|
246221
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur via a Milestone name during a promotion.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14606
|
2024-11-21 12:49 |
2018-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246222
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14605
|
2024-11-21 12:49 |
2018-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246223
|
6.1 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the tooltip of the job inside the CI/CD pipeline.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14604
|
2024-11-21 12:49 |
2018-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246224
|
8.8 |
HIGH
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. CSRF can occur in the Test feature of the System Hooks component.
|
CWE-352
Origin Validation Error
|
CVE-2018-14603
|
2024-11-21 12:49 |
2018-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246225
|
7.5 |
HIGH
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. Information Disclosure can occur because the Prometheus metrics featu…
|
CWE-200
Information Exposure
|
CVE-2018-14602
|
2024-11-21 12:49 |
2018-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246226
|
7.5 |
HIGH
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.2. A Denial of Service can occur because Markdown rendering times are slow.
|
NVD-CWE-noinfo
|
CVE-2018-14601
|
2024-11-21 12:49 |
2018-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246227
|
7.5 |
HIGH
Network
|
thomsonreuters
|
ultratax_cs
|
Thomson Reuters UltraTax CS 2017 on Windows has a password protection option; however, the level of protection might be inconsistent with some customers' expectations because the data is directly acc…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2018-14608
|
2024-11-21 12:49 |
2018-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246228
|
7.5 |
HIGH
Network
|
thomsonreuters
|
ultratax_cs_2017
|
Thomson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer records and bank account numbers in cleartext over SMBv2, which allows attackers to (1) obtain sensit…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2018-14607
|
2024-11-21 12:49 |
2018-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246229
|
6.1 |
MEDIUM
Network
|
opmantek
|
open-audit
|
Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14493
|
2024-11-21 12:49 |
2018-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246230
|
6.1 |
MEDIUM
Network
|
mondula
|
multi_step_form
|
The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows XSS via the fw_data [id][1], fw_data [id][2], fw_data [id][3], fw_data [id][4], or email field of the contact form, exploitable w…
|
CWE-79
Cross-site Scripting
|
CVE-2018-14430
|
2024-11-21 12:49 |
2018-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
