
| The "Latest Posts on Profile" plugin 1.1 for MyBB has XSS because there is an added section in a user profile that displays that user's most recent posts without sanitizing the tsubject (aka thread subject) field. | ||||
| CVE-2018-10571 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A |
| Multiple reflected cross-site scripting (XSS) vulnerabilities in OpenEMR before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) patient parameter to interface/main/finder/finder_navigation.php; (2) key parameter to interface/billing/get_claim_file.php; (3) formid or (4) formseq parameter to interface/orders/types.php; (5) eraname, (6) paydate, (7) post_to_date, (8) deposit_date, (9) debug, or (10) InsId parameter to interface/billing/sl_eob_process.php; (11) form_source, (12) form_paydate, (13) form_deposit_date, (14) form_amount, (15) form_name, (16) form_pid, (17) form_encounter, (18) form_date, or (19) form_to_date parameter to interface/billing/sl_eob_search.php; (20) codetype or (21) search_term parameter to interface/de_identification_forms/find_code_popup.php; (22) search_term parameter to interface/de_identification_forms/find_drug_popup.php; (23) search_term parameter to interface/de_identification_forms/find_immunization_popup.php; (24) id parameter to interface/forms/CAMOS/view.php; (25) id parameter to interface/forms/reviewofs/view.php; or (26) list_id parameter to library/custom_template/personalize.php. | ||||
| CVE-2018-10570 | 1 Frogcms Project | 1 Frogcms | 2024-11-21 | N/A |
| Frog CMS 0.9.5 has XSS in /install/index.php via the ['config']['admin_username'] field. | ||||
| CVE-2018-10569 | 1 Edimax | 2 Edimax Ew-7438rpn V2 Firmware, Ew-7438rpn Mini V2 | 2024-11-21 | N/A |
| An issue was discovered in Edimax EW-7438RPn Mini v2 before version 1.26. There is XSS in an SSID field. | ||||
| CVE-2018-10568 | 1 Flexense | 1 Disksorter | 2024-11-21 | N/A |
| XSS exists in Flexense DiskSorter Enterprise from v9.5.12 to v10.7. | ||||
| CVE-2018-10567 | 1 Flexense | 1 Vx Search | 2024-11-21 | N/A |
| XSS exists in Flexense VX Search Enterprise from v10.1.12 to v10.7. | ||||
| CVE-2018-10566 | 1 Flexense | 1 Dupscout | 2024-11-21 | N/A |
| XSS exists in Flexense DupScout Enterprise from v10.0.18 to v10.7. | ||||
| CVE-2018-10565 | 1 Flexense | 1 Disksavvy | 2024-11-21 | N/A |
| XSS exists in Flexense DiskSavvy Enterprise from v10.4 to v10.7. | ||||
| CVE-2018-10564 | 1 Flexense | 1 Diskpulse | 2024-11-21 | N/A |
| XSS exists in Flexense DiskPulse Enterprise from v10.4 to v10.7. | ||||
| CVE-2018-10563 | 1 Flexense | 1 Syncbreeze | 2024-11-21 | N/A |
| An XSS in Flexense SyncBreeze affects all versions (tested from SyncBreeze Enterprise from v10.1 to v10.7). | ||||
| CVE-2018-10554 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | N/A |
| An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; (2) includes/components/xicore/downtime.php, related to the update_pages function; (3) the ajaxhelper.php opts or background parameter; (4) the i[] array parameter to ajax_handler.php; or (5) the deploynotification.php title parameter. | ||||
| CVE-2018-10547 | 5 Canonical, Debian, Netapp and 2 more | 6 Ubuntu Linux, Debian Linux, Storage Automation Store and 3 more | 2024-11-21 | N/A |
| An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712. | ||||
| CVE-2018-10527 | 1 Easycms Project | 1 Easycms | 2024-11-21 | N/A |
| EasyCMS 1.3 is prone to Stored XSS when posting an article; four fields are affected: title, keyword, abstract, and content, as demonstrated by the /admin/index/index.html#listarticle URI. | ||||
| CVE-2018-10430 | 1 Dilicms | 1 Dilicms | 2024-11-21 | N/A |
| An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. There is a Stored XSS Vulnerability in the fourth textbox of "System setting->site setting" of admin/index.php. | ||||