Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5364 | 1 Wpglobus | 1 Wpglobus | 2018-01-23 | 3.5 LOW | 4.8 MEDIUM |
| The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[browser_redirect][redirect_by_language] parameter to wp-admin/options.php. | |||||
| CVE-2018-5365 | 1 Wpglobus | 1 Wpglobus | 2018-01-23 | 3.5 LOW | 4.8 MEDIUM |
| The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[selector_wp_list_pages][show_selector] parameter to wp-admin/options.php. | |||||
| CVE-2018-5363 | 1 Wpglobus | 1 Wpglobus | 2018-01-23 | 3.5 LOW | 4.8 MEDIUM |
| The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[enabled_languages][en] or wpglobus_option[enabled_languages][fr] (or any other language) parameter to wp-admin/options.php. | |||||
| CVE-2018-5362 | 1 Wpglobus | 1 Wpglobus | 2018-01-23 | 3.5 LOW | 4.8 MEDIUM |
| The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post_type][page] parameter to wp-admin/options.php. | |||||
| CVE-2018-5367 | 1 Wpglobus | 1 Wpglobus | 2018-01-23 | 3.5 LOW | 4.8 MEDIUM |
| The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post_type][post] parameter to wp-admin/options.php. | |||||
| CVE-2018-5668 | 1 Read And Understood Project | 1 Read And Understood | 2018-01-23 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-admin/options-general.php rnu_username_validation_title parameter. | |||||
| CVE-2018-5667 | 1 Read And Understood Project | 1 Read And Understood | 2018-01-23 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-admin/options-general.php rnu_username_validation_pattern parameter. | |||||
| CVE-2018-5288 | 1 Gd Rating System Project | 1 Gd Rating System | 2018-01-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page. | |||||
| CVE-2018-5286 | 1 Gd Rating System Project | 1 Gd Rating System | 2018-01-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-about page. | |||||
| CVE-2018-5293 | 1 Gd Rating System Project | 1 Gd Rating System | 2018-01-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-tools page. | |||||
| CVE-2018-5292 | 1 Gd Rating System Project | 1 Gd Rating System | 2018-01-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-information page. | |||||
| CVE-2017-9072 | 1 Calendarxp | 2 Flatcalendarxp, Popcalendarxp | 2018-01-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Two CalendarXP products have XSS in common parts of HTML files. CalendarXP FlatCalendarXP through 9.9.290 has XSS in iflateng.htm and nflateng.htm. CalendarXP PopCalendarXP through 9.8.308 has XSS in ipopeng.htm and npopeng.htm. | |||||
| CVE-2018-5214 | 1 Add Link To Facebook Project | 1 Add Link To Facebook | 2018-01-18 | 3.5 LOW | 5.4 MEDIUM |
| The "Add Link to Facebook" plugin through 2.3 for WordPress has XSS via the al2fb_facebook_id parameter to wp-admin/profile.php. | |||||
| CVE-2017-1000431 | 1 Ez | 1 Ez Publish | 2018-01-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. steal authentication credentials. | |||||
| CVE-2017-1000463 | 1 Leafpub | 1 Leafpub | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| Leafpub version 1.2.0-beta6 is vulnerable to stored cross-site scripting vulnerability, within the edit blog post page, which can result in disruption of service and execution of javascript code. | |||||
| CVE-2017-1000492 | 1 Leanote | 1 Desktop | 2018-01-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration | |||||
| CVE-2017-1000459 | 1 Leanote | 1 Leanote | 2018-01-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input in markdown notes | |||||
| CVE-2017-1000457 | 1 Mojoportal | 1 Mojoportal | 2018-01-17 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Help.aspx in mojoPortal version 2.5.0.0 allows remote attackers to inject arbitrary web script or HTML via the helpkey parameter. Exploitation requires authenticated reflected cross-site scripting for user accounts assigned either the "Administrators" or "Content Administrators" role. | |||||
| CVE-2017-18015 | 1 Share This Image Project | 1 Share This Image | 2018-01-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ILLID Share This Image plugin before 1.04 for WordPress has XSS via the sharer.php url parameter. | |||||
| CVE-2017-1000443 | 1 Openhacker Project | 1 Openhacker | 2018-01-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Eleix Openhacker version 0.1.47 is vulnerable to a XSS vulnerability in the bank transactions component resulting in arbitrary code execution in the browser. | |||||
| CVE-2017-18011 | 1 Clickbank | 1 Affiliate Ads For Clickbank Products | 2018-01-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The MyCBGenie Affiliate Ads for Clickbank Products plugin through 1.6 for WordPress has XSS via the text_ads_ajax.php border_color parameter. | |||||
| CVE-2017-18010 | 1 E-goi | 1 Smart Marketing Sms And Newsletters Forms | 2018-01-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The E-goi Smart Marketing SMS and Newsletters Forms plugin before 2.0.0 for WordPress has XSS via the admin/partials/custom/egoi-for-wp-form_egoi.php url parameter. | |||||
| CVE-2017-17832 | 1 Serverscheck | 1 Monitoring Software | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| ServersCheck Monitoring Software before 14.2.3 is prone to a cross-site scripting vulnerability as user supplied-data is not validated/sanitized when passed in the settings_SMS_ALERT_TYPE parameter, and JavaScript can be executed on settings-save.html (the Settings - SMS Alerts page). | |||||
| CVE-2017-1365 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 126858. | |||||
| CVE-2017-1000462 | 1 Bookstackapp | 1 Bookstack | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code. | |||||
| CVE-2017-1000482 | 1 Plone | 1 Plone | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page. | |||||
| CVE-2017-1000495 | 1 Quickappscms | 1 Quickapps Cms | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site Scripting in the user's real name field resulting in denial of service and performing unauthorised actions with an administrator user's account | |||||
| CVE-2017-1000467 | 1 Lavalite | 1 Lavalite | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code. | |||||
| CVE-2017-1000478 | 1 Elabftw | 1 Elabftw | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in the experiment infos component resulting in arbitrary execution of JavaScript and denial of service. | |||||
| CVE-2018-5077 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2018-01-17 | 3.5 LOW | 4.8 MEDIUM |
| Online Ticket Booking has XSS via the admin/movieedit.php moviename parameter. | |||||
| CVE-2018-5076 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2018-01-17 | 3.5 LOW | 4.8 MEDIUM |
| Online Ticket Booking has XSS via the admin/newsedit.php newstitle parameter. | |||||
| CVE-2018-5249 | 1 Shaarli Project | 1 Shaarli | 2018-01-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 and 0.9.x before 0.9.3 allows remote attackers to inject arbitrary code via the login form's username field (aka the login parameter to the ban_canLogin function in index.php). | |||||
| CVE-2018-5078 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2018-01-16 | 3.5 LOW | 4.8 MEDIUM |
| Online Ticket Booking has XSS via the admin/eventlist.php cast parameter. | |||||
| CVE-2017-1000491 | 1 Shiba Project | 1 Shiba | 2018-01-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration. | |||||
| CVE-2017-1000466 | 1 Invoiceninja | 1 Invoice Ninja | 2018-01-16 | 3.5 LOW | 5.4 MEDIUM |
| Invoice Ninja version 3.8.1 is vulnerable to stored cross-site scripting vulnerability, within the invoice creation page, which can result in disruption of service and execution of javascript code. | |||||
| CVE-2017-18006 | 1 Extensis | 1 Portfolio Netpublish | 2018-01-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| netpub/server.np in Extensis Portfolio NetPublish has XSS in the quickfind parameter, aka Open Bug Bounty ID OBB-290447. | |||||
| CVE-2018-5074 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2018-01-16 | 3.5 LOW | 4.8 MEDIUM |
| Online Ticket Booking has XSS via the admin/manageownerlist.php contact parameter. | |||||
| CVE-2018-5072 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2018-01-16 | 3.5 LOW | 4.8 MEDIUM |
| Online Ticket Booking has XSS via the admin/sitesettings.php keyword parameter. | |||||
| CVE-2017-1673 | 1 Ibm | 1 Security Key Lifecycle Manager | 2018-01-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133640. | |||||
| CVE-2018-5216 | 1 Radiantcms | 1 Radiant Cms | 2018-01-16 | 3.5 LOW | 5.4 MEDIUM |
| Radiant CMS 1.1.4 has XSS via crafted Markdown input in the part_body_content parameter to an admin/pages/*/edit resource. | |||||
| CVE-2018-5215 | 1 Fork-cms | 1 Fork Cms | 2018-01-16 | 3.5 LOW | 5.4 MEDIUM |
| Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter. | |||||
| CVE-2018-5212 | 1 Simple Download Monitor Project | 1 Simple Download Monitor | 2018-01-16 | 3.5 LOW | 5.4 MEDIUM |
| The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload_thumbnail (aka File Thumbnail) parameter in an edit action to wp-admin/post.php. | |||||
| CVE-2018-5213 | 1 Simple Download Monitor Project | 1 Simple Download Monitor | 2018-01-16 | 3.5 LOW | 5.4 MEDIUM |
| The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload (aka Downloadable File) parameter in an edit action to wp-admin/post.php. | |||||
| CVE-2017-17971 | 1 Dolibarr | 1 Dolibarr | 2018-01-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS. | |||||
| CVE-2017-17859 | 1 Samsung | 1 Internet Browser | 2018-01-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of an MHTML file. Specifically, JavaScript code in another part of this MHTML file does not have a document.domain value corresponding to the domain that is hosting the MHTML file, but instead has a document.domain value corresponding to an arbitrary URL within the content of the MHTML file. | |||||
| CVE-2017-1000442 | 1 Passbolt | 1 Passbolt Api | 2018-01-16 | 3.5 LOW | 5.4 MEDIUM |
| Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password workspace | |||||
| CVE-2018-5075 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2018-01-12 | 3.5 LOW | 4.8 MEDIUM |
| Online Ticket Booking has XSS via the admin/snacks_edit.php snacks_name parameter. | |||||
| CVE-2017-17089 | 1 Webmin | 1 Webmin | 2018-01-12 | 3.5 LOW | 4.8 MEDIUM |
| custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality. | |||||
| CVE-2017-12811 | 1 Stivasoft | 1 Phpjabbers Star Rating Script | 2018-01-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item. | |||||
| CVE-2017-12810 | 1 Stivasoft | 1 Phpjabbers Newsletter Script | 2018-01-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the admin panel. | |||||