Total
41701 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-9034 | 1 Relevanssi | 1 Relevanssi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter. | |||||
| CVE-2018-9027 | 1 Ca | 1 Ca Privileged Access Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link. | |||||
| CVE-2018-9020 | 1 Pixelite | 1 Events Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature. | |||||
| CVE-2018-9017 | 1 Dsmall Project | 1 Dsmall | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| dsmall v20180320 allows XSS via the member search box at the public/index.php/home/membersnsfriend/findlist.html URI. | |||||
| CVE-2018-9016 | 1 Dsmall Project | 1 Dsmall | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| dsmall v20180320 allows XSS via the main page search box at the public/index.php/home URI. | |||||
| CVE-2018-9015 | 1 Dsmall Project | 1 Dsmall | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| dsmall v20180320 allows XSS via the public/index.php/home/predeposit/index.html pdr_sn parameter (aka the CMS search box). | |||||
| CVE-2018-8979 | 1 Open-audit | 1 Open-audit | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI. | |||||
| CVE-2018-8978 | 1 Open-audit | 1 Open-audit | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an IMG element within a URI. | |||||
| CVE-2018-8973 | 1 Otcms | 1 Otcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| OTCMS 3.20 allows XSS by adding a keyword or link to an article, as demonstrated by an admin/keyWord_deal.php?mudi=add request. | |||||
| CVE-2018-8957 | 1 Covercms Project | 1 Covercms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| CoverCMS v1.1.6 has XSS via the fourth input box to index.php, related to admina/mconfigs.inc.php. | |||||
| CVE-2018-8948 | 1 Misp-project | 1 Misp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In MISP before 2.4.89, app/View/Events/resolved_attributes.ctp has multiple XSS issues via a malicious MISP module. | |||||
| CVE-2018-8942 | 1 Xiuno Bbs Project | 1 Xiuno Bbs | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Xiuno BBS 4.0.0 has XSS in the adminpage sitename parameter. | |||||
| CVE-2018-8928 | 1 Synology | 1 Carddav Server | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the (1) family_name, (2) given_name, or (3) additional_name parameter. | |||||
| CVE-2018-8924 | 1 Synology | 1 Office | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Title Tootip in Synology Office before 3.0.3-2143 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name. | |||||
| CVE-2018-8923 | 1 Synology | 1 File Station | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments. | |||||
| CVE-2018-8921 | 1 Synology | 1 Drive Server | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive before 1.0.2-10275 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name. | |||||
| CVE-2018-8918 | 1 Synology | 1 Router Manager | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| Cross-site scripting (XSS) vulnerability in info.cgi in Synology Router Manager (SRM) before 1.1.7-6941 allows remote attackers to inject arbitrary web script or HTML via the host parameter. | |||||
| CVE-2018-8915 | 1 Synology | 1 Calendar | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter. | |||||
| CVE-2018-8912 | 1 Synology | 1 Note Station | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Note in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via the commit_msg parameter. | |||||
| CVE-2018-8911 | 1 Synology | 1 Note Station | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments. | |||||