Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-9122 | 1 Crea8social | 1 Crea8social | 2018-04-18 | 3.5 LOW | 5.4 MEDIUM |
| In Crea8social 2018.2, there is Reflected Cross-Site Scripting via the term parameter to the /search URI. | |||||
| CVE-2018-9120 | 1 Crea8social | 1 Crea8social | 2018-04-18 | 3.5 LOW | 5.4 MEDIUM |
| In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post. | |||||
| CVE-2018-7193 | 1 Osticket | 1 Osticket | 2018-04-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "order" parameter. | |||||
| CVE-2018-7196 | 1 Osticket | 1 Osticket | 2018-04-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "sort" parameter. | |||||
| CVE-2018-7192 | 1 Osticket | 1 Osticket | 2018-04-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "message" parameter. | |||||
| CVE-2018-9925 | 1 Icmsdev | 1 Icms | 2018-04-17 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists via the nickname field in an admincp.php?app=user&do=save&frame=iPHP request. | |||||
| CVE-2018-8832 | 1 Enhavo | 1 Enhavo | 2018-04-17 | 3.5 LOW | 4.8 MEDIUM |
| enhavo 0.4.0 has XSS via a user-group that contains executable JavaScript code in the user-group name. The XSS attack launches when a victim visits the admin user group page. | |||||
| CVE-2018-5233 | 1 Getgrav | 1 Grav Cms | 2018-04-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/tools. | |||||
| CVE-2018-0534 | 1 Arsenol Project | 1 Arsenol | 2018-04-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in ArsenoL Version 0.5 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-0538 | 1 Qqq Systems Project | 1 Qqq Systems | 2018-04-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-10033 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-04-13 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (aka CMSMS) 2.2.7 has Stored XSS in admin/siteprefs.php via the metadata parameter. | |||||
| CVE-2018-10029 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-04-13 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_name parameter, related to moduledepends, a different vulnerability than CVE-2017-16799. | |||||
| CVE-2018-10032 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-04-13 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_version parameter. | |||||
| CVE-2018-8737 | 1 Bylancer | 1 Bookme | 2018-04-13 | 3.5 LOW | 5.4 MEDIUM |
| Bookme Control Panel 2.0 Application is vulnerable to stored XSS within the Customers "Book Me" function. Within the Name and Note (aka custName and custNote) sections of the Customers screen, the application does not sanitize user-supplied input and renders injected JavaScript code to the user's browser. | |||||
| CVE-2018-8948 | 1 Misp-project | 1 Misp | 2018-04-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| In MISP before 2.4.89, app/View/Events/resolved_attributes.ctp has multiple XSS issues via a malicious MISP module. | |||||
| CVE-2018-0535 | 1 Php 2chbbs Project | 1 Php 2chbbs | 2018-04-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in PHP 2chBBS version bbs18c allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-8805 | 1 Yxcms | 1 Yxcms | 2018-04-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Yxcms building system (compatible cell phone) v1.4.7 has XSS via the content parameter to protected\apps\default\view\default\extend_guestbook.php or protected\apps\default\view\mobile\extend_guestbook.php in an index.php?r=default/column/index&col=guestbook request. | |||||
| CVE-2018-8815 | 1 Alkacon | 1 Opencms | 2018-04-13 | 3.5 LOW | 4.6 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote attackers to inject arbitrary web script or HTML via a malicious SVG image. | |||||
| CVE-2014-1665 | 1 Owncloud | 1 Owncloud | 2018-04-13 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file. | |||||
| CVE-2018-8767 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2018-04-13 | 3.5 LOW | 4.8 MEDIUM |
| joyplus-cms 1.6.0 has XSS in manager/admin_ajax.php?action=save&tab={pre}vod_type via the t_name parameter. | |||||