Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17113 | 1 Easycms | 1 Easycms | 2018-11-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf in EasyCMS 1.5 has XSS via the uploadifyID or movieName parameter, a related issue to CVE-2018-9173. | |||||
| CVE-2018-16316 | 1 Portainer | 1 Portainer | 2018-11-09 | 3.5 LOW | 5.4 MEDIUM |
| A stored Cross-site scripting (XSS) vulnerability in Portainer through 1.19.1 allows remote authenticated users to inject arbitrary JavaScript and/or HTML via the Team Name field. | |||||
| CVE-2018-17077 | 1 Yiqicms Project | 1 Yiqicms | 2018-11-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in yiqicms through 2016-11-20. There is stored XSS in comment.php because a length limit can be bypassed. | |||||
| CVE-2018-10763 | 1 Synametrics | 1 Synaman | 2018-11-09 | 3.5 LOW | 4.8 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1) Main heading or (2) Sub heading fields in the Partial Branding configuration page. | |||||
| CVE-2018-17051 | 1 Knet | 1 Cisco Configuration Manager | 2018-11-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| K-Net Cisco Configuration Manager through 2014-11-19 has XSS via devices.php. | |||||
| CVE-2018-17044 | 1 Yzmcms | 1 Yzmcms | 2018-11-09 | 3.5 LOW | 4.8 MEDIUM |
| In YzmCMS 5.1, stored XSS exists via the admin/system_manage/user_config_add.html title parameter. | |||||
| CVE-2018-17049 | 1 Cqu Lankers Project | 1 Cqu Lankers | 2018-11-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| CQU-LANKERS through 2017-11-02 has XSS via the public/api.php callback parameter in an uploadpic action. | |||||
| CVE-2018-8470 | 1 Microsoft | 5 Internet Explorer, Windows 10, Windows 7 and 2 more | 2018-11-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A security feature bypass vulnerability exists in Internet Explorer due to how scripts are handled that allows a universal cross-site scripting (UXSS) condition, aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 11. | |||||
| CVE-2018-16729 | 1 Pluck-cms | 1 Pluck | 2018-11-09 | 3.5 LOW | 5.4 MEDIUM |
| Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages->manage under admin.php?action=files. | |||||
| CVE-2018-16805 | 1 B3log | 1 Solo | 2018-11-09 | 3.5 LOW | 4.8 MEDIUM |
| In b3log Solo 2.9.3, XSS in the Input page under the Publish Articles menu, with an ID of linkAddress stored in the link JSON field, allows remote attackers to inject arbitrary Web scripts or HTML via a crafted site name provided by an administrator. | |||||
| CVE-2018-16775 | 1 Victor Cms Project | 1 Victor Cms | 2018-11-09 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the site name in the "Categories" menu. | |||||
| CVE-2018-16655 | 1 Gxlcms | 1 Gxlcms | 2018-11-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Gxlcms 1.0 has XSS via the PATH_INFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php. | |||||
| CVE-2018-14689 | 1 Subsonic | 1 Subsonic | 2018-11-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the name[x], sourceformats[x], targetFormat[x], step1[x], and step2[x] parameters (where x is an integer) to transcodingSettings.view that could be used to steal session information of a victim. | |||||
| CVE-2018-14688 | 1 Subsonic | 1 Subsonic | 2018-11-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Subsonic 6.1.1. The radio settings are affected by three stored cross-site scripting vulnerabilities in the name[x], streamUrl[x], homepageUrl[x] parameters (where x is an integer) to internetRadioSettings.view that could be used to steal session information of a victim. | |||||
| CVE-2018-14691 | 1 Subsonic | 1 Subsonic | 2018-11-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Subsonic 6.1.1. The music tags feature is affected by three stored cross-site scripting vulnerabilities in the c0-param2, c0-param3, and c0-param4 parameters to dwr/call/plaincall/tagService.setTags.dwr that could be used to steal session information of a victim. | |||||
| CVE-2018-14690 | 1 Subsonic | 1 Subsonic | 2018-11-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Subsonic 6.1.1. The general settings are affected by two stored cross-site scripting vulnerabilities in the title and subtitle parameters to generalSettings.view that could be used to steal session information of a victim. | |||||
| CVE-2018-14899 | 1 Epson | 2 Wf-2750, Wf-2750 Firmware | 2018-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| On the EPSON WF-2750 printer with firmware JP02I2, the Web interface AirPrint Setup page is vulnerable to HTML Injection that can redirect users to malicious sites. | |||||
| CVE-2018-15563 | 1 Intelliants | 1 Subrion | 2018-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| _core/admin/pages/add/ in Subrion CMS 4.2.1 has XSS via the titles[en] parameter. | |||||
| CVE-2018-14840 | 1 Intelliants | 1 Subrion | 2018-11-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads). | |||||
| CVE-2014-9120 | 1 Intelliants | 1 Subrion | 2018-11-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Subrion CMS before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to subrion/search/. | |||||