CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2018-7659 79 XSS 2018-04-11 2018-05-16
3.5
None Remote Medium Single system None Partial None
In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Stored Cross-Site Scripting Vulnerability could potentially be exploited by malicious users to compromise the affected system via a filename of an uploaded image file.
402 CVE-2018-7650 79 XSS 2018-03-06 2018-03-27
3.5
None Remote Medium Single system None Partial None
PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 Application is vulnerable to stored XSS within the "Add New" function for a Management User. Within the "Add New" section, the application does not sanitize user supplied input to the name parameter, and renders injected JavaScript code to the user's browser. This is different from CVE-2018-6878.
403 CVE-2018-7559 320 2018-06-13 2018-08-11
3.5
None Remote Medium Single system Partial None None
An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending carefully constructed bad UserIdentityTokens as part of an oracle attack.
404 CVE-2018-7547 79 XSS 2018-02-27 2018-03-23
3.5
None Remote Medium Single system None Partial None
lyadmin 1.x has XSS via the config[WEB_SITE_TITLE] parameter to the /admin.php?s=/admin/config/groupsave.html URI.
405 CVE-2018-7469 79 XSS 2018-02-28 2018-03-16
3.5
None Remote Medium Single system None Partial None
PHP Scripts Mall Entrepreneur Job Portal Script 2.0.9 has XSS via the p_name (aka Edit Category Name) field to admin/categories_industry.php (aka Categories - Industry Type).
406 CVE-2018-7465 79 XSS 2018-04-26 2018-06-06
3.5
None Remote Medium Single system None Partial None
An XSS issue was discovered in VirtueMart before 3.2.14. All the textareas in the backend of the plugin can be closed by simply adding </textarea> to the value and saving the product/config. By editing back the product/config, the editor's browser will execute everything after the </textarea>, leading to a possible XSS.
407 CVE-2018-7447 79 XSS 2018-02-23 2018-03-12
3.5
None Remote Medium Single system None Partial None
mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. The 'Title' and 'Subtitle' fields of the 'Blog' page are vulnerable.
408 CVE-2018-7361 476 DoS 2018-11-16 2018-12-10
3.3
None Local Network Low Not required None None Partial
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by null pointer dereference vulnerability, which may allows an attacker to cause a denial of service via appviahttp service.
409 CVE-2018-7303 79 XSS 2018-02-21 2018-03-13
3.5
None Remote Medium Single system None Partial None
The Calendar component in Tiki 17.1 allows HTML injection.
410 CVE-2018-7302 79 XSS 2018-02-21 2018-03-12
3.5
None Remote Medium Single system None Partial None
Tiki 17.1 allows upload of a .PNG file that actually has SVG content, leading to XSS.
411 CVE-2018-7290 79 XSS 2018-03-09 2018-03-27
3.5
None Remote Medium Single system None Partial None
Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, and 18.1.
412 CVE-2018-7261 79 XSS 2018-02-21 2018-10-09
3.5
None Remote Medium Single system None Partial None
There are multiple Persistent XSS vulnerabilities in Radiant CMS 1.1.4. They affect Personal Preferences (Name and Username) and Configuration (Site Title, Dev Site Domain, Page Parts, and Page Fields).
413 CVE-2018-7260 79 XSS 2018-02-21 2018-03-06
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
414 CVE-2018-7205 79 Exec Code XSS 2018-02-20 2018-10-09
3.5
None Remote Medium Single system None Partial None
** DISPUTED ** Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 through 11 allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link that is entered via the "Pages -> Edit template properties -> Device Layouts -> Create device layout (and edit created device layout) -> Design" screens. NOTE: the vendor has responded that there is intended functionality for authorized users to edit and update ascx code layout.
415 CVE-2018-7188 79 +Priv XSS 2018-02-16 2018-03-13
3.5
None Remote Medium Single system None Partial None
An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php.
416 CVE-2018-7170 19 2018-03-06 2018-10-21
3.5
None Remote Medium Single system None Partial None
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.
417 CVE-2018-7098 22 Dir. Trav. 2018-08-14 2018-10-10
3.6
None Local Low Not required Partial Partial None
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow directory traversal.
418 CVE-2018-7035 79 XSS 2018-04-05 2018-05-09
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers (users) to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode in an Add Blog action.
419 CVE-2018-6957 399 2018-03-15 2018-04-13
3.5
None Remote Medium Single system None None Partial
VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled.
420 CVE-2018-6936 79 XSS 2018-02-21 2018-03-13
3.5
None Remote Medium Single system None Partial None
Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via the SSID or the name of a user account.
421 CVE-2018-6935 79 XSS 2018-04-12 2018-05-16
3.5
None Remote Medium Single system None Partial None
PHP Scripts Mall Student Profile Management System Script v2.0.6 has XSS via the Name field to list_student.php.
422 CVE-2018-6905 79 XSS 2018-04-08 2018-05-09
3.5
None Remote Medium Single system None Partial None
The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process.
423 CVE-2018-6904 79 XSS 2018-04-12 2018-05-16
3.5
None Remote Medium Single system None Partial None
PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name field in an Edit Profile action.
424 CVE-2018-6902 79 XSS 2018-04-12 2018-05-11
3.5
None Remote Medium Single system None Partial None
PHP Scripts Mall Image Sharing Script 1.3.3 has XSS via the Full Name field in an Edit Profile action.
425 CVE-2018-6900 79 XSS 2018-04-12 2018-05-11
3.5
None Remote Medium Single system None Partial None
PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the Last Name field on the My Profile page.
426 CVE-2018-6890 79 XSS 2018-02-22 2018-03-06
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in Wolf CMS 0.8.3.1 via the page editing feature, as demonstrated by /?/admin/page/edit/3.
427 CVE-2018-6878 79 XSS 2018-02-09 2018-03-01
3.5
None Remote Medium Single system None Partial None
Cross Site Scripting (XSS) exists in the review section in PHP Scripts Mall Hot Scripts Clone Script Classified 3.1 via the title or description field.
428 CVE-2018-6868 79 XSS 2018-02-23 2018-03-01
3.5
None Remote Medium Single system None Partial None
Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / DealNews / Groupon Clone Script 3.0.2 via a User Profile Field parameter.
429 CVE-2018-6867 79 XSS 2018-02-23 2018-03-01
3.5
None Remote Medium Single system None Partial None
Cross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba Clone Script 1.0.2 via a profile parameter.
430 CVE-2018-6866 79 XSS 2018-02-23 2018-03-01
3.5
None Remote Medium Single system None Partial None
Cross Site Scripting (XSS) exists in PHP Scripts Mall Learning and Examination Management System Script 2.3.1 via a crafted message.
431 CVE-2018-6864 79 XSS 2018-02-11 2018-02-26
3.5
None Remote Medium Single system None Partial None
Cross Site Scripting (XSS) exists in PHP Scripts Mall Multi religion Responsive Matrimonial 4.7.2 via a user profile update parameter.
432 CVE-2018-6862 79 XSS 2018-02-11 2018-02-26
3.5
None Remote Medium Single system None Partial None
Cross Site Scripting (XSS) exists in PHP Scripts Mall Bitcoin MLM Software 1.0.2 via a profile field.
433 CVE-2018-6861 79 XSS 2018-02-11 2018-02-26
3.5
None Remote Medium Single system None Partial None
Cross Site Scripting (XSS) exists in PHP Scripts Mall Lawyer Search Script 1.0.2 via a profile update parameter.
434 CVE-2018-6858 79 XSS 2018-02-11 2018-02-26
3.5
None Remote Medium Single system None Partial None
Cross Site Scripting (XSS) exists in PHP Scripts Mall Facebook Clone Script.
435 CVE-2018-6844 79 XSS 2018-02-08 2018-02-26
3.5
None Remote Medium Single system None Partial None
MyBB 1.8.14 has XSS via the Title or Description field on the Edit Forum screen.
436 CVE-2018-6842 79 XSS 2018-03-19 2018-04-12
3.5
None Remote Medium Single system None Partial None
Kentico 10 before 10.0.50 and 11 before 11.0.3 has XSS in which a crafted URL results in improper construction of a system page.
437 CVE-2018-6796 79 XSS 2018-02-07 2018-02-26
3.5
None Remote Medium Single system None Partial None
PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Stored XSS via every profile input field.
438 CVE-2018-6795 79 XSS 2018-02-07 2018-03-01
3.5
None Remote Medium Single system None Partial None
PHP Scripts Mall Naukri Clone Script 3.0.3 has Stored XSS via every profile input field.
439 CVE-2018-6690 284 Exec Code 2018-09-18 2018-12-12
3.6
None Local Low Not required Partial Partial None
Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system.
440 CVE-2018-6681 79 XSS 2018-07-17 2018-09-17
3.5
None Remote Medium Single system None Partial None
Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface.
441 CVE-2018-6659 79 XSS 2018-04-02 2018-05-17
3.5
None Remote Medium Single system None Partial None
Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows remote authenticated users to exploit an XSS issue via not sanitizing the user input.
442 CVE-2018-6655 79 XSS 2018-02-07 2018-02-26
3.5
None Remote Medium Single system None Partial None
PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS via an arbitrary profile field.
443 CVE-2018-6622 254 2018-08-17 2018-10-29
3.6
None Local Low Not required None Partial Partial
An issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification. An abnormal case is not handled properly by this firmware while S3 sleep and can clear TPM 2.0. It allows local users to overwrite static PCRs of TPM and neutralize the security features of it, such as seal/unseal and remote attestation.
444 CVE-2018-6550 79 XSS 2018-02-02 2018-02-14
3.5
None Remote Medium Single system None Partial None
Monstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php.
445 CVE-2018-6518 79 XSS 2018-04-26 2018-05-25
3.5
None Remote Medium Single system None Partial None
Composr CMS 10.0.13 has XSS via the site_name parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php.
446 CVE-2018-6511 79 XSS 2018-05-08 2018-06-13
3.5
None Remote Medium Single system None Partial None
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Puppet Enterprise Console. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6.
447 CVE-2018-6510 79 XSS 2018-05-08 2018-06-13
3.5
None Remote Medium Single system None Partial None
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6.
448 CVE-2018-6506 79 XSS 2018-02-11 2018-03-06
3.5
None Remote Medium Single system None Partial None
Cross-Site Scripting (XSS) exists in the Add Forum feature in the Administrative Panel in miniBB 3.2.2 via crafted use of an onload attribute of an SVG element in the supertitle field.
449 CVE-2018-6495 79 XSS 2018-05-23 2018-06-26
3.5
None Remote Medium Single system None Partial None
Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS).
450 CVE-2018-6313 79 XSS 2018-01-25 2018-02-08
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) in WBCE CMS 1.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the Modify Page screen, a different issue than CVE-2017-2118.
Total number of vulnerabilities : 3652   Page : 1 2 3 4 5 6 7 8 9 (This Page)10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.