Skip to main content
CVE-2018-1000163 MEDIUM POC This Month

Floodlight version 1.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in the web console that can result in javascript injections into the web page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Floodlight
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-1000160 MEDIUM POC PATCH This Month

RisingStack protect version 1.2.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in isXss() function in lib/rules/xss.js that can result in dangerous XSS strings being validated as. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Protect
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-8831 MEDIUM POC THREAT This Month

A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kodi
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
53.9%
CVE-2018-10110 MEDIUM POC This Month

D-Link DIR-615 T1 devices allow XSS via the Add User feature. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dir 615 T1 Firmware
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
3.5%
CVE-2018-7758 MEDIUM This Month

A denial of service vulnerability exists in Schneider Electric's MiCOM Px4x (P540 range excluded) with legacy Ethernet board, MiCOM P540D Range with Legacy Ethernet Board, and MiCOM Px4x Rejuvenated. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Denial Of Service Micom P141 Firmware Micom P142 Firmware Micom P143 Firmware +20
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2018-1325 MEDIUM PATCH This Month

In Apache wicket-jquery-ui <= 6.29.0, <= 7.10.1, <= 8.0.0-M9.1, JS code created in WYSIWYG editor will be executed on display. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Wicket Jquery Ui
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-1000162 MEDIUM PATCH This Month

Parsedown version prior to 1.7.0 contains a Cross Site Scripting (XSS) vulnerability in `setMarkupEscaped` for escaping HTML that can result in JavaScript code execution. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Parsedown
NVD GitHub
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-9990 MEDIUM This Month

In Zulip Server versions before 1.7.2, there was an XSS issue with stream names in topic typeahead. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zulip Server
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-9987 MEDIUM This Month

In Zulip Server versions 1.5.x, 1.6.x, and 1.7.x before 1.7.2, there was an XSS issue with muting notifications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zulip Server
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-9986 MEDIUM This Month

In Zulip Server versions before 1.7.2, there were XSS issues with the frontend markdown processor. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zulip Server
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-8071 MEDIUM PATCH This Month

Mautic before v2.13.0 has stored XSS via a theme config file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mautic
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-1000159 MEDIUM PATCH This Month

tlslite-ng version 0.7.3 and earlier, since commit d7b288316bca7bcdd082e6ccff5491e241305233 contains a CWE-354: Improper Validation of Integrity Check Value vulnerability in TLS implementation,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Tlslite Ng
NVD GitHub
CVSS 3.0
5.9
EPSS
0.8%
CVE-2018-1000161 MEDIUM This Month

nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Nmap
NVD
CVSS 3.0
5.7
EPSS
1.0%
CVE-2018-9999 MEDIUM This Month

In Zulip Server versions before 1.7.2, there was an XSS issue with user uploads and the (default) LOCAL_UPLOADS_DIR storage backend. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zulip Server
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-7244 MEDIUM This Month

An information disclosure vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure 66074 Mge Network Management Card Transverse
NVD
CVSS 3.0
5.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy