Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19227 | 1 Laobancms | 1 Laobancms | 2018-12-11 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/liuyan.php neirong[] parameter. | |||||
| CVE-2018-19223 | 1 Laobancms | 1 Laobancms | 2018-12-11 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in LAOBANCMS 2.0. It allows XSS via the first input field to the admin/type.php?id=1 URI. | |||||
| CVE-2018-19229 | 1 Laobancms | 1 Laobancms | 2018-12-11 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/art.php?typeid=1 biaoti parameter. | |||||
| CVE-2018-18927 | 1 Publiccms | 1 Publiccms | 2018-12-11 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list "attached" attribute (which typically has 'class="icon-globe icon-large"' in its value), as demonstrated by an 'UPDATE sys_module SET attached = "[XSS]" WHERE id="page_list"' statement. | |||||
| CVE-2018-19145 | 1 S-cms | 1 S-cms | 2018-12-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in S-CMS v1.5. There is an XSS vulnerability in search.php via the keyword parameter. | |||||
| CVE-2018-19083 | 1 Wecenter | 1 Wecenter | 2018-12-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| WeCenter 3.2.0 through 3.2.2 has XSS in the views/default/question/index.tpl.html htmlspecialchars_decode function via the /?/publish/ajax/publish_question/ question_content parameter. | |||||
| CVE-2018-19091 | 1 Tianti Project | 1 Tianti | 2018-12-11 | 3.5 LOW | 5.4 MEDIUM |
| tianti 2.3 has reflected XSS in the user management module via the tianti-module-admin/user/list userName parameter. | |||||
| CVE-2018-19090 | 1 Tianti Project | 1 Tianti | 2018-12-11 | 3.5 LOW | 5.4 MEDIUM |
| tianti 2.3 has stored XSS in the article management module via an article title. | |||||
| CVE-2018-19089 | 1 Tianti Project | 1 Tianti | 2018-12-11 | 3.5 LOW | 5.4 MEDIUM |
| tianti 2.3 has stored XSS in the userlist module via the tianti-module-admin/user/ajax/save_role name parameter, which is mishandled in tianti-module-admin\src\main\webapp\WEB-INF\views\user\user_list.jsp. | |||||
| CVE-2018-18909 | 1 Xheditor | 1 Xheditor | 2018-12-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| xhEditor 1.2.2 allows XSS via JavaScript code in the SRC attribute of an IFRAME element within the editor's source-code view. | |||||
| CVE-2018-18825 | 1 Pagoda Linux Project | 1 Pagoda Linux | 2018-12-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pagoda Linux panel V6.0 has XSS via the verification code associated with an invalid account login. A crafted code is mishandled during rendering of the login log. | |||||
| CVE-2018-18919 | 1 Iiong | 1 Wp Editor.md | 2018-12-11 | 3.5 LOW | 4.8 MEDIUM |
| The WP Editor.md plugin 10.0.1 for WordPress allows XSS via the comment area. | |||||
| CVE-2018-7427 | 1 Splunk | 1 Splunk | 2018-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-18717 | 1 Eleanor-cms | 1 Eleanor Cms | 2018-12-10 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in Eleanor CMS through 2015-03-19. XSS exists via the ajax.php?direct=admin&file=autocomplete&query=[XSS] URI. | |||||
| CVE-2018-18868 | 1 No-cms Project | 1 No-cms | 2018-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| No-CMS 1.1.3 is prone to Persistent XSS via a contact_us name parameter, as demonstrated by the VG48Z5PqVWname parameter. | |||||
| CVE-2018-18943 | 1 Basercms | 1 Basercms | 2018-12-10 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the data[UploaderCategory][name] parameter to an admin/uploader/uploader_categories/edit URI. | |||||
| CVE-2016-2387 | 1 Sap | 1 Netweaver | 2018-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy Runtime ProxyServer servlet in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) ns or (2) interface parameter to ProxyServer/register, aka SAP Security Note 2220571. | |||||
| CVE-2017-11460 | 1 Sap | 1 Netweaver Portal | 2018-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the DataArchivingService servlet in SAP NetWeaver Portal 7.4 allows remote attackers to inject arbitrary web script or HTML via the responsecode parameter to shp/shp_result.jsp, aka SAP Security Note 2308535. | |||||
| CVE-2011-5260 | 1 Sap | 1 Netweaver | 2018-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2013-6816 | 1 Sap | 1 Netweaver | 2018-12-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the (1) JavaDumpService and (2) DataCollector servlets in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||