CVE-2018-10321 — Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings.
Published: April 24, 2018; 02:29:00 AM -04:00

V3: 4.8 MEDIUM
V2: 3.5 LOW

CVE-2018-10320 — Frog CMS 0.9.5 has XSS via the admin/?/layout/edit layout[name] parameter, aka Edit Layout.
Published: April 23, 2018; 10:29:00 PM -04:00

V3: 4.8 MEDIUM
V2: 3.5 LOW

CVE-2018-10319 — Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit snippet[name] parameter, aka Edit Snippet.
Published: April 23, 2018; 10:29:00 PM -04:00

V3: 4.8 MEDIUM
V2: 3.5 LOW

CVE-2018-10318 — Frog CMS 0.9.5 has XSS via the admin/?/page/edit page[keywords] parameter, aka Edit Page Metadata.
Published: April 23, 2018; 10:29:00 PM -04:00

V3: 4.8 MEDIUM
V2: 3.5 LOW

CVE-2017-1786 — IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 under special circumstances could allow an authenticated user to consume all resources due to a memory leak resulting in service loss. IBM X-Force ID: 136975.
Published: April 23, 2018; 09:29:00 AM -04:00

V3: 5.3 MEDIUM
V2: 3.5 LOW

CVE-2017-1764 — IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, under specialized circumstances, could expose plain text credentials to a local user. IBM X-Force ID: 136149.
Published: April 23, 2018; 09:29:00 AM -04:00

V3: 7.0 HIGH
V2: 1.9 LOW

CVE-2017-1486 — IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading t... read CVE-2017-1486
Published: April 23, 2018; 09:29:00 AM -04:00

V3: 6.1 MEDIUM
V2: 4.3 MEDIUM

CVE-2018-10298 — Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content.
Published: April 22, 2018; 11:29:00 AM -04:00

V3: 5.4 MEDIUM
V2: 3.5 LOW

CVE-2018-10297 — Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related to mishandling of IMG elements associated with remote images.
Published: April 22, 2018; 11:29:00 AM -04:00

V3: 5.4 MEDIUM
V2: 3.5 LOW

CVE-2018-10254 — Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a craft... read CVE-2018-10254
Published: April 21, 2018; 12:29:00 PM -04:00

V3: 7.8 HIGH
V2: 6.8 MEDIUM

CVE-2018-10078 — Cross-site scripting (XSS) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a server description.
Published: April 20, 2018; 05:29:00 PM -04:00

V3: 4.8 MEDIUM
V2: 3.5 LOW

CVE-2018-10077 — XML external entity (XXE) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to read arbitrary files via crafted XML data.
Published: April 20, 2018; 05:29:00 PM -04:00

V3: 4.9 MEDIUM
V2: 4.0 MEDIUM

CVE-2014-0883 — Cross-site scripting (XSS) vulnerability in IBM Power Hardware Management Console (HMC) 7R7.1.0, 7R7.2.0, 7R7.3.0 through 7R7.3.5, 7R7.7.0 through SP3, and 7R7.8.0 before SP1 allows remote attackers to inject arbitrary web script or HTML via the user... read CVE-2014-0883
Published: April 20, 2018; 05:29:00 PM -04:00

V3: 6.1 MEDIUM
V2: 4.3 MEDIUM

CVE-2018-10250 — iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixin_category action, aka a WeChat Classified Management keyword search.
Published: April 20, 2018; 02:29:00 PM -04:00

V3: 5.4 MEDIUM
V2: 3.5 LOW

CVE-2018-10248 — An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can delete any article via index.php?m=content&f=content&v=recycle_delete.
Published: April 20, 2018; 01:29:00 PM -04:00

V3: 6.5 MEDIUM
V2: 5.8 MEDIUM

CVE-2018-10245 — A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682. The attack can, for example, use the awstats.pl f... read CVE-2018-10245
Published: April 20, 2018; 01:29:00 PM -04:00

V3: 5.3 MEDIUM
V2: 5.0 MEDIUM

CVE-2018-0242 — A vulnerability in the WebVPN web-based management interface of Cisco Adaptive Security Appliance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of a... read CVE-2018-0242
Published: April 19, 2018; 04:29:00 PM -04:00

V3: 6.1 MEDIUM
V2: 4.3 MEDIUM

CVE-2018-10230 — Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455.
Published: April 19, 2018; 12:29:00 PM -04:00

V3: 6.1 MEDIUM
V2: 4.3 MEDIUM

CVE-2018-10188 — phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.
Published: April 19, 2018; 10:29:00 AM -04:00

V3: 8.8 HIGH
V2: 6.8 MEDIUM

CVE-2018-1146 — A remote unauthenticated user can enable telnet on the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to set.cgi. When enabled the telnet session requires no password and provides root access.
Published: April 19, 2018; 09:29:00 AM -04:00

V3: 7.5 HIGH
V2: 5.0 MEDIUM