|
249291
|
9.8 |
CRITICAL
Network
|
cirt.net
|
nikto
|
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV r…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2018-11652
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249292
|
6.1 |
MEDIUM
Network
|
emssoftware
|
ems_master_calendar
|
Data input into EMS Master Calendar before 8.0.0.201805210 via URL parameters is not properly sanitized, allowing malicious attackers to send a crafted URL for XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2018-11628
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249293
|
6.1 |
MEDIUM
Network
|
multidots
|
advance_search_for_woocommerce
|
An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting (XSS) vulnerability. A non-a…
|
CWE-79
Cross-site Scripting
|
CVE-2018-11486
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249294
|
6.1 |
MEDIUM
Network
|
multidots
|
woocommerce_quick_reports
|
The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress is vulnerable to Stored XSS. It allows an attacker to inject malicious JavaScript code on the WooCommerce -> Orders admi…
|
CWE-79
Cross-site Scripting
|
CVE-2018-11485
|
2024-11-21 12:43 |
2018-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249295
|
6.1 |
MEDIUM
Network
|
graylog
|
graylog
|
Graylog before v2.4.4 has an XSS security issue with unescaped text in dashboard names, related to components/dashboard/Dashboard.jsx, components/dashboard/EditDashboardModal.jsx, and pages/ShowDashb…
|
CWE-79
Cross-site Scripting
|
CVE-2018-11651
|
2024-11-21 12:43 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249296
|
6.1 |
MEDIUM
Network
|
graylog
|
graylog
|
Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js.
|
CWE-79
Cross-site Scripting
|
CVE-2018-11650
|
2024-11-21 12:43 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249297
|
6.1 |
MEDIUM
Network
|
gethue
|
hue
|
Hue 3.12 has XSS via the /pig/save/ name and script parameters.
|
CWE-79
Cross-site Scripting
|
CVE-2018-11649
|
2024-11-21 12:43 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249298
|
7.5 |
HIGH
Network
|
webkitgtk
|
webkitgtk\+
|
webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unse…
|
NVD-CWE-noinfo
|
CVE-2018-11646
|
2024-11-21 12:43 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249299
|
5.3 |
MEDIUM
Network
|
artifex
|
ghostscript
|
psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a simi…
|
CWE-200
Information Exposure
|
CVE-2018-11645
|
2024-11-21 12:43 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249300
|
6.5 |
MEDIUM
Network
|
multidots
|
woo_checkout_for_digital_goods
|
An issue was discovered in the MULTIDOTS Woo Checkout for Digital Goods plugin 2.1 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishin…
|
CWE-352
Origin Validation Error
|
CVE-2018-11633
|
2024-11-21 12:43 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
