ReportizFlow
Filtered by vendor
Subscriptions
Total
40464 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-9177 | 1 Lynxtechnology | 1 Twonky Server | 2024-11-21 | N/A |
| Twonky Server before 8.5.1 has XSS via a folder name on the Shared Folders screen. | ||||
| CVE-2018-9173 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter. | ||||
| CVE-2018-9172 | 1 Iptanus | 1 Wordpress File Upload | 2024-11-21 | N/A |
| The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes. | ||||
| CVE-2018-9169 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | N/A |
| Z-BlogPHP 1.5.1 has XSS via the zb_users/plugin/AppCentre/plugin_edit.php app_id parameter. The component must be accessed directly by an administrator, or through CSRF. | ||||
| CVE-2018-9163 | 1 Zohocorp | 1 Manageengine Recovery Manager Plus | 2024-11-21 | N/A |
| A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do. | ||||
| CVE-2018-9155 | 1 Open-audit | 1 Open-audit | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the Admin->Logs section (with a logs?logs.type= URI) and the Manage->Attributes section (via the "Name (display)" field to the attributes/create URI). | ||||
| CVE-2018-9147 | 1 Gespage | 1 Gespage | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerabilities in version 7.5.7 of Gespage software allow remote attackers to inject arbitrary web script or HTML via the email, passwd, and repasswd parameters to webapp/users/user_reg.jsp. | ||||
| CVE-2018-9140 | 1 Samsung | 1 Samsung Mobile | 2024-11-21 | N/A |
| On Samsung mobile devices with M(6.0) software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747. | ||||
| CVE-2018-9130 | 1 Ibos | 1 Ibos | 2024-11-21 | N/A |
| IBOS 4.4.3 has XSS via a company full name. | ||||
| CVE-2018-9123 | 1 Crea8social | 1 Crea8social | 2024-11-21 | N/A |
| In Crea8social 2018.2, there is Stored Cross-Site Scripting via a User Profile. | ||||
| CVE-2018-9122 | 1 Crea8social | 1 Crea8social | 2024-11-21 | N/A |
| In Crea8social 2018.2, there is Reflected Cross-Site Scripting via the term parameter to the /search URI. | ||||
| CVE-2018-9121 | 1 Crea8social | 1 Crea8social | 2024-11-21 | N/A |
| In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post comment. | ||||
| CVE-2018-9120 | 1 Crea8social | 1 Crea8social | 2024-11-21 | N/A |
| In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post. | ||||
| CVE-2018-9111 | 1 Foxconn | 2 Ap-fc4064-t, Ap-fc4064-t Firmware | 2024-11-21 | N/A |
| Cross Site Scripting (XSS) exists on the Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE Build 15 via the configuration of a user account. An attacker can execute arbitrary script on an unsuspecting user's browser. | ||||
| CVE-2018-9104 | 1 Mitel | 2 Mivoice Connect, St 14.2 | 2024-11-21 | N/A |
| A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the api.php page. A successful exploit could allow an attacker to execute arbitrary scripts. | ||||
| CVE-2018-9103 | 1 Mitel | 2 Mivoice Connect, St 14.2 | 2024-11-21 | N/A |
| A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. A successful exploit could allow an attacker to execute arbitrary scripts. | ||||
| CVE-2018-9101 | 1 Mitel | 2 Mivoice Connect, St 14.2 | 2024-11-21 | N/A |
| A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the launch_presenter.php page. A successful exploit could allow an attacker to execute arbitrary scripts. | ||||
| CVE-2018-9090 | 1 Redhat | 1 Tectonic | 2024-11-21 | 6.1 Medium |
| CoreOS Tectonic 1.7.x and 1.8.x before 1.8.7-tectonic.2 deploys the Grafana web application using default credentials (admin/admin) for the administrator account located at grafana-credentials secret. This occurs because CoreOS does not randomize the administrative password to later be configured by Tectonic administrators. An attacker can insert an XSS payload into the dashboards. | ||||
| CVE-2018-9081 | 1 Lenovo | 40 Ez Media \& Backup Center, Ez Media \& Backup Center Firmware, Ix2 and 37 more | 2024-11-21 | N/A |
| For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content Viewer with a cross site scripting payload in its name, and wait for a user to try and rename the file for their payload to trigger. | ||||
| CVE-2018-9079 | 1 Lenovo | 40 Ez Media \& Backup Center, Ez Media \& Backup Center Firmware, Ix2 and 37 more | 2024-11-21 | N/A |
| For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the origin of the device. | ||||