Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19845 | 1 Get-simple | 1 Getsimple Cms | 2019-02-25 | 3.5 LOW | 5.4 MEDIUM |
| There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to CVE-2018-16325. | |||||
| CVE-2018-19901 | 1 No-cms Project | 1 No-cms | 2019-02-25 | 3.5 LOW | 4.8 MEDIUM |
| No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article/index/ "article_title" parameter. | |||||
| CVE-2018-19902 | 1 No-cms Project | 1 No-cms | 2019-02-25 | 3.5 LOW | 4.8 MEDIUM |
| No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article "keyword" parameter. | |||||
| CVE-2018-19600 | 1 Rhymix | 1 Rhymix | 2019-02-25 | 3.5 LOW | 4.8 MEDIUM |
| Rhymix CMS 1.9.8.1 allows XSS via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload. | |||||
| CVE-2018-17301 | 1 Espocrm | 1 Espocrm | 2019-02-25 | 3.5 LOW | 5.4 MEDIUM |
| Reflected XSS exists in client/res/templates/global-search/name-field.tpl in EspoCRM 5.3.6 via /#Account in the search panel. | |||||
| CVE-2019-9142 | 1 B3log | 1 Symphony | 2019-02-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS exists via the userIntro and userNickname fields to processor/SettingsProcessor.java. | |||||
| CVE-2019-9078 | 1 Zzcms | 1 Zzcms | 2019-02-25 | 3.5 LOW | 5.4 MEDIUM |
| zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter because inc/stopsqlin.php does not block a mixed-case string such as sCrIpT. | |||||
| CVE-2018-18692 | 1 Semcosoft | 1 Semcosoft | 2019-02-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-Site scripting (XSS) vulnerability in SEMCO Semcosoft 5.3 allows remote attackers to inject arbitrary web scripts or HTML via the username parameter to the Login Form. | |||||
| CVE-2019-9108 | 1 Wuzhicms | 1 Wuzhicms | 2019-02-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in WUZHI CMS 4.1.0 via index.php?m=core&f=map&v=baidumap&x=[XSS]&y=[XSS] to coreframe/app/core/map.php. | |||||
| CVE-2019-9066 | 1 Php Appointment Booking Script Project | 1 Php Appointment Booking Script | 2019-02-25 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall PHP Appointment Booking Script 3.0.3 allows HTML injection in a user profile. | |||||
| CVE-2018-20791 | 1 Tecrail | 1 Responsive Filemanager | 2019-02-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the media_preview action. | |||||
| CVE-2019-9016 | 1 Mopcms | 1 Mopcms | 2019-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability was discovered in MOPCMS through 2018-11-30. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[name] parameter in a mod=column request, as demonstrated by the /mopcms/X0AZgf(index).php?mod=column&ac=list&menuid=28&ac=add&menuid=29 URI. | |||||
| CVE-2019-5727 | 1 Splunk | 1 Splunk | 2019-02-22 | 3.5 LOW | 5.4 MEDIUM |
| Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1.14, and 6.0.x before 6.0.15 and Splunk Light before 6.6.0 has Persistent XSS, aka SPL-138827. | |||||
| CVE-2019-8983 | 1 Altn | 1 Mdaemon | 2019-02-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 1 of 2). | |||||
| CVE-2019-8984 | 1 Altn | 1 Mdaemon | 2019-02-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 2 of 2). | |||||
| CVE-2018-12409 | 1 Tibco | 1 Silver Fabric | 2019-02-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The SOAP Admin API component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that may allow reflected cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions up to and including 5.8.1. | |||||
| CVE-2016-0926 | 1 Pivotal Software | 1 Cloud Foundry Elastic Runtime | 2019-02-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified input that improperly interacts with the AngularJS framework. | |||||
| CVE-2019-1000015 | 1 Chamilo | 1 Chamilo Lms | 2019-02-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in main/messages/new_message.php, main/social/personal_data.php, main/inc/lib/TicketManager.php, main/ticket/ticket_details.php that can result in a message being sent to the Administrator with the XSS to steal cookies. A ticket can be created with a XSS payload in the subject field. This attack appears to be exploitable via <svg/onload=alert(1)> as the payload user on the Subject field. This makes it possible to obtain the cookies of all users that have permission to view the tickets. This vulnerability appears to have been fixed in 1.11.x after commit 33e2692a37b5b6340cf5bec1a84e541460983c03. | |||||
| CVE-2019-8435 | 1 Phpmywind | 1 Phpmywind | 2019-02-20 | 3.5 LOW | 4.8 MEDIUM |
| admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header. | |||||
| CVE-2019-8400 | 1 Ory | 1 Hydra | 2019-02-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter. | |||||