Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18010 | 1 E-goi | 1 Smart Marketing Sms And Newsletters Forms | 2018-01-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The E-goi Smart Marketing SMS and Newsletters Forms plugin before 2.0.0 for WordPress has XSS via the admin/partials/custom/egoi-for-wp-form_egoi.php url parameter. | |||||
| CVE-2017-17832 | 1 Serverscheck | 1 Monitoring Software | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| ServersCheck Monitoring Software before 14.2.3 is prone to a cross-site scripting vulnerability as user supplied-data is not validated/sanitized when passed in the settings_SMS_ALERT_TYPE parameter, and JavaScript can be executed on settings-save.html (the Settings - SMS Alerts page). | |||||
| CVE-2017-1365 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 126858. | |||||
| CVE-2017-1000462 | 1 Bookstackapp | 1 Bookstack | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code. | |||||
| CVE-2017-1000482 | 1 Plone | 1 Plone | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page. | |||||
| CVE-2017-1000495 | 1 Quickappscms | 1 Quickapps Cms | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site Scripting in the user's real name field resulting in denial of service and performing unauthorised actions with an administrator user's account | |||||
| CVE-2017-1000467 | 1 Lavalite | 1 Lavalite | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code. | |||||
| CVE-2017-1000478 | 1 Elabftw | 1 Elabftw | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in the experiment infos component resulting in arbitrary execution of JavaScript and denial of service. | |||||
| CVE-2018-5076 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2018-01-17 | 3.5 LOW | 4.8 MEDIUM |
| Online Ticket Booking has XSS via the admin/newsedit.php newstitle parameter. | |||||
| CVE-2018-5077 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2018-01-17 | 3.5 LOW | 4.8 MEDIUM |
| Online Ticket Booking has XSS via the admin/movieedit.php moviename parameter. | |||||
| CVE-2018-5249 | 1 Shaarli Project | 1 Shaarli | 2018-01-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 and 0.9.x before 0.9.3 allows remote attackers to inject arbitrary code via the login form's username field (aka the login parameter to the ban_canLogin function in index.php). | |||||
| CVE-2018-5078 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2018-01-16 | 3.5 LOW | 4.8 MEDIUM |
| Online Ticket Booking has XSS via the admin/eventlist.php cast parameter. | |||||
| CVE-2017-1000491 | 1 Shiba Project | 1 Shiba | 2018-01-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration. | |||||
| CVE-2017-1000466 | 1 Invoiceninja | 1 Invoice Ninja | 2018-01-16 | 3.5 LOW | 5.4 MEDIUM |
| Invoice Ninja version 3.8.1 is vulnerable to stored cross-site scripting vulnerability, within the invoice creation page, which can result in disruption of service and execution of javascript code. | |||||
| CVE-2017-18006 | 1 Extensis | 1 Portfolio Netpublish | 2018-01-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| netpub/server.np in Extensis Portfolio NetPublish has XSS in the quickfind parameter, aka Open Bug Bounty ID OBB-290447. | |||||
| CVE-2018-5072 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2018-01-16 | 3.5 LOW | 4.8 MEDIUM |
| Online Ticket Booking has XSS via the admin/sitesettings.php keyword parameter. | |||||
| CVE-2018-5074 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2018-01-16 | 3.5 LOW | 4.8 MEDIUM |
| Online Ticket Booking has XSS via the admin/manageownerlist.php contact parameter. | |||||
| CVE-2017-1673 | 1 Ibm | 1 Security Key Lifecycle Manager | 2018-01-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133640. | |||||
| CVE-2018-5216 | 1 Radiantcms | 1 Radiant Cms | 2018-01-16 | 3.5 LOW | 5.4 MEDIUM |
| Radiant CMS 1.1.4 has XSS via crafted Markdown input in the part_body_content parameter to an admin/pages/*/edit resource. | |||||
| CVE-2018-5215 | 1 Fork-cms | 1 Fork Cms | 2018-01-16 | 3.5 LOW | 5.4 MEDIUM |
| Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter. | |||||
| CVE-2018-5213 | 1 Simple Download Monitor Project | 1 Simple Download Monitor | 2018-01-16 | 3.5 LOW | 5.4 MEDIUM |
| The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload (aka Downloadable File) parameter in an edit action to wp-admin/post.php. | |||||
| CVE-2018-5212 | 1 Simple Download Monitor Project | 1 Simple Download Monitor | 2018-01-16 | 3.5 LOW | 5.4 MEDIUM |
| The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload_thumbnail (aka File Thumbnail) parameter in an edit action to wp-admin/post.php. | |||||
| CVE-2017-17971 | 1 Dolibarr | 1 Dolibarr | 2018-01-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS. | |||||
| CVE-2017-17859 | 1 Samsung | 1 Internet Browser | 2018-01-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of an MHTML file. Specifically, JavaScript code in another part of this MHTML file does not have a document.domain value corresponding to the domain that is hosting the MHTML file, but instead has a document.domain value corresponding to an arbitrary URL within the content of the MHTML file. | |||||
| CVE-2017-1000442 | 1 Passbolt | 1 Passbolt Api | 2018-01-16 | 3.5 LOW | 5.4 MEDIUM |
| Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password workspace | |||||
| CVE-2010-0754 | 1 Wikyblog | 1 Wikyblog | 2018-01-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php/Special/Main/Templates in WikyBlog 1.7.2 and 1.7.3 rc2 allows remote attackers to inject arbitrary web script or HTML via the which parameter in a copy action. | |||||
| CVE-2018-5075 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2018-01-12 | 3.5 LOW | 4.8 MEDIUM |
| Online Ticket Booking has XSS via the admin/snacks_edit.php snacks_name parameter. | |||||
| CVE-2017-17089 | 1 Webmin | 1 Webmin | 2018-01-12 | 3.5 LOW | 4.8 MEDIUM |
| custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality. | |||||
| CVE-2012-1469 | 1 Pkp | 1 Open Journal Systems | 2018-01-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Open Journal Systems before 2.3.7 allow remote attackers and remote authenticated users to inject arbitrary web script or HTML via the (1) editor or (2) callback parameters to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php in the iBrowser plugin, (3) authors[][url] parameter to index.php, or (4) Bio Statement or (5) Abstract of Submission fields to the stripUnsafeHtml function in lib/pkp/classes/core/String.inc.php. | |||||
| CVE-2017-12811 | 1 Stivasoft | 1 Phpjabbers Star Rating Script | 2018-01-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item. | |||||
| CVE-2017-12810 | 1 Stivasoft | 1 Phpjabbers Newsletter Script | 2018-01-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the admin panel. | |||||
| CVE-2017-12812 | 1 Stivasoft | 1 Phpjabbers Night Club Booking Software | 2018-01-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHPJabbers Night Club Booking Software has stored XSS in the name parameter in the reservations tab. | |||||
| CVE-2017-12813 | 1 Stivasoft | 1 Phpjabbers File Sharing Script | 2018-01-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHPJabbers File Sharing Script 1.0 has stored XSS in the comments section. | |||||
| CVE-2017-18012 | 1 Z-url Preview Project | 1 Z-url Preview | 2018-01-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter. | |||||
| CVE-2017-18004 | 1 Zurmo | 1 Zurmo Crm | 2018-01-11 | 3.5 LOW | 5.4 MEDIUM |
| Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint. | |||||
| CVE-2015-7324 | 1 Stackideas | 1 Komento | 2018-01-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in helpers/comment.php in the StackIdeas Komento (com_komento) component before 2.0.5 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) img or (2) url tag of a new comment. | |||||
| CVE-2017-17911 | 1 Archon | 1 Archon | 2018-01-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| packages/core/contact.php in Archon 3.21 rev-1 has XSS in the referer parameter in an index.php?p=core/contact request, aka Open Bug Bounty ID OBB-278503. | |||||
| CVE-2012-1787 | 1 Webglimpse | 1 Webglimpse | 2018-01-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in wgarcmin.cgi in Webglimpse 2.20.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) FILE, or (3) DOMAIN parameters. | |||||
| CVE-2012-1779 | 1 Idevspot | 1 Idev-businessdirectory | 2018-01-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IDevSpot idev-BusinessDirectory 3.0 allows remote attackers to inject arbitrary web script or HTML via the SEARCH parameter to index.php. | |||||
| CVE-2012-1039 | 1 Dotclear | 1 Dotclear | 2018-01-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) login_data parameter to admin/auth.php; (2) nb parameter to admin/blogs.php; (3) type, (4) sortby, (5) order, or (6) status parameters to admin/comments.php; or (7) page parameter to admin/plugin.php. | |||||
| CVE-2012-1788 | 1 Wonderdesk | 1 Wonderdesk Sql | 2018-01-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in wonderdesk.cgi in WonderDesk SQL 4.14 allow remote attackers to inject arbitrary web script or HTML via the (1) cus_email parameter in a cust_lostpw action; or (2) help_name, (3) help_email, (4) help_website, or (5) help_example_url parameters in an hd_modify_record action. | |||||
| CVE-2012-1209 | 1 Fork-cms | 1 Fork Cms | 2018-01-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. | |||||
| CVE-2017-17869 | 1 Mgl-instagram-gallery Project | 1 Mgl-instagram-gallery | 2018-01-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter. | |||||
| CVE-2017-17909 | 1 Responsive Realestate Script Project | 1 Responsive Realestate Script | 2018-01-10 | 3.5 LOW | 4.8 MEDIUM |
| PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter. | |||||
| CVE-2017-16876 | 2 Fedoraproject, Mistune Project | 2 Fedora, Mistune | 2018-01-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument. | |||||
| CVE-2017-16768 | 1 Synology | 1 Mailplus Server | 2018-01-10 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter. | |||||
| CVE-2017-17937 | 1 Vanguard Project | 1 Marketplace Digital Products Php | 2018-01-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search. | |||||
| CVE-2017-17929 | 1 Ordermanagementscript | 1 Professional Service Script | 2018-01-10 | 3.5 LOW | 4.8 MEDIUM |
| PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter. | |||||
| CVE-2017-17925 | 1 Ordermanagementscript | 1 Professional Service Script | 2018-01-10 | 3.5 LOW | 4.8 MEDIUM |
| PHP Scripts Mall Professional Service Script has XSS via the admin/general_settingupd.php website_title parameter. | |||||
| CVE-2012-1842 | 2 Dell, Quantum | 7 Powervault Ml6000, Powervault Ml6000 Firmware, Powervault Ml6010 and 4 more | 2018-01-10 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in checkQKMProg.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||