Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16381 | 1 E107 | 1 E107 | 2018-10-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter. | |||||
| CVE-2018-16780 | 1 Complete Responsive Cms Blog Project | 1 Complete Responsive Cms Blog | 2018-10-29 | 3.5 LOW | 5.4 MEDIUM |
| Complete Responsive CMS Blog through 2018-05-20 has XSS via a comment. | |||||
| CVE-2018-16725 | 1 Baijiacms Project | 1 Baijiacms | 2018-10-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue is discovered in baijiacms V4. XSS exists via the assets/weengine/components/zclip/ZeroClipboard.swf id parameter, aka "Non-standard use of the flash component." | |||||
| CVE-2007-5796 | 1 Symantec | 2 Proxysg, Proxysg Firmware | 2018-10-26 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists. | |||||
| CVE-2007-5596 | 1 Drupal | 1 Drupal | 2018-10-26 | 4.3 MEDIUM | N/A |
| The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 places the .html extension on a whitelist, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading .html files. | |||||
| CVE-2007-3503 | 1 Oracle | 1 Jdk | 2018-10-26 | 4.3 MEDIUM | N/A |
| The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-15605 | 1 Phpmyadmin | 1 Phpmyadmin | 2018-10-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted file to manipulate an authenticated user who loads that file through the import feature. | |||||
| CVE-2018-16330 | 1 Ipandao | 1 Editor.md | 2018-10-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pandao Editor.md 1.5.0 allows XSS via crafted attributes of an invalid IMG element. | |||||
| CVE-2018-16348 | 1 Seacms | 1 Seacms | 2018-10-25 | 3.5 LOW | 4.8 MEDIUM |
| SeaCMS V6.61 has XSS via the admin_video.php v_content parameter, related to the site name. | |||||
| CVE-2018-16347 | 1 Gleezcms | 1 Gleez Cms | 2018-10-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Gleez CMS v1.2.0. There is XSS via media/imagecache/resize. | |||||
| CVE-2018-16342 | 1 Showdoc | 1 Showdoc | 2018-10-25 | 3.5 LOW | 5.4 MEDIUM |
| ShowDoc v1.8.0 has XSS via a new page. | |||||
| CVE-2018-16361 | 1 Btiteam | 1 Xbtit | 2018-10-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in BTITeam XBTIT 2.5.4. news.php allows XSS via the id parameter. | |||||
| CVE-2018-16372 | 1 Ideacms | 1 Ideacms | 2018-10-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| The issue was discovered in IdeaCMS through 2016-04-30. There is reflected XSS via the index.php?c=content&a=search kw parameter. NOTE: this product is discontinued. | |||||
| CVE-2018-16450 | 1 Craftedweb Project | 1 Craftedweb | 2018-10-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| CraftedWeb through 2013-09-24 has reflected XSS via the p parameter. | |||||
| CVE-2018-0672 | 1 Sixapart | 1 Movable Type | 2018-10-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Movable Type versions prior to Ver. 6.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-16358 | 1 Dotclear | 1 Dotclear | 2018-10-24 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml. | |||||
| CVE-2018-16371 | 1 Pescms | 1 Pescms Team | 2018-10-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| PESCMS Team 2.2.1 has multiple reflected XSS via the keyword parameter: g=Team&m=User&a=index&keyword=, g=Team&m=User_group&a=index&keyword=, g=Team&m=Department&a=index&keyword=, and g=Team&m=Bulletin&a=index&keyword=. | |||||
| CVE-2018-16374 | 1 Frog Cms Project | 1 Frog Cms | 2018-10-24 | 3.5 LOW | 4.8 MEDIUM |
| Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings. | |||||
| CVE-2018-16349 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2018-10-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add form[remark] parameter. | |||||
| CVE-2018-16350 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2018-10-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| WUZHI CMS 4.1.0 has XSS via the index.php?m=core&f=set&v=basic form[statcode] parameter. | |||||