|
247181
|
5.4 |
MEDIUM
Network
|
m-server_project
|
m-server
|
A XSS vulnerability was found in module m-server <1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16484
|
2024-11-21 12:52 |
2019-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247182
|
8.8 |
HIGH
Network
|
express-cart_project
|
express-cart
|
A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2018-16483
|
2024-11-21 12:52 |
2019-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247183
|
7.5 |
HIGH
Network
|
mcstatic_project
|
mcstatic
|
A server directory traversal vulnerability was found on node module mcstatic <=0.0.20 that would allow an attack to access sensitive information in the file system by appending slashes in the URL pat…
|
CWE-22
Path Traversal
|
CVE-2018-16482
|
2024-11-21 12:52 |
2019-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247184
|
6.1 |
MEDIUM
Network
|
html-pages_project
|
html-pages
|
A XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code to be executed in the user's browser due to the absence of sanitization of the paths before rendering.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16481
|
2024-11-21 12:52 |
2019-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247185
|
6.1 |
MEDIUM
Network
|
public_project
|
public
|
A XSS vulnerability was found in module public <0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16480
|
2024-11-21 12:52 |
2019-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247186
|
7.5 |
HIGH
Network
|
http-live-simulator_project
|
http-live-simulator
|
Path traversal vulnerability in http-live-simulator <1.0.7 causes unauthorized access to arbitrary files on disk by appending extra slashes after the URL.
|
CWE-22
Path Traversal
|
CVE-2018-16479
|
2024-11-21 12:52 |
2019-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247187
|
7.8 |
HIGH
Local
|
lenovo
|
synaptics_thinkpad_ultranav_driver
thinkpad_helix_firmware
thiankpad_l430_firmware
thiankpad_l530_firmware
thiankpad_p1_firmware
thiankpad_x1_extreme_firmware
thiankpad_p50s_firmwar…
|
In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege …
|
CWE-428
Unquoted Search Path or Element
|
CVE-2018-16098
|
2024-11-21 12:52 |
2019-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247188
|
6.1 |
MEDIUM
Network
|
ohtanz
|
spam-byebye
|
Cross-site scripting vulnerability in WordPress plugin spam-byebye 2.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16206
|
2024-11-21 12:52 |
2019-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247189
|
5.4 |
MEDIUM
Network
|
weseek
|
growi
|
Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via New Page modal.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16205
|
2024-11-21 12:52 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247190
|
4.8 |
MEDIUM
Network
|
google_xml_sitemaps_project
|
google_xml_sitemaps
|
Cross-site scripting vulnerability in Google XML Sitemaps Version 4.0.9 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16204
|
2024-11-21 12:52 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
