Skip to main content
CVE-2018-17960 MEDIUM POC PATCH This Month

CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ckeditor
NVD
CVSS 3.0
6.1
EPSS
2.0%
CVE-2018-15714 MEDIUM POC This Month

Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nagios Xi
NVD
CVSS 3.0
6.1
EPSS
3.8%
CVE-2018-15712 MEDIUM POC THREAT This Month

Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nagios Xi
NVD
CVSS 3.0
6.1
EPSS
48.6%
CVE-2018-19190 MEDIUM POC This Month

The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the error.php error_msg parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Payfort Php Sdk
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-19189 MEDIUM POC This Month

The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in an error.php echo statement. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Payfort Php Sdk
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-19188 MEDIUM POC This Month

The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the success.php fort_id parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Payfort Php Sdk
NVD GitHub
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-19187 MEDIUM POC This Month

The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in a success.php echo statement. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Payfort Php Sdk
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-19186 MEDIUM POC This Month

The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the route.php paymentMethod parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Payfort Php Sdk
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-15713 MEDIUM POC This Month

Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nagios Xi
NVD
CVSS 3.0
5.4
EPSS
7.2%
CVE-2018-9347 MEDIUM PATCH This Month

In function SMF_ParseMetaEvent of file eas_smf.c there is incorrect input validation causing an infinite loop. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-6080 MEDIUM This Month

Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome Enterprise Linux Desktop Enterprise Linux Server +2
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-6079 MEDIUM This Month

Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Enterprise Linux Desktop Enterprise Linux Server +2
NVD
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-6077 MEDIUM This Month

Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Enterprise Linux Desktop Enterprise Linux Server +2
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-6075 MEDIUM This Month

Incorrect handling of specified filenames in file downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page and user interaction. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Linux Desktop Linux Server +2
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-6069 MEDIUM This Month

Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Buffer Overflow Chrome Linux Desktop +3
NVD
CVSS 3.0
6.5
EPSS
1.6%
CVE-2018-6066 MEDIUM This Month

Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Linux Desktop Linux Server +2
NVD
CVSS 3.0
6.5
EPSS
2.8%
CVE-2018-17468 MEDIUM This Month

Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Enterprise Linux Desktop Enterprise Linux Server +2
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-3621 MEDIUM This Month

Insufficient input validation in the Intel Driver & Support Assistant before 3.6.0.4 may allow an unauthenticated user to potentially enable information disclosure via adjacent access. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Driver Support Assistant
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2018-8579 MEDIUM PATCH This Month

An information disclosure vulnerability exists when attaching files to Outlook messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Office Office 365 Proplus
NVD
CVSS 3.0
6.5
EPSS
6.3%
CVE-2018-8558 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Outlook fails to respect "Default link type" settings configured via the SharePoint Online Admin Center, aka "Microsoft Outlook. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Office Office 365 Proplus
NVD
CVSS 3.0
6.5
EPSS
5.6%
CVE-2018-8416 MEDIUM PATCH This Month

A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka ".NET Core Tampering Vulnerability." This affects .NET Core 2.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Asp Net Core
NVD
CVSS 3.0
6.5
EPSS
7.3%
CVE-2018-8592 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists in Windows 10 version 1809 when installed from physical media (USB, DVD, etc, aka "Windows Elevation Of Privilege Vulnerability." This affects Windows. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required.

Microsoft Information Disclosure Windows 10 Windows Server 2019
NVD
CVSS 3.0
6.4
EPSS
1.2%
CVE-2018-19280 MEDIUM PATCH This Month

Centreon 3.4.x (fixed in Centreon 18.10.0) has XSS via the resource name or macro expression of a poller macro. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Centreon
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-6081 MEDIUM This Month

XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Chrome Linux Desktop Linux Server +2
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-6076 MEDIUM This Month

Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Chrome Linux Desktop Linux Server +2
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-6070 MEDIUM This Month

Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Chrome Enterprise Linux Desktop Enterprise Linux Server +2
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-3699 MEDIUM This Month

Cross-site scripting in the Intel RAID Web Console v3 for Windows may allow an unauthenticated user to elevate privilege via remote access. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Intel Microsoft XSS Raid Web Console 3
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-8600 MEDIUM PATCH This Month

A Cross-site Scripting (XSS) vulnerability exists when Azure App Services on Azure Stack does not properly sanitize user provided input, aka "Azure App Service Cross-site Scripting Vulnerability.". Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft XSS Azure App Service On Azure Stack
NVD
CVSS 3.0
6.1
EPSS
2.0%
CVE-2018-8546 MEDIUM PATCH This Month

A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Microsoft Denial Of Service Lync Lync Basic Office +3
NVD
CVSS 3.0
5.9
EPSS
5.5%
CVE-2018-9544 MEDIUM PATCH This Month

In register_app of btif_hd.cc, there is a possible out-of-bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2018-9543 MEDIUM PATCH This Month

In trim_device of f2fs_format_utils.c, it is possible that the data partition is not wiped during a factory reset. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2018-9457 MEDIUM PATCH This Month

In onCheckedChanged of BluetoothPairingController.java, there is a possible way to retrieve contact information due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2018-3696 MEDIUM This Month

Authentication bypass in the Intel RAID Web Console 3 for Windows before 4.186 may allow an unprivileged user to potentially gain administrative privileges via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Intel Raid Web Console 3
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-8565 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka "Win32k Information Disclosure Vulnerability." This affects Windows 7, Windows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
5.5
EPSS
3.2%
CVE-2018-8563 MEDIUM PATCH This Month

An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 7 Windows 8 1 Windows Rt 8 1 +2
NVD
CVSS 3.0
5.5
EPSS
1.7%
CVE-2018-8549 MEDIUM PATCH This Month

A security feature bypass exists when Windows incorrectly validates kernel driver signatures, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.0
5.5
EPSS
1.2%
CVE-2018-8454 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Windows Audio Service fails to properly handle objects in memory, aka "Windows Audio Service Information Disclosure Vulnerability." This affects. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.0
5.5
EPSS
3.3%
CVE-2018-8408 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
5.5
EPSS
1.7%
CVE-2018-8407 MEDIUM PATCH This Month

An information disclosure vulnerability exists when "Kernel Remote Procedure Call Provider" driver improperly initializes objects in memory, aka "MSRPC Information Disclosure Vulnerability." This. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
5.5
EPSS
1.7%
CVE-2018-8608 MEDIUM PATCH This Month

A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Dynamics 365
NVD
CVSS 3.0
5.4
EPSS
1.4%
CVE-2018-8607 MEDIUM PATCH This Month

A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Dynamics 365
NVD
CVSS 3.0
5.4
EPSS
1.4%
CVE-2018-8606 MEDIUM PATCH This Month

A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Dynamics 365
NVD
CVSS 3.0
5.4
EPSS
1.4%
CVE-2018-8605 MEDIUM PATCH This Month

A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Dynamics 365
NVD
CVSS 3.0
5.4
EPSS
1.4%
CVE-2018-8602 MEDIUM PATCH This Month

A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka "Team Foundation Server Cross-site Scripting Vulnerability." This. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Team Foundation Server
NVD
CVSS 3.0
5.4
EPSS
1.5%
CVE-2018-8572 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.0
5.4
EPSS
1.6%
CVE-2018-8568 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
2.2%
CVE-2018-8567 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Microsoft Edge
NVD
CVSS 3.0
5.4
EPSS
3.1%
CVE-2018-8547 MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.0
5.4
EPSS
1.6%
CVE-2018-8417 MEDIUM PATCH This Month

A security feature bypass vulnerability exists in Microsoft JScript that could allow an attacker to bypass Device Guard, aka "Microsoft JScript Security Feature Bypass Vulnerability." This affects. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.0
5.3
EPSS
2.0%
CVE-2018-6082 MEDIUM This Month

Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Enterprise Linux Desktop Enterprise Linux Server +2
NVD
CVSS 3.0
4.7
EPSS
1.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy