CVE-2018-12672 CVSS:0.0
The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B) does not perform proper validation on user-supplied input and is vulnerable to cross-site scripting attacks. If proper authorization was implemented, this vulnerability could be leveraged to perform actions on behalf of another user or the administrator. (Last Update:2018-10-19) (Publish Update:2018-10-19)
CVE-2018-15312 CVSS:0.0
On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, a reflected Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an authenticated user to execute JavaScript for the currently logged-in user. (Last Update:2018-10-19) (Publish Update:2018-10-19)
CVE-2018-15313 CVSS:0.0
On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page. (Last Update:2018-10-19) (Publish Update:2018-10-19)
CVE-2018-15314 CVSS:0.0
On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page. (Last Update:2018-10-19) (Publish Update:2018-10-19)
CVE-2018-15315 CVSS:0.0
On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a reflected Cross Site Scripting (XSS) vulnerability in an undisclosed Configuration Utility page. (Last Update:2018-10-19) (Publish Update:2018-10-19)
CVE-2018-18416 CVSS:0.0
LANGO Codeigniter Multilingual Script 1.0 has XSS in the input and upload sections, as demonstrated by the site_name parameter to the admin/settings/update URI. (Last Update:2018-10-19) (Publish Update:2018-10-19)
CVE-2018-18417 CVSS:0.0
In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI. (Last Update:2018-10-19) (Publish Update:2018-10-19)
CVE-2018-18419 CVSS:0.0
Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1, as demonstrated by a .jpg filename to the /account URI. (Last Update:2018-10-19) (Publish Update:2018-10-19)
CVE-2018-18420 CVSS:0.0
Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI. (Last Update:2018-10-19) (Publish Update:2018-10-19)
CVE-2018-18527 CVSS:0.0
OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or editTicketStatusId parameter. (Last Update:2018-10-19) (Publish Update:2018-10-19)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com