Skip to main content
CVE-2018-17884 MEDIUM POC This Month

XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook (gwolle-gb) plugin before 2.5.4 for WordPress via the PATH_INFO to wp-admin/index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Gwolle Guestbook
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-17593 MEDIUM POC This Month

AirTies Air 5453 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Air 5453 Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-17591 MEDIUM POC This Month

AirTies Air 5343v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Air 5343V2 Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-17590 MEDIUM POC This Month

AirTies Air 5442 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Air 5442 Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-17589 MEDIUM POC This Month

AirTies Air 5650 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Air 5650 Firmware
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-17588 MEDIUM POC This Month

AirTies Air 5021 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Air 5021 Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-17587 MEDIUM POC This Month

AirTies Air 5750 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Air 5750 Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-9499 MEDIUM POC PATCH This Month

In readVector of iCrypto.cpp, there is a possible invalid read due to uninitialized data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-17886 MEDIUM POC This Month

An issue was discovered in JEESNS 1.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java XSS Jeesns
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-9510 MEDIUM PATCH This Month

In smp_proc_enc_info of smp_act.cc, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2018-9509 MEDIUM PATCH This Month

In smp_proc_master_id of smp_act.cc, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2018-9508 MEDIUM PATCH This Month

In smp_process_keypress_notification of smp_act.cc, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2018-9507 MEDIUM PATCH This Month

In bta_av_proc_meta_cmd of bta_av_act.cc, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2018-9506 MEDIUM PATCH This Month

In avrc_msg_cback of avrc_api.cc, there is a possible out-of-bound read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2018-9505 MEDIUM PATCH This Month

In mca_ccb_hdl_req of mca_cact.cc, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2018-9502 MEDIUM PATCH This Month

In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible out-of-bounds read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-11750 MEDIUM This Month

Previous releases of the Puppet cisco_ios module did not validate a host's identity before starting a SSH connection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Ios Module
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-17596 MEDIUM This Month

In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Assetexplorer
NVD
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-17595 MEDIUM This Month

In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fork Cms
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-17594 MEDIUM This Month

AirTies Air 5443v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Air 5443V2 Firmware
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-15563 MEDIUM This Month

_core/admin/pages/add/ in Subrion CMS 4.2.1 has XSS via the titles[en] parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Subrion
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-9069 MEDIUM This Month

In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Information Disclosure Lenovo 310S 14Isk Firmware 320 15Ikbra Firmware +66
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2018-9511 MEDIUM PATCH This Month

In ipSecSetEncapSocketOwner of XfrmController.cpp, there is a possible failure to initialize a security feature due to uninitialized data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2018-9493 MEDIUM PATCH This Month

In the content provider of the download manager, there is a possible SQL injection due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

SQLi Information Disclosure Google Android
NVD
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-9452 MEDIUM PATCH This Month

In getOffsetForHorizontal of Layout.java, there is a possible application hang due to a slow width calculation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-11752 MEDIUM This Month

Previous releases of the Puppet cisco_ios module output SSH session debug information including login credentials to a world readable file on every run. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco Ios
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2018-1692 MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1691 MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1605 MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1601 MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1558 MEDIUM PATCH This Month

IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Collaborative Lifecycle Management Rational Doors Next Generation Rational Engineering Lifecycle Manager +4
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1557 MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1522 MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1440 MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1439 MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1405 MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1404 MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1403 MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1395 MEDIUM PATCH This Month

IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1593 MEDIUM This Month

IBM Multi-Cloud Data Encryption (MDE) 2.1 could allow an unauthorized user to manipulate data due to missing file checksums. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Multi Cloud Data Encryption
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2018-16984 MEDIUM PATCH This Month

An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Python Django
NVD
CVSS 3.0
4.9
EPSS
2.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy