|
247361
|
6.1 |
MEDIUM
Network
|
opentsdb
|
opentsdb
|
An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'type' to the /suggest URI.
|
CWE-79
Cross-site Scripting
|
CVE-2018-13003
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247362
|
6.1 |
MEDIUM
Network
|
sandoba
|
cp\
|
An XSS issue was discovered in Sandoba CP:Shop v2016.1. The vulnerability is located in the `admin.php` file of the `./cpshop/` module. Remote attackers are able to inject their own script codes to t…
|
CWE-79
Cross-site Scripting
|
CVE-2018-13001
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247363
|
7.5 |
HIGH
Network
|
zohocorp
|
manageengine_desktop_central
|
Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted …
|
CWE-20
Improper Input Validation
|
CVE-2018-12999
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247364
|
6.1 |
MEDIUM
Network
|
zohocorp
|
manageengine_applications_manager
|
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager before 13 (Build 13800) allows remote attackers to inject arbitrary web script or HTML via the parameter…
|
CWE-79
Cross-site Scripting
|
CVE-2018-12996
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247365
|
4.8 |
MEDIUM
Network
|
weblication
|
cms_core_\&_grid
|
An XSS issue was discovered in Inhaltsprojekte in Weblication CMS Core & Grid v12.6.24. The vulnerability is located in the `wFilemanager.php` and `index.php` files of the `/grid5/scripts/` modules. …
|
CWE-79
Cross-site Scripting
|
CVE-2018-13002
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247366
|
4.8 |
MEDIUM
Network
|
anelectron
|
advanced_electron_forum
|
An XSS issue was discovered in Advanced Electron Forum (AEF) v1.0.9. A persistent XSS vulnerability is located in the `FTP Link` element of the `Private Message` module. The editor of the private mes…
|
CWE-79
Cross-site Scripting
|
CVE-2018-13000
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247367
|
6.1 |
MEDIUM
Network
|
zohocorp
|
manageengine_netflow_analyzer
firewall_analyzer
manageengine_opmanager
manageengine_oputils
manageengine_network_configuration_manager
|
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUti…
|
CWE-79
Cross-site Scripting
|
CVE-2018-12998
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247368
|
7.5 |
HIGH
Network
|
zohocorp
|
manageengine_netflow_analyzer
firewall_analyzer
manageengine_opmanager
manageengine_oputils
manageengine_network_configuration_manager
|
Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils …
|
CWE-200
Information Exposure
|
CVE-2018-12997
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247369
|
8.8 |
HIGH
Network
|
onefilecms
|
onefilecms
|
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the Upload screen.
|
CWE-94
Code Injection
|
CVE-2018-12995
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247370
|
8.8 |
HIGH
Network
|
onefilecms
|
onefilecms
|
onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen.
|
CWE-94
Code Injection
|
CVE-2018-12994
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
