Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18175 | 1 Progress | 1 Sitefinity | 2018-03-05 | 3.5 LOW | 5.4 MEDIUM |
| Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrated by the src attribute of an IMG element. This is fixed in 10.1. | |||||
| CVE-2017-18177 | 1 Progress | 1 Sitefinity | 2018-03-05 | 3.5 LOW | 5.4 MEDIUM |
| Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. This is fixed in 10.1. | |||||
| CVE-2017-18176 | 1 Progress | 1 Sitefinity | 2018-03-05 | 3.5 LOW | 5.4 MEDIUM |
| Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1. | |||||
| CVE-2016-8522 | 1 Hp | 1 Diagnostics | 2018-03-05 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability in HPE Diagnostics version 9.24 IP1, 9.26 , 9.26IP1 was found. | |||||
| CVE-2018-1000062 | 1 Wondercms | 1 Wondercms | 2018-03-05 | 3.5 LOW | 4.4 MEDIUM |
| WonderCMS version 2.4.0 contains a Stored Cross-Site Scripting on File Upload through SVG vulnerability in uploadFileAction(), 'svg' => 'image/svg+xml' that can result in An attacker can execute arbitrary script on an unsuspecting user's browser. This attack appear to be exploitable via Crafted SVG File. | |||||
| CVE-2016-8517 | 1 Hp | 1 Systems Insight Manager | 2018-03-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross site scripting vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found. | |||||
| CVE-2018-7197 | 1 Pluck-cms | 1 Pluck | 2018-03-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Pluck through 4.7.4. A stored cross-site scripting (XSS) vulnerability allows remote unauthenticated users to inject arbitrary web script or HTML into admin/blog Reaction Comments via a crafted URL. | |||||
| CVE-2018-7280 | 1 Ninjaforms | 1 Ninja Forms | 2018-03-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Ninja Forms plugin before 3.2.14 for WordPress has XSS. | |||||
| CVE-2017-16356 | 1 Kubik-rubik | 1 Simple Image Gallery Extended | 2018-03-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in Kubik-Rubik SIGE (aka Simple Image Gallery Extended) before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/plugin_sige/print.php link with a crafted img, name, or caption parameter. | |||||
| CVE-2018-6193 | 1 Routers2 Project | 1 Routers2 | 2018-03-03 | 2.6 LOW | 4.7 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability was found in Routers2 2.24, affecting the 'rtr' GET parameter in a page=graph action to cgi-bin/routers2.pl. | |||||
| CVE-2017-12544 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2018-03-02 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | |||||
| CVE-2018-6866 | 1 Learning And Examination Management System Script Project | 1 Learning And Examination Management System Script | 2018-03-01 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Learning and Examination Management System Script 2.3.1 via a crafted message. | |||||
| CVE-2018-6868 | 1 Groupon Clone Script Project | 1 Groupon Clone Script | 2018-03-01 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / DealNews / Groupon Clone Script 3.0.2 via a User Profile Field parameter. | |||||
| CVE-2016-8532 | 1 Hp | 1 Matrix Operating Environment | 2018-03-01 | 3.5 LOW | 5.4 MEDIUM |
| A cross site scripting vulnerability in HPE Matrix Operating Environment version 7.6 was found. | |||||
| CVE-2018-1000020 | 1 Open-emr | 1 Openemr | 2018-03-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| OpenEMR version 5.0.0 contains a Cross Site Scripting (XSS) vulnerability in open-flash-chart.swf and _posteddata.php that can result in . This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher. | |||||
| CVE-2018-6795 | 1 Naukri Clone Script Project | 1 Naukri Clone Script | 2018-03-01 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Naukri Clone Script 3.0.3 has Stored XSS via every profile input field. | |||||
| CVE-2018-6878 | 1 Hot Scripts Clone Project | 1 Hot Scripts Clone | 2018-03-01 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in the review section in PHP Scripts Mall Hot Scripts Clone Script Classified 3.1 via the title or description field. | |||||
| CVE-2018-6468 | 1 Flickrrss Project | 1 Flickrrss | 2018-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_id parameter to wp-admin/options-general.php. | |||||
| CVE-2018-6466 | 1 Flickrrss Project | 1 Flickrrss | 2018-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_set parameter to wp-admin/options-general.php. | |||||
| CVE-2018-6469 | 1 Flickrrss Project | 1 Flickrrss | 2018-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_tags parameter to wp-admin/options-general.php. | |||||