Skip to main content
CVE-2018-9328 MEDIUM POC This Month

PHP Scripts Mall Redbus Clone Script 3.0.6 has XSS via the ter_from or tag parameter to results.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Redbus Clone Script
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-9244 MEDIUM POC This Month

GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vulnerable to XSS because a lack of input validation in the milestones component leads to cross site scripting (specifically,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab XSS
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-9243 MEDIUM POC This Month

GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab XSS
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-4863 MEDIUM POC This Month

Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Sophos Authentication Bypass Endpoint Protection
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
1.2%
CVE-2018-7035 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers (users) to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gleez Cms
NVD GitHub
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-1000143 MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Github Pull Request Builder
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2018-1096 MEDIUM This Month

An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Foreman Satellite
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-1000148 MEDIUM This Month

An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Copy To Slave
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-1000147 MEDIUM This Month

An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with insufficient permission to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Perforce
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-1000145 MEDIUM This Month

An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with local file system access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Perforce
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-1000152 MEDIUM PATCH This Month

An improper authorization vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java,. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Authentication Bypass Jenkins Denial Of Service Vsphere
NVD
CVSS 3.0
6.3
EPSS
0.7%
CVE-2018-1000154 MEDIUM This Month

Zammad GmbH Zammad version 2.3.0 and earlier contains a Improper Neutralization of Script-Related HTML Tags in a Web Page (CWE-80) vulnerability in the subject of emails which are not html quoted in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java XSS Zammad
NVD GitHub
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-1000144 MEDIUM PATCH This Month

A cross site scripting vulnerability exists in Jenkins Cucumber Living Documentation Plugin 1.0.12 and older in CukedoctorBaseAction#doDynamic that disables the Content-Security-Policy protection for. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XSS Cucumber Living Documentation
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-1000151 MEDIUM PATCH This Month

A man in the middle vulnerability exists in Jenkins vSphere Plugin 2.16 and older in VSphere.java that disables SSL/TLS certificate validation by default. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins Information Disclosure Vsphere
NVD
CVSS 3.0
5.6
EPSS
0.4%
CVE-2018-1000149 MEDIUM PATCH This Month

A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 and older in AbstractAnsibleInvocation.java, AnsibleAdHocCommandBuilder.java, AnsibleAdHocCommandInvocationTest.java,. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins Information Disclosure Ansible
NVD
CVSS 3.0
5.6
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy