CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3051 CVE-2018-17849 79 XSS 2018-10-04 2018-11-19
3.5
None Remote Medium ??? None Partial None
Navigate CMS 2.8 has Stored XSS via a navigate_upload.php (aka File Upload) request with a multipart/form-data JavaScript payload.
3052 CVE-2018-17835 79 XSS 2018-10-01 2018-11-15
3.5
None Remote Medium ??? None Partial None
An issue was discovered in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalink Structure parameter, which injects the XSS payload into any page created at the admin/pages.php URI.
3053 CVE-2018-17830 79 XSS 2018-10-01 2018-11-15
3.5
None Remote Medium ??? None Partial None
The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted). The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=&args[ substring.
3054 CVE-2018-17783 79 XSS 2018-10-30 2018-12-07
3.5
None Remote Medium ??? None Partial None
A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name.
3055 CVE-2018-17782 79 XSS 2018-10-30 2018-12-07
3.5
None Remote Medium ??? None Partial None
A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name.
3056 CVE-2018-17574 79 XSS 2018-09-28 2018-11-14
3.5
None Remote Medium ??? None Partial None
An issue was discovered in YMFE YApi 1.3.23. There is stored XSS in the name field of a project.
3057 CVE-2018-17572 79 XSS 2020-03-02 2020-03-03
3.5
None Remote Medium ??? None Partial None
InfluxDB 0.9.5 has Reflected XSS in the Write Data module.
3058 CVE-2018-17556 79 XSS 2018-09-26 2018-11-15
3.5
None Remote Medium ??? None Partial None
MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action.
3059 CVE-2018-17490 862 DoS 2019-03-21 2020-08-24
3.6
None Local Low Not required None Partial Partial
EasyLobby Solo is vulnerable to a denial of service. By visiting the kiosk and accessing the task manager, a local attacker could exploit this vulnerability to kill the process or launch new processes at will.
3060 CVE-2018-17486 Bypass 2019-03-21 2020-08-24
3.6
None Local Low Not required None Partial Partial
Lobby Track Desktop could allow a local attacker to bypass security restrictions, caused by an error in the find visitor function while in kiosk mode. By visiting the kiosk and selecting find visitor, an attacker could exploit this vulnerability to delete visitor records or remove a host.
3061 CVE-2018-17484 200 +Info 2019-03-21 2019-10-09
3.6
None Local Low Not required Partial Partial None
Lobby Track Desktop could allow a local attacker to obtain sensitive information, caused by an error in Sample Database.mdb database while in kiosk mode. By using attack vectors outlined in kiosk breakout, an attacker could exploit this vulnerability to view and edit the database.
3062 CVE-2018-17426 79 XSS 2019-03-07 2019-03-08
3.5
None Remote Medium ??? None Partial None
WUZHI CMS 4.1.0 has stored XSS via the "Extension module" "SMS in station" field under the index.php?m=core URI.
3063 CVE-2018-17425 79 XSS 2019-03-07 2019-03-08
3.5
None Remote Medium ??? None Partial None
WUZHI CMS 4.1.0 has stored XSS via the "Membership Center" "I want to ask" "detailed description" field under the index.php?m=member URI.
3064 CVE-2018-17423 79 XSS 2019-06-19 2019-06-20
3.5
None Remote Medium ??? None Partial None
An issue was discovered in e107 v2.1.9. There is a XSS attack on e107_admin/comment.php.
3065 CVE-2018-17369 79 XSS 2018-09-23 2018-11-15
3.5
None Remote Medium ??? None Partial None
An issue was discovered in springboot_authority through 2017-03-06. There is stored XSS via the admin/role/edit roleKey, name, or description parameter.
3066 CVE-2018-17302 79 XSS 2018-09-21 2019-02-25
3.5
None Remote Medium ??? None Partial None
Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /#Email/view saved draft message.
3067 CVE-2018-17301 79 XSS 2018-09-21 2019-02-25
3.5
None Remote Medium ??? None Partial None
Reflected XSS exists in client/res/templates/global-search/name-field.tpl in EspoCRM 5.3.6 via /#Account in the search panel.
3068 CVE-2018-17300 79 XSS 2018-09-21 2019-09-16
3.5
None Remote Medium ??? None Partial None
Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator/#/component/table_manager/view/cu_menus section name.
3069 CVE-2018-17288 79 XSS 2019-04-18 2019-04-19
3.5
None Remote Medium ??? None Partial None
Kofax Front Office Server version 4.1.1.11.0.5212 (both Thin Client and Administration Console) suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Filename" field in /Kofax/KFS/ThinClient/document/upload/ - (Thin Client) or (2) "DeviceName" field in /Kofax/KFS/Admin/DeviceService/device/ - (Administration Console).
3070 CVE-2018-17256 79 XSS 2018-11-27 2018-12-31
3.5
None Remote Medium ??? None Partial None
Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content (Blog, Content Page, etc.). The vulnerability is exploited when updating or removing public access of a content.
3071 CVE-2018-17218 79 XSS 2018-10-01 2019-09-26
3.5
None Remote Medium ??? None Partial None
An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is reflected XSS in the SQUEAL search function.
3072 CVE-2018-17184 79 Exec Code XSS 2018-11-06 2018-12-13
3.5
None Remote Medium ??? None Partial None
A malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into Connector names, Report names, AnyTypeClass keys and Policy descriptions. When another user with enough administration entitlements edits one of the Entities above via Admin Console, the injected JavaScript code is executed.
3073 CVE-2018-17167 79 XSS 2019-03-21 2019-03-26
3.5
None Remote Medium ??? None Partial None
PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Machine Host Name" or "Server Serial Number" field in the clustering configuration, (2) "name" field in the Edit Group configuration, (3) "Rule Name" field in the Access Control configuration, (4) "Service Name" in the Service Configuration, or (5) First Name or Last Name field in the Edit Account configuration.
3074 CVE-2018-17147 79 XSS 2019-07-10 2019-07-11
3.5
None Remote Medium ??? None Partial None
Nagios XI before 5.5.4 has XSS in the auto login admin management page.
3075 CVE-2018-17146 79 Exec Code XSS 2019-06-19 2019-06-23
3.5
None Remote Medium ??? None Partial None
A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 via the 'name' parameter within the Account Information page. Exploitation of this vulnerability allows an attacker to execute arbitrary JavaScript code within the auto login admin management page.
3076 CVE-2018-17140 79 XSS 2018-09-17 2018-11-09
3.5
None Remote Medium ??? None Partial None
The Quizlord plugin through 2.0 for WordPress is prone to Stored XSS via the title parameter in a ql_insert action to wp-admin/admin.php.
3077 CVE-2018-17138 79 XSS 2018-09-17 2018-11-08
3.5
None Remote Medium ??? None Partial None
The Jibu Pro plugin through 1.7 for WordPress is prone to Stored XSS via the wp-content/plugins/jibu-pro/quiz_action.php name (aka Quiz Name) field.
3078 CVE-2018-17130 79 XSS 2018-09-17 2018-11-01
3.5
None Remote Medium ??? None Partial None
PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header,
3079 CVE-2018-17128 79 XSS 2018-09-17 2018-11-07
3.5
None Remote Medium ??? None Partial None
A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode.
3080 CVE-2018-17090 79 XSS 2018-09-16 2018-11-01
3.5
None Remote Medium ??? None Partial None
An issue was discovered in DonLinkage 6.6.8. The modules /pages/bazy/bazy_adresow.php and /pages/proxy/add.php are vulnerable to stored XSS that can be triggered by closing <textarea> followed by <script></script> tags.
3081 CVE-2018-17044 79 XSS 2018-09-14 2018-11-09
3.5
None Remote Medium ??? None Partial None
In YzmCMS 5.1, stored XSS exists via the admin/system_manage/user_config_add.html title parameter.
3082 CVE-2018-17026 79 XSS 2018-09-13 2018-10-30
3.5
None Remote Medium ??? None Partial None
admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an edit_page&name=error404 action, a different vulnerability than CVE-2018-10121.
3083 CVE-2018-17024 79 XSS 2018-09-13 2019-07-23
3.5
None Remote Medium ??? None Partial None
admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an add_page action.
3084 CVE-2018-16968 22 Dir. Trav. 2018-09-26 2018-11-23
3.5
None Remote Medium ??? None Partial None
Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal.
3085 CVE-2018-16950 DoS 2018-09-12 2020-08-24
3.3
None Local Network Low Not required None None Partial
Inteno DG400 WU7U_ELION3.11.6-170614_1328 devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses, as demonstrated by macof.
3086 CVE-2018-16887 79 Exec Code +Priv XSS CSRF 2019-01-13 2019-05-14
3.5
None Remote Medium ??? None Partial None
A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Versions before 3.9.0 are vulnerable.
3087 CVE-2018-16876 200 +Info 2019-01-03 2020-05-29
3.5
None Remote Medium ??? Partial None None
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.
3088 CVE-2018-16872 367 2018-12-13 2020-12-04
3.5
None Remote Medium ??? Partial None None
A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the underlying filesystem may have changed since the time lstat(2) was called in usb_mtp_object_alloc, a classical TOCTTOU problem. An attacker with write access to the host filesystem shared with a guest can use this property to navigate the host filesystem in the context of the QEMU process and read any file the QEMU process has access to. Access to the filesystem may be local or via a network share protocol such as CIFS.
3089 CVE-2018-16869 203 2018-12-03 2020-12-04
3.3
None Local Medium Not required Partial Partial None
A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
3090 CVE-2018-16868 203 2018-12-03 2020-12-04
3.3
None Local Medium Not required Partial Partial None
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
3091 CVE-2018-16861 79 Exec Code +Priv XSS CSRF 2018-12-07 2019-05-14
3.5
None Remote Medium ??? None Partial None
A cross-site scripting (XSS) flaw was found in the foreman component of satellite. An attacker with privilege to create entries using the Hosts, Monitor, Infrastructure, or Administer Menus is able to execute a XSS attacks against other users, possibly leading to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Foreman before 1.18.3, 1.19.1, and 1.20.0 are vulnerable.
3092 CVE-2018-16852 476 DoS 2018-11-28 2019-10-09
3.5
None Remote Medium ??? None None Partial
Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or the Samba DLZ plugin for BIND9, if the DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set, the server will follow a NULL pointer and terminate. There is no further vulnerability associated with this issue, merely a denial of service.
3093 CVE-2018-16806 327 2018-09-10 2019-10-03
3.3
None Local Network Low Not required None Partial None
A Pektron Passive Keyless Entry and Start (PKES) system, as used on the Tesla Model S and possibly other vehicles, relies on the DST40 cipher, which makes it easier for attackers to obtain access via an approach involving a 5.4 TB precomputation, followed by wake-frame reception and two challenge/response operations, to clone a key fob within a few seconds.
3094 CVE-2018-16805 79 XSS 2018-09-10 2018-11-09
3.5
None Remote Medium ??? None Partial None
In b3log Solo 2.9.3, XSS in the Input page under the Publish Articles menu, with an ID of linkAddress stored in the link JSON field, allows remote attackers to inject arbitrary Web scripts or HTML via a crafted site name provided by an administrator.
3095 CVE-2018-16780 79 XSS 2018-09-10 2018-10-29
3.5
None Remote Medium ??? None Partial None
Complete Responsive CMS Blog through 2018-05-20 has XSS via a comment.
3096 CVE-2018-16776 79 XSS 2018-09-10 2018-11-02
3.5
None Remote Medium ??? None Partial None
wityCMS 0.6.2 has XSS via the "Site Name" field found in the "Contact" "Configuration" page.
3097 CVE-2018-16775 79 XSS 2018-09-10 2018-11-09
3.5
None Remote Medium ??? None Partial None
An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the site name in the "Categories" menu.
3098 CVE-2018-16773 79 XSS 2018-09-10 2018-09-24
3.5
None Remote Medium ??? None Partial None
EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field.
3099 CVE-2018-16772 79 XSS 2018-09-10 2018-09-24
3.5
None Remote Medium ??? None Partial None
Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new.
3100 CVE-2018-16736 79 XSS 2018-09-09 2018-11-06
3.5
None Remote Medium ??? None Partial None
In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the _whatfilter and _messages parameters (in the Filters section of the settings).
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.