| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated only on the client side). |
| mao10cms 6 allows XSS via the article page. |
| mao10cms 6 allows XSS via the m=bbs&a=index page. |
| The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B) does not perform proper validation on user-supplied input and is vulnerable to cross-site scripting attacks. If proper authorization was implemented, this vulnerability could be leveraged to perform actions on behalf of another user or the administrator. |
| SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices have a Hard-coded Password. |
| Reflected Cross-Site Scripting (XSS) exists in the Stock Take module in SLiMS 8 Akasia 8.3.1 via an admin/modules/stock_take/index.php?keywords= URI. |
| Reflected Cross-Site Scripting (XSS) exists in the Master File module in SLiMS 8 Akasia 8.3.1 via an admin/modules/master_file/rda_cmc.php?keywords= URI. |
| Reflected Cross-Site Scripting (XSS) exists in the Membership module in SLiMS 8 Akasia 8.3.1 via an admin/modules/membership/index.php?keywords= URI. |
| Reflected Cross-Site Scripting (XSS) exists in the Circulation module in SLiMS 8 Akasia 8.3.1 via an admin/modules/circulation/loan_rules.php?keywords= URI, a related issue to CVE-2017-7242. |
| Reflected Cross-Site Scripting (XSS) exists in the Bibliography module in SLiMS 8 Akasia 8.3.1 via an admin/modules/bibliography/index.php?keywords= URI. |
| An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app. |
| An issue was discovered in Eventum 3.5.0. /htdocs/list.php has XSS via the show_notification_list_issues or show_authorized_issues parameter. |
| An issue was discovered in Eventum 3.5.0. /htdocs/popup.php has XSS via the cat parameter. |
| An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS via the values parameter. |
| An issue was discovered in Eventum 3.5.0. /htdocs/post_note.php has XSS via the garlic_prefix parameter. |
| An issue was discovered in Eventum 3.5.0. htdocs/switch.php has XSS via the current_page parameter. |
| An issue was discovered in Eventum 3.5.0. htdocs/ajax/update.php has XSS via the field_name parameter. |
| OX App Suite 7.8.4 and earlier allows Directory Traversal. |
| An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding. |
| An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature. |
