Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12429 | 1 Jeesns | 1 Jeesns | 2018-09-14 | 3.5 LOW | 5.4 MEDIUM |
| JEESNS through 1.2.1 allows XSS attacks by ordinary users who publish articles containing a crafted payload in order to capture an administrator cookie. | |||||
| CVE-2018-14082 | 1 Freelancewebdesignerchennai | 1 Job Portal | 2018-09-14 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall JOB SITE (aka Job Portal) 3.0.1 has Cross-site Scripting (XSS) via the search bar. | |||||
| CVE-2018-14513 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2018-09-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[content] parameter to the index.php?m=feedback&f=index&v=contact URI. | |||||
| CVE-2018-14517 | 1 Seacms | 1 Seacms | 2018-09-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| SeaCMS 6.61 has two XSS issues in the admin_config.php file via certain form fields. | |||||
| CVE-2018-14419 | 1 Metinfo | 1 Metinfo | 2018-09-14 | 3.5 LOW | 4.8 MEDIUM |
| MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page. | |||||
| CVE-2018-14392 | 1 Mybb | 1 New Threads | 2018-09-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| The New Threads plugin before 1.2 for MyBB has XSS. | |||||
| CVE-2018-13832 | 1 Techotronic | 1 All In One Favicon | 2018-09-13 | 3.5 LOW | 4.8 MEDIUM |
| Multiple Persistent cross-site scripting (XSS) issues in the Techotronic all-in-one-favicon (aka All In One Favicon) plugin 4.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via Apple-Text, GIF-Text, ICO-Text, PNG-Text, or JPG-Text. | |||||
| CVE-2017-17541 | 1 Fortinet | 2 Fortianalyzer Firmware, Fortimanager Firmware | 2018-09-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature. | |||||
| CVE-2018-5229 | 1 Atlassian | 1 Universal Plugin Manager | 2018-09-12 | 3.5 LOW | 5.4 MEDIUM |
| The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names. | |||||
| CVE-2018-14388 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2018-09-12 | 3.5 LOW | 5.4 MEDIUM |
| joyplus-cms 1.6.0 has XSS via the manager/admin_ajax.php can_search_device array parameter. | |||||
| CVE-2018-14382 | 1 Instantcms | 1 Instantcms | 2018-09-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| InstantCMS 2.10.1 has /redirect?url= XSS. | |||||
| CVE-2018-13865 | 1 Idreamsoft | 1 Icms | 2018-09-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the callback parameter in a public/api.php uploadpic request, bypassing the iWAF protection mechanism. | |||||
| CVE-2018-1000611 | 1 Openconext | 1 Openconext Engineblock | 2018-09-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| SURFnet OpenConext EngineBlock version 5.7.0 to 5.7.3 contains a Cross Site Scripting (XSS) vulnerability that can result in Allows an attacker to inject arbitrary web scripts or HTML into help and login pages. This attack appear to be exploitable via the victim opening a specially crafted URL. | |||||
| CVE-2018-3747 | 1 Public.js Project | 1 Public.js | 2018-09-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The public node module versions <= 1.0.3 allows to embed HTML in file names, which (in certain conditions) might lead to execute malicious JavaScript. | |||||
| CVE-2018-2431 | 1 Sap | 1 Businessobjects Business Intelligence | 2018-09-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2018-11350 | 1 Jirafeau | 1 Jirafeau | 2018-09-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Jirafeau before 3.4.1. The file "search by name" form is affected by one Cross-Site Scripting vulnerability via the name parameter. | |||||
| CVE-2018-13252 | 1 Entrustdatacard | 1 Syntera Customization Suite | 2018-09-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Entrust Datacard Syntera CS 5.x has XSS via the name field of "Domain or Computer Name" in the login page. | |||||
| CVE-2018-13878 | 1 Rocket.chat | 1 Rocket.chat | 2018-09-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in packages/rocketchat-mentions/Mentions.js in Rocket.Chat before 0.65. The real name of a username is displayed unescaped when the user is mentioned (using the @ symbol) in a channel or private chat. Consequently, it is possible to exfiltrate the secret token of every user and also admins in the channel. | |||||
| CVE-2018-13879 | 1 Rocket.chat | 1 Rocket.chat | 2018-09-05 | 3.5 LOW | 5.4 MEDIUM |
| A reflected XSS issue was discovered in the registration form in Rocket.Chat before 0.66. When one creates an account, the next step will ask for a username. This field will not save HTML control characters but an error will be displayed that shows the attempted username unescaped via packages/rocketchat-ui-login/client/username/username.js in packages/rocketchat-ui-login/client/username/username.html. | |||||
| CVE-2018-2435 | 1 Sap | 1 Netweaver Enterprise Portal | 2018-09-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||