Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-9999 | 1 Zulip | 1 Zulip Server | 2018-05-17 | 3.5 LOW | 5.4 MEDIUM |
| In Zulip Server versions before 1.7.2, there was an XSS issue with user uploads and the (default) LOCAL_UPLOADS_DIR storage backend. | |||||
| CVE-2018-9986 | 1 Zulip | 1 Zulip Server | 2018-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Zulip Server versions before 1.7.2, there were XSS issues with the frontend markdown processor. | |||||
| CVE-2018-8772 | 1 Coship | 2 Rt3052, Rt3052 Firmware | 2018-05-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Coship RT3052 4.0.0.48 devices allow XSS via a crafted SSID field on the "Wireless Setting - Basic" screen. | |||||
| CVE-2018-10318 | 1 Frogcms Project | 1 Frogcms | 2018-05-16 | 3.5 LOW | 4.8 MEDIUM |
| Frog CMS 0.9.5 has XSS via the admin/?/page/edit page[keywords] parameter, aka Edit Page Metadata. | |||||
| CVE-2018-10321 | 1 Frogcms Project | 1 Frogcms | 2018-05-16 | 3.5 LOW | 4.8 MEDIUM |
| Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings. | |||||
| CVE-2018-10320 | 1 Frogcms Project | 1 Frogcms | 2018-05-16 | 3.5 LOW | 4.8 MEDIUM |
| Frog CMS 0.9.5 has XSS via the admin/?/layout/edit layout[name] parameter, aka Edit Layout. | |||||
| CVE-2018-10319 | 1 Frogcms Project | 1 Frogcms | 2018-05-16 | 3.5 LOW | 4.8 MEDIUM |
| Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit snippet[name] parameter, aka Edit Snippet. | |||||
| CVE-2017-1790 | 1 Ibm | 2 Rational Doors Next Generation, Rational Requirements Composer | 2018-05-16 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS Next Generation (DNG/RRC) 5.0, 5.0.1, 5.0.2, and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137035. | |||||
| CVE-2018-7660 | 1 Opentext | 1 Documentum D2 | 2018-05-16 | 3.5 LOW | 5.4 MEDIUM |
| In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Reflected Cross-Site Scripting Vulnerability could potentially be exploited by malicious users to compromise the affected system via the servlet/Download _docbase or _username parameter. | |||||
| CVE-2018-7659 | 1 Opentext | 1 Documentum D2 | 2018-05-16 | 3.5 LOW | 5.4 MEDIUM |
| In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Stored Cross-Site Scripting Vulnerability could potentially be exploited by malicious users to compromise the affected system via a filename of an uploaded image file. | |||||
| CVE-2018-6935 | 1 Student Profile Management System Script Project | 1 Student Profile Management System Script | 2018-05-16 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Student Profile Management System Script v2.0.6 has XSS via the Name field to list_student.php. | |||||
| CVE-2018-6904 | 1 Car Rental Script Project | 1 Car Rental Script | 2018-05-16 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name field in an Edit Profile action. | |||||
| CVE-2018-9330 | 1 Coremail | 1 Coremail Xt | 2018-05-16 | 3.5 LOW | 5.4 MEDIUM |
| register.jsp in Coremail XT3.0 allows stored XSS, as demonstrated by the third form field to a URI under register/, a different vulnerability than CVE-2015-6942. | |||||
| CVE-2018-10026 | 1 Yzmcms | 1 Yzmcms | 2018-05-16 | 3.5 LOW | 4.8 MEDIUM |
| The WeChat module in YzmCMS 3.7.1 has reflected XSS via the admin/module/init.html echostr parameter, related to the valid function in application/wechat/controller/index.class.php. | |||||
| CVE-2018-5227 | 1 Atlassian | 1 Application Links | 2018-05-16 | 3.5 LOW | 4.8 MEDIUM |
| Various administrative application link resources in Atlassian Application Links before version 5.4.4 allow remote attackers with administration rights to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the display url of a configured application link. | |||||
| CVE-2018-9155 | 1 Open-audit | 1 Open-audit | 2018-05-16 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the Admin->Logs section (with a logs?logs.type= URI) and the Manage->Attributes section (via the "Name (display)" field to the attributes/create URI). | |||||
| CVE-2018-10109 | 1 Monstra | 1 Monstra | 2018-05-16 | 3.5 LOW | 4.8 MEDIUM |
| Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog. | |||||
| CVE-2018-6958 | 1 Vmware | 1 Vrealize Automation | 2018-05-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. Exploitation of this issue may lead to the compromise of the vRA user's workstation. | |||||
| CVE-2018-10121 | 1 Monstra | 1 Monstra | 2018-05-16 | 3.5 LOW | 4.8 MEDIUM |
| plugins/box/pages/pages.admin.php in Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the title section of an admin/index.php?id=pages&action=edit_page&name=error404 (aka Edit 404 page) action. | |||||
| CVE-2015-4557 | 1 Nextendweb | 1 Nextend Twitter Connect | 2018-05-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the new_Twitter_sign_button function in nextend-Twitter-connect.php in the Nextend Twitter Connect plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter. NOTE: this may overlap CVE-2015-4413. | |||||
| CVE-2018-10000 | 1 Videodownloaderultimate | 1 Video Downloader | 2018-05-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Video Downloader professional extension before 2018-04-05 for Chrome has Universal XSS (UXSS) via vectors related to a link64_msgAddLinks event. | |||||
| CVE-2018-9993 | 1 Yunucms | 1 Yunucms | 2018-05-16 | 3.5 LOW | 4.8 MEDIUM |
| YUNUCMS 1.0.7 has XSS via the content title on an admin/content/addcontent/cid/## page (aka a news center page). | |||||
| CVE-2018-6182 | 1 Mahara | 1 Mahara | 2018-05-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mahara 16.10 before 16.10.9 and 17.04 before 17.04.7 and 17.10 before 17.10.4 are vulnerable to bad input when TinyMCE is bypassed by POST packages. Therefore, Mahara should not rely on TinyMCE's code stripping alone but also clean input on the server / PHP side as one can create own packets of POST data containing bad content with which to hit the server. | |||||
| CVE-2017-9838 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2018-05-16 | 3.5 LOW | 5.4 MEDIUM |
| Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting (XSS) vulnerabilities in versions before 5.0.4: index.php (leftmenu parameter), core/ajax/box.php (PATH_INFO), product/stats/card.php (type parameter), holiday/list.php (month_create, month_start, and month_end parameters), and don/card.php (societe, lastname, firstname, address, zipcode, town, and email parameters). | |||||
| CVE-2017-18259 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2018-05-16 | 3.5 LOW | 5.4 MEDIUM |
| Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in versions through 7.0.0. | |||||
| CVE-2018-10068 | 1 Jdownloads | 1 Jdownloads | 2018-05-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The jDownloads extension before 3.2.59 for Joomla! has XSS. | |||||
| CVE-2018-9864 | 1 Wp-livechat | 1 Wp Live Chat Support | 2018-05-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Live Chat Support plugin before 8.0.06 for WordPress has stored XSS via the Name field. | |||||
| CVE-2018-9985 | 1 Metinfo | 1 Metinfo | 2018-05-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The front page of MetInfo 6.0 allows XSS by sending a feedback message to an administrator. | |||||
| CVE-2018-1000144 | 1 Jenkins | 1 Cucumber Living Documentation | 2018-05-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross site scripting vulnerability exists in Jenkins Cucumber Living Documentation Plugin 1.0.12 and older in CukedoctorBaseAction#doDynamic that disables the Content-Security-Policy protection for archived artifacts and workspace files, allowing attackers able to control the content of these files to attack Jenkins users. | |||||
| CVE-2017-18100 | 1 Atlassian | 1 Jira | 2018-05-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick filters. | |||||
| CVE-2017-0365 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2018-05-14 | 2.6 LOW | 4.7 MEDIUM |
| Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations. | |||||
| CVE-2018-10073 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2018-05-14 | 3.5 LOW | 4.8 MEDIUM |
| joyplus-cms 1.6.0 has XSS in manager/admin_vod.php via the keyword parameter. | |||||
| CVE-2018-10128 | 1 Xyhcms Project | 1 Xyhcms | 2018-05-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in XYHCMS 3.5. It has XSS via the test parameter to index.php. | |||||
| CVE-2018-9844 | 1 Iptanus | 1 Wordpress File Upload | 2018-05-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS. | |||||
| CVE-2018-10096 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2018-05-11 | 3.5 LOW | 4.8 MEDIUM |
| joyplus-cms 1.6.0 has XSS via the device_name parameter in a manager/admin_ajax.php?action=save flag=add request. | |||||
| CVE-2014-6169 | 1 Ibm | 1 Forms Experience Builder | 2018-05-11 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.0 and 8.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 97777. | |||||
| CVE-2018-6902 | 1 Image Sharing Script Project | 1 Image Sharing Script | 2018-05-11 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Image Sharing Script 1.3.3 has XSS via the Full Name field in an Edit Profile action. | |||||
| CVE-2018-6870 | 1 Website Seller Script Project | 1 Website Seller Script | 2018-05-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.0.3 via the Listings Search feature. | |||||
| CVE-2018-9992 | 1 Frog Cms Project | 1 Frog Cms | 2018-05-11 | 3.5 LOW | 4.8 MEDIUM |
| Frog CMS 0.9.5 has XSS via the name field of a new "File" or "Directory" on the admin/?/plugin/file_manager/browse/ screen. | |||||
| CVE-2018-6900 | 1 Website Broker Script Project | 1 Website Broker Script | 2018-05-11 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the Last Name field on the My Profile page. | |||||
| CVE-2018-9991 | 1 Frog Cms Project | 1 Frog Cms | 2018-05-11 | 3.5 LOW | 4.8 MEDIUM |
| Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter. | |||||
| CVE-2018-9928 | 1 Metinfo | 1 Metinfo | 2018-05-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML via the webname or weburl parameter. | |||||
| CVE-2018-1000154 | 1 Zammad | 1 Zammad | 2018-05-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zammad GmbH Zammad version 2.3.0 and earlier contains a Improper Neutralization of Script-Related HTML Tags in a Web Page (CWE-80) vulnerability in the subject of emails which are not html quoted in certain cases. This can result in the embedding and execution of java script code on users browser. This attack appear to be exploitable via the victim openning a ticket. This vulnerability appears to have been fixed in 2.3.1, 2.2.2 and 2.1.3. | |||||
| CVE-2018-9172 | 1 Iptanus | 1 Wordpress File Upload | 2018-05-10 | 3.5 LOW | 5.4 MEDIUM |
| The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes. | |||||
| CVE-2018-10051 | 1 Iscripts | 1 Supportdesk | 2018-05-09 | 3.5 LOW | 5.4 MEDIUM |
| iScripts SupportDesk v4.3 has XSS via the staff/inteligentsearchresult.php txtinteligentsearch parameter. | |||||
| CVE-2018-10052 | 1 Iscripts | 1 Supportdesk | 2018-05-09 | 3.5 LOW | 4.8 MEDIUM |
| iScripts SupportDesk v4.3 has XSS via the admin/inteligentsearchresult.php txtinteligentsearch parameter. | |||||
| CVE-2018-9857 | 1 Match Clone Script Project | 1 Match Clone Script | 2018-05-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field to searchbyid.php (aka the "View Search By Id" screen). | |||||
| CVE-2018-10049 | 1 Iscripts | 1 Eswap | 2018-05-09 | 3.5 LOW | 4.8 MEDIUM |
| iScripts eSwap v2.4 has XSS via the "registration_settings.php" txtDate parameter in the Admin Panel. | |||||
| CVE-2018-9328 | 1 Redbus Clone Script Project | 1 Redbus Clone Script | 2018-05-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Redbus Clone Script 3.0.6 has XSS via the ter_from or tag parameter to results.php. | |||||
| CVE-2018-7035 | 1 Gleezcms | 1 Gleez Cms | 2018-05-09 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers (users) to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode in an Add Blog action. | |||||