CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2018-20565 79 XSS 2018-12-28 2019-01-04
3.5
None Remote Medium Single system None Partial None
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?rec=update has XSS via the nav_name parameter.
402 CVE-2018-20564 79 XSS 2018-12-28 2019-01-04
3.5
None Remote Medium Single system None Partial None
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product_category.php?rec=update has XSS via the cat_name parameter.
403 CVE-2018-20563 79 XSS 2018-12-28 2019-01-04
3.5
None Remote Medium Single system None Partial None
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS via the mobile_name parameter.
404 CVE-2018-20562 79 XSS 2018-12-28 2019-01-04
3.5
None Remote Medium Single system None Partial None
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article_category.php?rec=update has XSS via the cat_name parameter.
405 CVE-2018-20561 79 XSS 2018-12-28 2019-01-04
3.5
None Remote Medium Single system None Partial None
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the title parameter.
406 CVE-2018-20560 79 XSS 2018-12-28 2019-01-04
3.5
None Remote Medium Single system None Partial None
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/show.php?rec=update has XSS via the show_name parameter.
407 CVE-2018-20559 79 XSS 2018-12-28 2019-01-04
3.5
None Remote Medium Single system None Partial None
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product.php?rec=update has XSS via the name parameter.
408 CVE-2018-20558 79 XSS 2018-12-28 2019-01-04
3.5
None Remote Medium Single system None Partial None
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/system.php?rec=update has XSS via the site_name parameter.
409 CVE-2018-20557 79 XSS 2018-12-28 2019-01-04
3.5
None Remote Medium Single system None Partial None
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/page.php?rec=edit has XSS via the page_name parameter.
410 CVE-2018-20530 79 XSS 2018-12-28 2019-01-03
3.5
None Remote Medium Single system None Partial None
PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a Profile field such as Company Address, a related issue to CVE-2018-15896.
411 CVE-2018-20448 79 XSS 2018-12-25 2019-01-03
3.5
None Remote Medium Single system None Partial None
Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI.
412 CVE-2018-20418 79 XSS 2018-12-23 2019-01-07
3.5
None Remote Medium Single system None Partial None
index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab.
413 CVE-2018-20373 79 XSS 2018-12-22 2019-01-14
3.5
None Remote Medium Single system None Partial None
Tenda ADSL modem routers 1.0.1 allow XSS via the hostname of a DHCP client.
414 CVE-2018-20372 79 XSS 2018-12-22 2019-01-11
3.5
None Remote Medium Single system None Partial None
TP-Link TD-W8961ND devices allow XSS via the hostname of a DHCP client.
415 CVE-2018-20370 79 XSS 2018-12-22 2019-01-09
3.5
None Remote Medium Single system None Partial None
SZ NetChat before 7.9 has XSS in the MyName input field of the Options module. Attackers are able to inject commands to compromise the enabled HTTP server web frontend.
416 CVE-2018-20368 79 XSS 2018-12-22 2019-01-15
3.5
None Remote Medium Single system None Partial None
The Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the wp-admin/admin-ajax.php Name input field of the MSPanel.Settings value on Callback.
417 CVE-2018-20328 79 XSS 2018-12-21 2019-01-07
3.5
None Remote Medium Single system None Partial None
Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php in the social groups tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered "low risk" due to the nature of the feature it exploits.
418 CVE-2018-20327 79 XSS 2018-12-21 2019-01-07
3.5
None Remote Medium Single system None Partial None
Chamilo LMS version 1.11.8 contains XSS in main/template/default/admin/gradebook_list.tpl in the gradebook dependencies tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered "low risk" due to the nature of the feature it exploits.
419 CVE-2018-20306 79 XSS 2018-12-20 2019-01-08
3.5
None Remote Medium Single system None Partial None
A stored cross-site scripting (XSS) vulnerability in the web administration user interface of Pulse Secure Virtual Traffic Manager may allow a remote authenticated attacker to inject web script or HTML via a crafted website and steal sensitive data and credentials. Affected releases are Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1.
420 CVE-2018-20244 79 XSS 2019-02-27 2019-04-12
3.5
None Remote Medium Single system None Partial None
In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.
421 CVE-2018-20239 79 XSS 2019-04-30 2019-05-29
3.5
None Remote Medium Single system None Partial None
Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter. The product is used as a plugin in various Atlassian products where the following are affected: Confluence before version 6.15.2, Crucible before version 4.7.0, Crowd before version 3.4.3, Fisheye before version 4.7.0, Jira before version 7.13.3 and 8.x before 8.1.0.
422 CVE-2018-20217 20 2018-12-26 2019-04-16
3.5
None Remote Medium Single system None None Partial
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.
423 CVE-2018-20153 79 XSS 2018-12-14 2019-01-04
3.5
None Remote Medium Single system None Partial None
In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS.
424 CVE-2018-20149 79 XSS Bypass 2018-12-14 2019-01-04
3.5
None Remote Medium Single system None Partial None
In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data.
425 CVE-2018-20138 79 XSS 2018-12-13 2019-01-03
3.5
None Remote Medium Single system None Partial None
PHP Scripts Mall Entrepreneur B2B Script 3.0.6 allows Stored XSS via Account Settings fields such as FirstName and LastName, a similar issue to CVE-2018-14541.
426 CVE-2018-20137 79 XSS 2018-12-13 2019-01-03
3.5
None Remote Medium Single system None Partial None
XSS exists in FUEL CMS 1.4.3 via the Page title, Meta description, or Meta keywords during page data management, as demonstrated by the pages/edit/1?lang=english URI.
427 CVE-2018-20136 79 XSS 2018-12-13 2019-01-03
3.5
None Remote Medium Single system None Partial None
XSS exists in FUEL CMS 1.4.3 via the Header or Body in the Layout Variables during new-page creation, as demonstrated by the pages/edit/1?lang=english URI.
428 CVE-2018-20017 79 XSS 2018-12-10 2018-12-28
3.5
None Remote Medium Single system None Partial None
SEMCMS 3.5 has XSS via the first text box to the SEMCMS_Main.php URI.
429 CVE-2018-20012 79 XSS 2018-12-10 2018-12-31
3.5
None Remote Medium Single system None Partial None
PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=member&c=register&m=index URI.
430 CVE-2018-20011 79 XSS 2018-12-10 2018-12-21
3.5
None Remote Medium Single system None Partial None
DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field.
431 CVE-2018-20010 79 XSS 2018-12-10 2018-12-21
3.5
None Remote Medium Single system None Partial None
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field.
432 CVE-2018-20009 79 XSS 2018-12-10 2018-12-21
3.5
None Remote Medium Single system None Partial None
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field.
433 CVE-2018-19995 79 XSS 2019-01-03 2019-01-07
3.5
None Remote Medium Single system None Partial None
A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to user/card.php.
434 CVE-2018-19992 79 XSS 2019-01-03 2019-01-07
3.5
None Remote Medium Single system None Partial None
A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to adherents/type.php.
435 CVE-2018-19927 79 XSS 2018-12-06 2019-01-02
3.5
None Remote Medium Single system None Partial None
Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zForm_save_changes sip_nick parameter. The password of alphaadmin for the admin account may be used for authentication in some cases.
436 CVE-2018-19919 79 XSS 2018-12-06 2018-12-31
3.5
None Remote Medium Single system None Partial None
Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php data[title] parameter, as demonstrated by a crafted onload attribute of an SVG element.
437 CVE-2018-19918 79 XSS 2018-12-31 2019-01-10
3.5
None Remote Medium Single system None Partial None
CuppaCMS has XSS via an SVG document uploaded to the administrator/#/component/table_manager/view/cu_views URI.
438 CVE-2018-19915 79 XSS 2018-12-06 2018-12-21
3.5
None Remote Medium Single system None Partial None
DomainMOD through 4.11.01 has XSS via the assets/edit/host.php Web Host Name or Web Host URL field.
439 CVE-2018-19914 79 XSS 2018-12-06 2018-12-21
3.5
None Remote Medium Single system None Partial None
DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field.
440 CVE-2018-19913 79 XSS 2018-12-06 2018-12-21
3.5
None Remote Medium Single system None Partial None
DomainMOD through 4.11.01 has XSS via the assets/add/registrar-accounts.php UserName, Reseller ID, or notes field.
441 CVE-2018-19906 79 XSS 2018-12-31 2019-01-10
3.5
None Remote Medium Single system None Partial None
Stored XSS exists in razorCMS 3.4.8 via the /#/page description parameter.
442 CVE-2018-19905 79 XSS 2018-12-31 2019-01-10
3.5
None Remote Medium Single system None Partial None
HTML injection exists in razorCMS 3.4.8 via the /#/page keywords parameter.
443 CVE-2018-19902 79 XSS 2018-12-31 2019-01-10
3.5
None Remote Medium Single system None Partial None
No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article "keyword" parameter.
444 CVE-2018-19901 79 XSS 2018-12-31 2019-01-10
3.5
None Remote Medium Single system None Partial None
No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article/index/ "article_title" parameter.
445 CVE-2018-19892 79 XSS 2018-12-05 2018-12-21
3.5
None Remote Medium Single system None Partial None
DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field.
446 CVE-2018-19849 79 XSS 2018-12-04 2018-12-31
3.5
None Remote Medium Single system None Partial None
An issue was discovered in YzmCMS 5.2. XSS exists via the admin/content/search.html searinfo parameter.
447 CVE-2018-19845 79 XSS 2018-12-31 2019-01-10
3.5
None Remote Medium Single system None Partial None
There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to CVE-2018-16325.
448 CVE-2018-19844 79 XSS 2018-12-31 2019-01-10
3.5
None Remote Medium Single system None Partial None
FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, which is mishandled during an edit action, a related issue to CVE-2018-10319.
449 CVE-2018-19752 79 XSS 2018-11-29 2018-12-21
3.5
None Remote Medium Single system None Partial None
DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes field for the Registrar.
450 CVE-2018-19751 79 XSS 2018-11-29 2018-12-21
3.5
None Remote Medium Single system None Partial None
DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields.
Total number of vulnerabilities : 4305   Page : 1 2 3 4 5 6 7 8 9 (This Page)10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.