| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2018-18733 |
1 Catfish-cms |
1 Catfish Cms |
2018-12-07 |
3.5 |
| An XSS issue was discovered in Catfish CMS 4.8.30, related to "write source code," a similar issue to CVE-2018-13999. |
| CVE-2018-18736 |
1 Catfish-cms |
1 Catfish Blog |
2018-12-07 |
3.5 |
| An XSS issue was discovered in catfish blog 2.0.33, related to "write source code." |
| CVE-2018-19051 |
1 Metinfo |
1 Metinfo |
2018-12-07 |
4.3 |
| MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword abt_type parameter. |
| CVE-2018-19050 |
1 Metinfo |
1 Metinfo |
2018-12-07 |
4.3 |
| MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter. |
| CVE-2018-19835 |
1 Metinfo |
1 Metinfo |
2018-12-07 |
4.3 |
| Metinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_columnerr4 parameter. |
| CVE-2018-17782 |
1 Mantisbt |
1 Mantisbt |
2018-12-07 |
3.5 |
| A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a... |
| CVE-2018-17783 |
1 Mantisbt |
1 Mantisbt |
2018-12-07 |
3.5 |
| A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a... |
| CVE-2018-18694 |
1 Monstra |
1 Monstra |
2018-12-06 |
3.5 |
| admin/index.php?id=filesmanager in Monstra CMS 3.0.4 allows remote authenticated administrators to trigger stored XSS via JavaScript content in a file whose name lacks an extension. Such a file is interpreted as text/html in certain cases. |
| CVE-2018-15712 |
1 Nagios |
1 Nagios Xi |
2018-12-06 |
4.3 |
| Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php. |
| CVE-2018-15713 |
1 Nagios |
1 Nagios Xi |
2018-12-06 |
3.5 |
| Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php. |
| CVE-2018-15714 |
1 Nagios |
1 Nagios Xi |
2018-12-06 |
4.3 |
| Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters. |
| CVE-2013-2033 |
2 Cloudbees, Jenkins |
2 Jenkins, Jenkins |
2018-12-06 |
2.1 |
| Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or... |
| CVE-2018-12246 |
|
|
2018-12-06 |
4.3 |
| Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker can target end users protected by WI with social engineering attacks using crafted URLs for legitimate web... |
| CVE-2018-18548 |
1 Ajenti |
1 Ajenticp |
2018-12-06 |
4.3 |
| ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager. |
| CVE-2018-18551 |
1 Serverscheck |
1 Monitoring Software |
2018-12-06 |
4.3 |
| ServersCheck Monitoring Software through 14.3.3 has Persistent and Reflected XSS via the sensors.html status parameter, sensors.html type parameter, sensors.html device parameter, report.html location parameter, group_delete.html group parameter,... |
| CVE-2018-18840 |
1 Sem-cms |
1 Semcms |
2018-12-06 |
3.5 |
| XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexmetatit parameter. |
| CVE-2018-18783 |
1 Sem-cms |
1 Semcms |
2018-12-06 |
4.3 |
| XSS was discovered in SEMCMS V3.4 via the semcms_remail.php?type=ok umail parameter. |
| CVE-2018-18841 |
1 Sem-cms |
1 Semcms |
2018-12-06 |
3.5 |
| XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexkey parameter. |
| CVE-2013-2149 |
1 Owncloud |
1 Owncloud |
2018-12-06 |
3.5 |
| Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to shared files. |
| CVE-2018-18660 |
1 Arcserve |
1 Udp |
2018-12-06 |
4.3 |
| An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-21 Reflected Cross-site Scripting via /authenticationendpoint/domain.jsp issue. |
