CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
451 CVE-2018-1000113 79 XSS 2018-03-13 2018-04-04
3.5
None Remote Medium Single system None Partial None
A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. TestLink report names to have Jenkins serve arbitrary HTML and JavaScript
452 CVE-2018-1000095 79 XSS 2018-03-12 2018-04-09
3.5
None Remote Medium Single system None Partial None
oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin application. This vulnerability appears to have been fixed in version 4.2.3.
453 CVE-2018-1000087 79 XSS 2018-03-13 2018-04-10
3.5
None Remote Medium Single system None Partial None
WolfCMS version version 0.8.3.1 contains a Reflected Cross Site Scripting vulnerability in "Create New File" and "Create New Directory" input box from 'files' Tab that can result in Session Hijacking, Spread Worms,Control the browser remotely. . This attack appear to be exploitable via Attacker can execute the JavaScript into the "Create New File" and "Create New Directory" input box from 'files'.
454 CVE-2018-1000084 79 XSS 2018-03-13 2018-04-06
3.5
None Remote Medium Single system None Partial None
WOlfCMS WolfCMS version version 0.8.3.1 contains a Stored Cross-Site Scripting vulnerability in Layout Name (from Layout tab) that can result in low privilege user can steal the cookie of admin user and compromise the admin account. This attack appear to be exploitable via Need to enter the Javascript code into Layout Name .
455 CVE-2018-1000062 79 XSS 2018-02-09 2018-03-05
3.5
None Remote Medium Single system None Partial None
WonderCMS version 2.4.0 contains a Stored Cross-Site Scripting on File Upload through SVG vulnerability in uploadFileAction(), 'svg' => 'image/svg+xml' that can result in An attacker can execute arbitrary script on an unsuspecting user's browser. This attack appear to be exploitable via Crafted SVG File.
456 CVE-2018-21014 79 XSS 2019-09-09 2019-09-10
3.5
None Remote Medium Single system None Partial None
The buddyboss-media plugin through 3.2.3 for WordPress has stored XSS.
457 CVE-2018-20986 79 XSS 2019-08-22 2019-08-27
3.5
None Remote Medium Single system None Partial None
The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin before 5.7.8 for WordPress has XSS by authors.
458 CVE-2018-20958 200 +Info 2019-08-07 2019-08-15
3.3
None Local Network Low Not required Partial None None
The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 relies on Key1 and SerialNo for unlock operations; however, these are derived from the MAC address, which is broadcasted by the device.
459 CVE-2018-20935 79 XSS 2019-08-01 2019-08-07
3.5
None Remote Medium Single system None Partial None
cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone" action (SEC-412).
460 CVE-2018-20933 79 XSS 2019-08-01 2019-08-07
3.5
None Remote Medium Single system None Partial None
cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410).
461 CVE-2018-20916 79 XSS 2019-08-01 2019-08-01
3.5
None Remote Medium Single system None Partial None
cPanel before 70.0.23 allows Stored XSS via a WHM Edit MX Entry (SEC-370).
462 CVE-2018-20915 79 XSS 2019-08-01 2019-08-01
3.5
None Remote Medium Single system None Partial None
cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-369).
463 CVE-2018-20913 200 +Info 2019-08-01 2019-08-02
3.5
None Remote Medium Single system Partial None None
cPanel before 70.0.23 allows attackers to read the root accesshash via the WHM /cgi/trustclustermaster.cgi (SEC-364).
464 CVE-2018-20909 254 2019-08-01 2019-08-07
3.6
None Local Low Not required Partial Partial None
cPanel before 70.0.23 allows arbitrary file-chmod operations during legacy incremental backups (SEC-338).
465 CVE-2018-20897 20 2019-08-01 2019-08-08
3.3
None Local Medium Not required None Partial Partial
cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system (SEC-395).
466 CVE-2018-20896 94 2019-08-01 2019-08-07
3.3
None Local Medium Not required None Partial Partial
cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394).
467 CVE-2018-20889 200 +Info 2019-08-01 2019-08-07
3.6
None Local Low Not required Partial Partial None
cPanel before 74.0.0 allows certain file-read operations via password file caching (SEC-425).
468 CVE-2018-20884 79 XSS 2019-08-01 2019-08-01
3.5
None Remote Medium Single system None Partial None
cPanel before 74.0.0 allows stored XSS in the WHM File Restoration interface (SEC-367).
469 CVE-2018-20881 79 XSS 2019-08-01 2019-08-01
3.5
None Remote Medium Single system None Partial None
cPanel before 74.0.8 allows self stored XSS on the Security Questions login page (SEC-446).
470 CVE-2018-20878 79 XSS 2019-08-01 2019-08-01
3.5
None Remote Medium Single system None Partial None
cPanel before 74.0.8 allows stored XSS in WHM "File and Directory Restoration" interface (SEC-441).
471 CVE-2018-20877 79 XSS 2019-08-01 2019-08-01
3.5
None Remote Medium Single system None Partial None
cPanel before 74.0.8 allows self XSS in WHM Style Upload interface (SEC-437).
472 CVE-2018-20876 79 XSS 2019-08-01 2019-08-01
3.5
None Remote Medium Single system None Partial None
cPanel before 74.0.8 allows self XSS in the Site Software Moderation interface (SEC-434).
473 CVE-2018-20875 79 XSS 2019-08-01 2019-08-01
3.5
None Remote Medium Single system None Partial None
cPanel before 74.0.8 allows self XSS in the WHM Security Questions interface (SEC-433).
474 CVE-2018-20874 79 XSS 2019-08-01 2019-08-06
3.5
None Remote Medium Single system None Partial None
cPanel before 74.0.8 allows self XSS in the WHM "Create a New Account" interface (SEC-428).
475 CVE-2018-20838 79 XSS 2019-05-13 2019-05-14
3.5
None Remote Medium Single system None Partial None
ampforwp_save_steps_data in the AMP for WP plugin before 0.9.97.21 for WordPress allows stored XSS.
476 CVE-2018-20837 79 XSS 2019-05-09 2019-05-10
3.5
None Remote Medium Single system None Partial None
include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu/Ajax?cmd=AddHidden title XSS.
477 CVE-2018-20827 79 XSS 2019-08-09 2019-08-13
3.5
None Remote Medium Single system None Partial None
The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the country parameter.
478 CVE-2018-20726 79 XSS 2019-01-16 2019-01-17
3.5
None Remote Medium Single system None Partial None
A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.
479 CVE-2018-20725 79 XSS 2019-01-16 2019-01-17
3.5
None Remote Medium Single system None Partial None
A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.
480 CVE-2018-20724 79 XSS 2019-01-16 2019-01-17
3.5
None Remote Medium Single system None Partial None
A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.
481 CVE-2018-20723 79 XSS 2019-01-16 2019-01-17
3.5
None Remote Medium Single system None Partial None
A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.
482 CVE-2018-20703 79 XSS 2019-01-13 2019-01-16
3.5
None Remote Medium Single system None Partial None
CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string.
483 CVE-2018-20682 79 XSS 2019-01-09 2019-01-23
3.5
None Remote Medium Single system None Partial None
Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka "Admin ids" input in the Facebook section).
484 CVE-2018-20680 79 XSS 2019-01-09 2019-01-11
3.5
None Remote Medium Single system None Partial None
Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field.
485 CVE-2018-20663 79 XSS 2019-01-03 2019-01-15
3.5
None Remote Medium Single system None Partial None
The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA Platform through 6.10.x has Persistent XSS via the "Reports > Reports" name field.
486 CVE-2018-20601 79 XSS 2018-12-30 2019-01-04
3.5
None Remote Medium Single system None Partial None
UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action.
487 CVE-2018-20597 79 XSS 2018-12-30 2019-01-04
3.5
None Remote Medium Single system None Partial None
UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action.
488 CVE-2018-20590 79 XSS 2018-12-30 2019-01-09
3.5
None Remote Medium Single system None Partial None
Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/users.php user ID.
489 CVE-2018-20589 79 XSS 2018-12-30 2019-01-09
3.5
None Remote Medium Single system None Partial None
Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/add_pictures.php article ID.
490 CVE-2018-20579 119 Overflow 2018-12-28 2019-01-14
3.6
None Local Low Not required None Partial Partial
Contiki-NG before 4.2 has a stack-based buffer overflow in the push function in os/lib/json/jsonparse.c that allows an out-of-bounds write of an '{' or '[' character.
491 CVE-2018-20565 79 XSS 2018-12-28 2019-01-04
3.5
None Remote Medium Single system None Partial None
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?rec=update has XSS via the nav_name parameter.
492 CVE-2018-20564 79 XSS 2018-12-28 2019-01-04
3.5
None Remote Medium Single system None Partial None
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product_category.php?rec=update has XSS via the cat_name parameter.
493 CVE-2018-20563 79 XSS 2018-12-28 2019-01-04
3.5
None Remote Medium Single system None Partial None
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS via the mobile_name parameter.
494 CVE-2018-20562 79 XSS 2018-12-28 2019-01-04
3.5
None Remote Medium Single system None Partial None
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article_category.php?rec=update has XSS via the cat_name parameter.
495 CVE-2018-20561 79 XSS 2018-12-28 2019-01-04
3.5
None Remote Medium Single system None Partial None
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the title parameter.
496 CVE-2018-20560 79 XSS 2018-12-28 2019-01-04
3.5
None Remote Medium Single system None Partial None
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/show.php?rec=update has XSS via the show_name parameter.
497 CVE-2018-20559 79 XSS 2018-12-28 2019-01-04
3.5
None Remote Medium Single system None Partial None
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product.php?rec=update has XSS via the name parameter.
498 CVE-2018-20558 79 XSS 2018-12-28 2019-01-04
3.5
None Remote Medium Single system None Partial None
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/system.php?rec=update has XSS via the site_name parameter.
499 CVE-2018-20557 79 XSS 2018-12-28 2019-01-04
3.5
None Remote Medium Single system None Partial None
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/page.php?rec=edit has XSS via the page_name parameter.
500 CVE-2018-20530 79 XSS 2018-12-28 2019-01-03
3.5
None Remote Medium Single system None Partial None
PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a Profile field such as Company Address, a related issue to CVE-2018-15896.
Total number of vulnerabilities : 4400   Page : 1 2 3 4 5 6 7 8 9 10 (This Page)11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.