CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2851 CVE-2018-20884 79 XSS 2019-08-01 2019-08-01
3.5
None Remote Medium ??? None Partial None
cPanel before 74.0.0 allows stored XSS in the WHM File Restoration interface (SEC-367).
2852 CVE-2018-20881 79 XSS 2019-08-01 2019-08-01
3.5
None Remote Medium ??? None Partial None
cPanel before 74.0.8 allows self stored XSS on the Security Questions login page (SEC-446).
2853 CVE-2018-20878 79 XSS 2019-08-01 2019-08-01
3.5
None Remote Medium ??? None Partial None
cPanel before 74.0.8 allows stored XSS in WHM "File and Directory Restoration" interface (SEC-441).
2854 CVE-2018-20877 79 XSS 2019-08-01 2019-08-01
3.5
None Remote Medium ??? None Partial None
cPanel before 74.0.8 allows self XSS in WHM Style Upload interface (SEC-437).
2855 CVE-2018-20876 79 XSS 2019-08-01 2019-08-01
3.5
None Remote Medium ??? None Partial None
cPanel before 74.0.8 allows self XSS in the Site Software Moderation interface (SEC-434).
2856 CVE-2018-20875 79 XSS 2019-08-01 2019-08-01
3.5
None Remote Medium ??? None Partial None
cPanel before 74.0.8 allows self XSS in the WHM Security Questions interface (SEC-433).
2857 CVE-2018-20874 79 XSS 2019-08-01 2019-08-06
3.5
None Remote Medium ??? None Partial None
cPanel before 74.0.8 allows self XSS in the WHM "Create a New Account" interface (SEC-428).
2858 CVE-2018-20838 79 XSS 2019-05-13 2019-05-14
3.5
None Remote Medium ??? None Partial None
ampforwp_save_steps_data in the AMP for WP plugin before 0.9.97.21 for WordPress allows stored XSS.
2859 CVE-2018-20837 79 XSS 2019-05-09 2019-05-10
3.5
None Remote Medium ??? None Partial None
include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu/Ajax?cmd=AddHidden title XSS.
2860 CVE-2018-20827 79 XSS 2019-08-09 2019-08-13
3.5
None Remote Medium ??? None Partial None
The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the country parameter.
2861 CVE-2018-20777 79 XSS 2019-02-11 2019-02-11
3.5
None Remote Medium ??? None Partial None
Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field.
2862 CVE-2018-20774 79 XSS 2019-02-11 2019-02-11
3.5
None Remote Medium ??? None Partial None
Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field.
2863 CVE-2018-20758 79 XSS 2019-02-06 2019-10-23
3.5
None Remote Medium ??? None Partial None
MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description.
2864 CVE-2018-20737 79 XSS 2019-03-21 2019-03-25
3.5
None Remote Medium ??? None Partial None
An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product.
2865 CVE-2018-20736 79 XSS 2019-03-21 2019-03-25
3.5
None Remote Medium ??? None Partial None
An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product.
2866 CVE-2018-20726 79 XSS 2019-01-16 2020-03-01
3.5
None Remote Medium ??? None Partial None
A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.
2867 CVE-2018-20725 79 XSS 2019-01-16 2020-03-01
3.5
None Remote Medium ??? None Partial None
A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.
2868 CVE-2018-20724 79 XSS 2019-01-16 2020-03-01
3.5
None Remote Medium ??? None Partial None
A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.
2869 CVE-2018-20723 79 XSS 2019-01-16 2020-03-01
3.5
None Remote Medium ??? None Partial None
A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.
2870 CVE-2018-20703 79 XSS 2019-01-13 2019-01-16
3.5
None Remote Medium ??? None Partial None
CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string.
2871 CVE-2018-20682 79 XSS 2019-01-09 2019-01-23
3.5
None Remote Medium ??? None Partial None
Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka "Admin ids" input in the Facebook section).
2872 CVE-2018-20681 200 +Info 2019-01-09 2019-01-30
3.6
None Local Low Not required Partial Partial None
mate-screensaver before 1.20.2 in MATE Desktop Environment allows physically proximate attackers to view screen content and possibly control applications. By unplugging and re-plugging or power-cycling external output devices (such as additionally attached graphical outputs via HDMI, VGA, DVI, etc.) the content of a screensaver-locked session can be revealed. In some scenarios, the attacker can execute applications, such as by clicking with a mouse.
2873 CVE-2018-20680 79 XSS 2019-01-09 2019-01-11
3.5
None Remote Medium ??? None Partial None
Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field.
2874 CVE-2018-20663 79 XSS 2019-01-03 2019-01-15
3.5
None Remote Medium ??? None Partial None
The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA Platform through 6.10.x has Persistent XSS via the "Reports > Reports" name field.
2875 CVE-2018-20645 79 XSS 2019-03-21 2020-08-24
3.5
None Remote Medium ??? None Partial None
PHP Scripts Mall Basic B2B Script 2.0.9 has HTML injection via the First Name or Last Name field.
2876 CVE-2018-20640 79 XSS 2019-03-21 2019-03-26
3.5
None Remote Medium ??? None Partial None
PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has stored Cross-Site Scripting (XSS) via the Full Name field.
2877 CVE-2018-20636 79 XSS 2019-03-21 2020-08-24
3.5
None Remote Medium ??? None Partial None
PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has HTML injection via the First Name field.
2878 CVE-2018-20632 79 XSS 2019-03-21 2019-03-21
3.5
None Remote Medium ??? None Partial None
PHP Scripts Mall Advance B2B Script 2.1.4 has stored Cross-Site Scripting (XSS) via the FIRST NAME or LAST NAME field.
2879 CVE-2018-20627 79 XSS 2019-03-21 2020-08-24
3.5
None Remote Medium ??? None Partial None
PHP Scripts Mall Consumer Reviews Script 4.0.3 has HTML injection via the search box.
2880 CVE-2018-20601 79 XSS 2018-12-30 2019-01-04
3.5
None Remote Medium ??? None Partial None
UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action.
2881 CVE-2018-20597 79 XSS 2018-12-30 2019-01-04
3.5
None Remote Medium ??? None Partial None
UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action.
2882 CVE-2018-20590 79 XSS 2018-12-30 2020-05-08
3.5
None Remote Medium ??? None Partial None
Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/users.php user ID.
2883 CVE-2018-20589 79 XSS 2018-12-30 2019-01-09
3.5
None Remote Medium ??? None Partial None
Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/add_pictures.php article ID.
2884 CVE-2018-20579 787 Overflow 2018-12-28 2020-08-24
3.6
None Local Low Not required None Partial Partial
Contiki-NG before 4.2 has a stack-based buffer overflow in the push function in os/lib/json/jsonparse.c that allows an out-of-bounds write of an '{' or '[' character.
2885 CVE-2018-20565 79 XSS 2018-12-28 2019-01-04
3.5
None Remote Medium ??? None Partial None
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?rec=update has XSS via the nav_name parameter.
2886 CVE-2018-20564 79 XSS 2018-12-28 2019-01-04
3.5
None Remote Medium ??? None Partial None
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product_category.php?rec=update has XSS via the cat_name parameter.
2887 CVE-2018-20563 79 XSS 2018-12-28 2019-01-04
3.5
None Remote Medium ??? None Partial None
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS via the mobile_name parameter.
2888 CVE-2018-20562 79 XSS 2018-12-28 2019-01-04
3.5
None Remote Medium ??? None Partial None
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article_category.php?rec=update has XSS via the cat_name parameter.
2889 CVE-2018-20561 79 XSS 2018-12-28 2019-01-04
3.5
None Remote Medium ??? None Partial None
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the title parameter.
2890 CVE-2018-20560 79 XSS 2018-12-28 2019-01-04
3.5
None Remote Medium ??? None Partial None
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/show.php?rec=update has XSS via the show_name parameter.
2891 CVE-2018-20559 79 XSS 2018-12-28 2019-01-04
3.5
None Remote Medium ??? None Partial None
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product.php?rec=update has XSS via the name parameter.
2892 CVE-2018-20558 79 XSS 2018-12-28 2019-01-04
3.5
None Remote Medium ??? None Partial None
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/system.php?rec=update has XSS via the site_name parameter.
2893 CVE-2018-20557 79 XSS 2018-12-28 2019-01-04
3.5
None Remote Medium ??? None Partial None
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/page.php?rec=edit has XSS via the page_name parameter.
2894 CVE-2018-20530 79 XSS 2018-12-28 2019-01-03
3.5
None Remote Medium ??? None Partial None
PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a Profile field such as Company Address, a related issue to CVE-2018-15896.
2895 CVE-2018-20496 79 XSS 2019-12-30 2020-01-07
3.5
None Remote Medium ??? None Partial None
An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.
2896 CVE-2018-20491 79 XSS 2019-12-30 2020-01-08
3.5
None Remote Medium ??? None Partial None
An issue was discovered in GitLab Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.
2897 CVE-2018-20490 79 XSS 2019-12-30 2020-01-08
3.5
None Remote Medium ??? None Partial None
An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.
2898 CVE-2018-20448 79 XSS 2018-12-25 2019-03-04
3.5
None Remote Medium ??? None Partial None
Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI.
2899 CVE-2018-20418 79 XSS 2018-12-24 2019-03-16
3.5
None Remote Medium ??? None Partial None
index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab.
2900 CVE-2018-20373 79 XSS 2018-12-23 2019-01-14
3.5
None Remote Medium ??? None Partial None
Tenda ADSL modem routers 1.0.1 allow XSS via the hostname of a DHCP client.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.