ReportizFlow
Filtered by vendor
Subscriptions
Total
42710 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-13333 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | N/A |
| Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames. | ||||
| CVE-2018-13331 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | N/A |
| Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing users by placing JavaScript in their usernames. | ||||
| CVE-2018-13329 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | N/A |
| Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "lines" URL parameter. | ||||
| CVE-2018-13323 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2024-11-21 | N/A |
| Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie. | ||||
| CVE-2018-13317 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | N/A |
| Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to obtain the plaintext password for the admin user by making a GET request for password.htm. | ||||
| CVE-2018-13312 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | N/A |
| Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "Input your notice URL" field. | ||||
| CVE-2018-13310 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | N/A |
| Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's username. | ||||
| CVE-2018-13309 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | N/A |
| Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password. | ||||
| CVE-2018-13308 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | N/A |
| Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field. | ||||
| CVE-2018-13256 | 1 Chartered Accountant \ | 1 Auditor Website Project | 2024-11-21 | 6.1 Medium |
| PHP Scripts Mall Auditor Website 2.0.1 has XSS via the lastname or firstname parameter. | ||||
| CVE-2018-13252 | 1 Entrustdatacard | 1 Syntera Customization Suite | 2024-11-21 | N/A |
| Entrust Datacard Syntera CS 5.x has XSS via the name field of "Domain or Computer Name" in the login page. | ||||
| CVE-2018-13137 | 1 Pixelite | 1 Events Manager | 2024-11-21 | N/A |
| The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?post_type=event&page=events-manager-options URI. | ||||
| CVE-2018-13136 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | N/A |
| The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen. | ||||
| CVE-2018-13134 | 1 Tp-link | 2 Archer C1200, Archer C1200 Firmware | 2024-11-21 | N/A |
| TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATH_INFO to the /webpages/data URI. | ||||
| CVE-2018-13106 | 1 Clippercms | 1 Clippercms | 2024-11-21 | N/A |
| ClipperCMS 1.3.3 has stored XSS via the "Tools -> Configuration" screen of the manager/ URI. | ||||
| CVE-2018-13104 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A |
| OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID) | ||||
| CVE-2018-13055 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | N/A |
| A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO. | ||||
| CVE-2018-13039 | 1 Opendesa | 1 Opensid | 2024-11-21 | N/A |
| OpenSID 18.06-pasca has reflected Cross Site Scripting (XSS) via the cari parameter, aka an index.php/first?cari= URI. | ||||
| CVE-2018-13022 | 1 Mi | 2 Mi Router 3, Miwifi Os | 2024-11-21 | N/A |
| Cross-site scripting vulnerability in the API 404 page on Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary JavaScript via a modified URL path. | ||||
| CVE-2018-13003 | 1 Opentsdb | 1 Opentsdb | 2024-11-21 | N/A |
| An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'type' to the /suggest URI. | ||||