Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7196 | 1 Osticket | 1 Osticket | 2018-04-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "sort" parameter. | |||||
| CVE-2018-7193 | 1 Osticket | 1 Osticket | 2018-04-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "order" parameter. | |||||
| CVE-2018-7192 | 1 Osticket | 1 Osticket | 2018-04-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "message" parameter. | |||||
| CVE-2018-9925 | 1 Icmsdev | 1 Icms | 2018-04-17 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists via the nickname field in an admincp.php?app=user&do=save&frame=iPHP request. | |||||
| CVE-2018-8832 | 1 Enhavo | 1 Enhavo | 2018-04-17 | 3.5 LOW | 4.8 MEDIUM |
| enhavo 0.4.0 has XSS via a user-group that contains executable JavaScript code in the user-group name. The XSS attack launches when a victim visits the admin user group page. | |||||
| CVE-2018-5233 | 1 Getgrav | 1 Grav Cms | 2018-04-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/tools. | |||||
| CVE-2018-0538 | 1 Qqq Systems Project | 1 Qqq Systems | 2018-04-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-0534 | 1 Arsenol Project | 1 Arsenol | 2018-04-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in ArsenoL Version 0.5 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-10033 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-04-13 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (aka CMSMS) 2.2.7 has Stored XSS in admin/siteprefs.php via the metadata parameter. | |||||
| CVE-2018-10029 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-04-13 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_name parameter, related to moduledepends, a different vulnerability than CVE-2017-16799. | |||||
| CVE-2018-10032 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-04-13 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_version parameter. | |||||
| CVE-2018-8737 | 1 Bylancer | 1 Bookme | 2018-04-13 | 3.5 LOW | 5.4 MEDIUM |
| Bookme Control Panel 2.0 Application is vulnerable to stored XSS within the Customers "Book Me" function. Within the Name and Note (aka custName and custNote) sections of the Customers screen, the application does not sanitize user-supplied input and renders injected JavaScript code to the user's browser. | |||||
| CVE-2018-8948 | 1 Misp-project | 1 Misp | 2018-04-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| In MISP before 2.4.89, app/View/Events/resolved_attributes.ctp has multiple XSS issues via a malicious MISP module. | |||||
| CVE-2018-0535 | 1 Php 2chbbs Project | 1 Php 2chbbs | 2018-04-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in PHP 2chBBS version bbs18c allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-8805 | 1 Yxcms | 1 Yxcms | 2018-04-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Yxcms building system (compatible cell phone) v1.4.7 has XSS via the content parameter to protected\apps\default\view\default\extend_guestbook.php or protected\apps\default\view\mobile\extend_guestbook.php in an index.php?r=default/column/index&col=guestbook request. | |||||
| CVE-2018-8815 | 1 Alkacon | 1 Opencms | 2018-04-13 | 3.5 LOW | 4.6 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote attackers to inject arbitrary web script or HTML via a malicious SVG image. | |||||
| CVE-2014-1665 | 1 Owncloud | 1 Owncloud | 2018-04-13 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file. | |||||
| CVE-2018-8767 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2018-04-13 | 3.5 LOW | 4.8 MEDIUM |
| joyplus-cms 1.6.0 has XSS in manager/admin_ajax.php?action=save&tab={pre}vod_type via the t_name parameter. | |||||
| CVE-2018-1000139 | 1 I-librarian | 1 I Librarian | 2018-04-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| I, Librarian version 4.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in "id" parameter in stable.php that can result in an attacker using the XSS to send a malicious script to an unsuspecting user. | |||||
| CVE-2017-17958 | 1 Php Multivendor Ecommerce Project | 1 Php Multivendor Ecommerce | 2018-04-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the my_wishlist.php fid parameter. | |||||
| CVE-2017-17954 | 1 Php Multivendor Ecommerce Project | 1 Php Multivendor Ecommerce | 2018-04-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the seller-view.php usid parameter. | |||||
| CVE-2017-17955 | 1 Php Multivendor Ecommerce Project | 1 Php Multivendor Ecommerce | 2018-04-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the shopping-cart.php cusid parameter. | |||||
| CVE-2017-17956 | 1 Php Multivendor Ecommerce Project | 1 Php Multivendor Ecommerce | 2018-04-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the admin/sellerupd.php companyname parameter. | |||||
| CVE-2017-17953 | 1 Php Multivendor Ecommerce Project | 1 Php Multivendor Ecommerce | 2018-04-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter. | |||||
| CVE-2017-17949 | 1 Cells | 1 Blog | 2018-04-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cells Blog 3.5 has XSS via the pub_readpost.php fmid parameter. | |||||
| CVE-2017-17948 | 1 Cells | 1 Blog | 2018-04-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request. | |||||
| CVE-2018-0536 | 1 Qqq Systems Project | 1 Qqq Systems | 2018-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an attacker to inject arbitrary web script or HTML via quiz.cgi. | |||||
| CVE-2018-0537 | 1 Qqq Systems Project | 1 Qqq Systems | 2018-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an attacker to inject arbitrary web script or HTML via quiz_op.cgi. | |||||
| CVE-2015-7458 | 1 Ibm | 1 Connections | 2018-04-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108354. | |||||
| CVE-2015-7460 | 1 Ibm | 1 Connections | 2018-04-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108356. | |||||
| CVE-2015-7459 | 1 Ibm | 1 Connections | 2018-04-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108355. | |||||
| CVE-2018-8732 | 1 Wampserver | 1 Wampserver | 2018-04-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in WampServer 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the virtual_del parameter. | |||||
| CVE-2018-6842 | 1 Kentico | 1 Kentico Cms | 2018-04-12 | 3.5 LOW | 5.4 MEDIUM |
| Kentico 10 before 10.0.50 and 11 before 11.0.3 has XSS in which a crafted URL results in improper construction of a system page. | |||||
| CVE-2017-17442 | 1 Blackberry | 1 Unified Endpoint Manager | 2018-04-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link. | |||||
| CVE-2018-7563 | 1 Glpi-project | 1 Glpi | 2018-04-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GLPI through 9.2.1. The application is affected by XSS in the query string to front/preference.php. An attacker is able to create a malicious URL that, if opened by an authenticated user with debug privilege, will execute JavaScript code supplied by the attacker. The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes. | |||||
| CVE-2018-8728 | 1 Kontena | 1 Kontena | 2018-04-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| server/app/views/static/code.html in Kontena before 1.5.0 allows XSS in "kontena master login --remote" code display, as demonstrated by /code#code= in a URI. | |||||
| CVE-2018-1000088 | 1 Doorkeeper Project | 1 Doorkeeper | 2018-04-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting (XSS) vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client's name will cause users interacting with it will execute payload. This attack appear to be exploitable via The victim must be tricked to click an opaque link to the web view that runs the XSS payload. A malicious version virtually indistinguishable from a normal link.. This vulnerability appears to have been fixed in 4.2.6, 4.3.0. | |||||
| CVE-2018-1000087 | 1 Wolfcms | 1 Wolf Cms | 2018-04-10 | 3.5 LOW | 4.8 MEDIUM |
| WolfCMS version version 0.8.3.1 contains a Reflected Cross Site Scripting vulnerability in "Create New File" and "Create New Directory" input box from 'files' Tab that can result in Session Hijacking, Spread Worms,Control the browser remotely. . This attack appear to be exploitable via Attacker can execute the JavaScript into the "Create New File" and "Create New Directory" input box from 'files'. | |||||
| CVE-2018-8720 | 1 Servicenow | 1 It Service Management | 2018-04-10 | 3.5 LOW | 5.4 MEDIUM |
| ServiceNow ITSM 2016-06-02 has XSS via the First Name or Last Name field of My Profile (aka navpage.do), or the Search bar of My Portal (aka search_results.do). | |||||
| CVE-2017-12590 | 1 Asus | 2 Rt-n14uhp, Rt-n14uhp Firmware | 2018-04-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| ASUS RT-N14UHP devices before 3.0.0.4.380.8015 have a reflected XSS vulnerability in the "flag" parameter. | |||||
| CVE-2015-7471 | 1 Ibm | 8 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 5 more | 2018-04-10 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 allows remote authenticated users with project administrator privileges to inject arbitrary web script or HTML via a crafted project. IBM X-Force ID: 108429. | |||||
| CVE-2015-7453 | 1 Ibm | 8 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 5 more | 2018-04-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108296. | |||||
| CVE-2018-7405 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2018-04-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) in Zoho ManageEngine EventLog Analyzer before 11.12 Build 11120 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-10716 | 1 Mail.ru | 1 Calendar | 2018-04-09 | 3.5 LOW | 5.4 MEDIUM |
| The Mail.ru Calendar plugin before 2.5.0.61 for Atlassian Jira has XSS via the Name field in a Create Calender action, related to a MailRuCalendar.jspa#period/month URI. | |||||
| CVE-2018-8108 | 1 Bui Project | 1 Bui | 2018-04-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| The select component in bui through 2018-03-13 has XSS because it performs an escape operation on already-escaped text, as demonstrated by workGroupList text. | |||||
| CVE-2016-10715 | 1 Artezio | 1 Kanban Board | 2018-04-09 | 3.5 LOW | 5.4 MEDIUM |
| The Artezio Kanban Board plugin 1.4 revision 1914 for Atlassian Jira has XSS via the Board Name in a Create New Board action, related to an artezioboard/mainPage.jspa?kanbanId=7#/kanban-view URI. | |||||
| CVE-2016-0261 | 1 Ibm | 2 Care Management, Curam Social Program Management | 2018-04-09 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0.0 before SP2 EP29, 6.0.4 before 6.0.4.6 iFix3, 6.0.5 before 6.0.5.9 iFix2, 6.1.0 before 6.1.0.1 iFix1, and 6.1.1 before 6.1.1.1 iFix1; and IBM Care Management 6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110604. | |||||
| CVE-2014-4612 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2018-04-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the keywords manager (keywordmgr.php) in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-0223 | 1 Ibm | 1 Forms Server | 2018-04-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Webform Framework API in IBM Forms Server 4.0.x, 8.0.x, 8.1, and 8.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110006. | |||||
| CVE-2017-18228 | 1 Bmc | 1 Remedy Action Request System | 2018-04-09 | 3.5 LOW | 5.4 MEDIUM |
| Remedy Mid Tier in BMC Remedy AR System 9.1 allows XSS via the ATTKey parameter in an arsys/servlet/AttachServlet request. | |||||