Total
338 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-19951 | 1 Qnap | 2 Music Station, Qts | 2024-11-21 | 6.1 Medium |
| If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. | ||||
| CVE-2018-19942 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 build 20210202 (and later) QTS 4.5.1.1456 build 20201015 (and later) QTS 4.3.6.1446 build 20200929 (and later) QTS 4.3.4.1463 build 20201006 (and later) QTS 4.3.3.1432 build 20201006 (and later) QTS 4.2.6 build 20210327 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.4.1601 build 20210309 (and later) QuTScloud c4.5.3.1454 build 20201013 (and later) | ||||
| CVE-2018-16555 | 1 Siemens | 8 Scalance S602, Scalance S602 Firmware, Scalance S612 and 5 more | 2024-11-21 | N/A |
| A vulnerability has been identified in SCALANCE S602 (All versions < V4.0.1.1), SCALANCE S612 (All versions < V4.0.1.1), SCALANCE S623 (All versions < V4.0.1.1), SCALANCE S627-2M (All versions < V4.0.1.1). The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known. | ||||
| CVE-2017-20140 | 1 Ambit | 1 Movie Portal Script | 2024-11-21 | 4.3 Medium |
| A vulnerability was found in Itech Movie Portal Script 7.36. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /movie.php. The manipulation of the argument f with the input <img src=i onerror=prompt(1)> leads to basic cross site scripting (Reflected). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2017-20122 | 1 Bitrix24 | 1 Bitrix Site Manager | 2024-11-21 | 3.5 Low |
| A vulnerability classified as problematic was found in Bitrix Site Manager 12.06.2015. Affected by this vulnerability is an unknown functionality of the component Contact Form. The manipulation of the argument text with the input <img src="http://1"; on onerror="$(’p').text(’Hacked’)" /> leads to basic cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2017-20118 | 1 Trueconf | 1 Server | 2024-11-21 | 3.5 Low |
| A vulnerability was found in TrueConf Server 4.3.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/conferences/list/. The manipulation of the argument domxss leads to basic cross site scripting (DOM). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2017-20117 | 1 Trueconf | 1 Server | 2024-11-21 | 3.5 Low |
| A vulnerability was found in TrueConf Server 4.3.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/group. The manipulation leads to basic cross site scripting (DOM). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2017-20116 | 1 Trueconf | 1 Server | 2024-11-21 | 3.5 Low |
| A vulnerability was found in TrueConf Server 4.3.7. It has been classified as problematic. Affected is an unknown function of the file /admin/group/list/. The manipulation of the argument checked_group_id leads to basic cross site scripting (Reflected). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2017-20115 | 1 Trueconf | 1 Server | 2024-11-21 | 3.5 Low |
| A vulnerability was found in TrueConf Server 4.3.7 and classified as problematic. This issue affects some unknown processing of the file /admin/conferences/list/. The manipulation of the argument sort leads to basic cross site scripting (Reflected). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2017-20114 | 1 Trueconf | 1 Server | 2024-11-21 | 3.5 Low |
| A vulnerability has been found in TrueConf Server 4.3.7 and classified as problematic. This vulnerability affects unknown code of the file /admin/conferences/get-all-status/. The manipulation of the argument keys[] leads to basic cross site scripting (Reflected). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2017-20113 | 1 Trueconf | 1 Server | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in TrueConf Server 4.3.7. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2017-20108 | 1 Easy Table Project | 1 Easy Table | 2024-11-21 | 3.5 Low |
| A vulnerability classified as problematic has been found in Easy Table Plugin 1.6. This affects an unknown part of the file /wordpress/wp-admin/options-general.php. The manipulation with the input "><script>alert(1)</script> leads to basic cross site scripting. It is possible to initiate the attack remotely. | ||||
| CVE-2017-20100 | 1 Air Transfer Project | 1 Air Transfer | 2024-11-21 | 3.5 Low |
| A vulnerability was found in Air Transfer 1.0.14/1.2.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2017-20098 | 1 Weblizar | 1 Admin Custom Login | 2024-11-21 | 3.5 Low |
| A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting (Persistent). It is possible to launch the attack remotely. | ||||
| CVE-2017-20097 | 1 Wp-filebase Download Manager Project | 1 Wp-filebase Download Manager | 2024-11-21 | 3.5 Low |
| A vulnerability was found in WP-Filebase Download Manager Plugin 3.4.4. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. | ||||
| CVE-2017-20096 | 1 Wp-spamfree Anti-spam Project | 1 Wp-spamfree Anti-spam | 2024-11-21 | 3.5 Low |
| A vulnerability classified as problematic has been found in WP-SpamFree Anti-Spam Plugin 2.1.1.4. This affects an unknown part. The manipulation leads to basic cross site scripting. It is possible to initiate the attack remotely. | ||||
| CVE-2017-20094 | 1 Newstatpress Project | 1 Newstatpress | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in NewStatPress Plugin 1.2.4. This issue affects some unknown processing. The manipulation leads to basic cross site scripting (Persistent). The attack may be initiated remotely. Upgrading to version 1.2.5 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2017-20092 | 1 Yoast | 1 Google Analytics Dashboard | 2024-11-21 | 3.5 Low |
| A vulnerability classified as problematic was found in Google Analytics Dashboard Plugin 2.1.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site scripting. The attack can be launched remotely. | ||||
| CVE-2017-20089 | 1 Gwolle Guestbook Project | 1 Gwolle Guestbook | 2024-11-21 | 3.5 Low |
| A vulnerability was found in Gwolle Guestbook Plugin 1.7.4. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to basic cross site scripting. The attack may be initiated remotely. | ||||
| CVE-2017-20087 | 1 Thealpinepress | 1 Alpine-photo-tile-for-instagram | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in Alpine PhotoTile for Instagram Plugin 1.2.7.7. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. | ||||