Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5214 | 1 Add Link To Facebook Project | 1 Add Link To Facebook | 2018-01-18 | 3.5 LOW | 5.4 MEDIUM |
| The "Add Link to Facebook" plugin through 2.3 for WordPress has XSS via the al2fb_facebook_id parameter to wp-admin/profile.php. | |||||
| CVE-2012-1262 | 1 Movabletype | 4 Movable Type Advanced, Movable Type Enterprise, Movable Type Open Source and 1 more | 2018-01-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cgi-bin/mt/mt-wizard.cgi in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the dbuser parameter, a different vulnerability than CVE-2012-0318. | |||||
| CVE-2012-0318 | 1 Movabletype | 4 Movable Type Advanced, Movable Type Enterprise, Movable Type Open Source and 1 more | 2018-01-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to inject arbitrary web script or HTML via vectors involving templates, a different issue than CVE-2012-1262. | |||||
| CVE-2012-1190 | 1 Phpmyadmin | 1 Phpmyadmin | 2018-01-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the replication-setup functionality in js/replication.js in phpMyAdmin 3.4.x before 3.4.10.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted database name. | |||||
| CVE-2011-5084 | 1 Sixapart | 1 Movable Type | 2018-01-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.36 and 5.x before 5.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-1000431 | 1 Ez | 1 Ez Publish | 2018-01-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. steal authentication credentials. | |||||
| CVE-2017-1000463 | 1 Leafpub | 1 Leafpub | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| Leafpub version 1.2.0-beta6 is vulnerable to stored cross-site scripting vulnerability, within the edit blog post page, which can result in disruption of service and execution of javascript code. | |||||
| CVE-2017-1000492 | 1 Leanote | 1 Desktop | 2018-01-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration | |||||
| CVE-2017-1000459 | 1 Leanote | 1 Leanote | 2018-01-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input in markdown notes | |||||
| CVE-2017-1000457 | 1 Mojoportal | 1 Mojoportal | 2018-01-17 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Help.aspx in mojoPortal version 2.5.0.0 allows remote attackers to inject arbitrary web script or HTML via the helpkey parameter. Exploitation requires authenticated reflected cross-site scripting for user accounts assigned either the "Administrators" or "Content Administrators" role. | |||||
| CVE-2017-1000443 | 1 Openhacker Project | 1 Openhacker | 2018-01-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Eleix Openhacker version 0.1.47 is vulnerable to a XSS vulnerability in the bank transactions component resulting in arbitrary code execution in the browser. | |||||
| CVE-2017-18011 | 1 Clickbank | 1 Affiliate Ads For Clickbank Products | 2018-01-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The MyCBGenie Affiliate Ads for Clickbank Products plugin through 1.6 for WordPress has XSS via the text_ads_ajax.php border_color parameter. | |||||
| CVE-2017-18010 | 1 E-goi | 1 Smart Marketing Sms And Newsletters Forms | 2018-01-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The E-goi Smart Marketing SMS and Newsletters Forms plugin before 2.0.0 for WordPress has XSS via the admin/partials/custom/egoi-for-wp-form_egoi.php url parameter. | |||||
| CVE-2017-17832 | 1 Serverscheck | 1 Monitoring Software | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| ServersCheck Monitoring Software before 14.2.3 is prone to a cross-site scripting vulnerability as user supplied-data is not validated/sanitized when passed in the settings_SMS_ALERT_TYPE parameter, and JavaScript can be executed on settings-save.html (the Settings - SMS Alerts page). | |||||
| CVE-2017-1365 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 126858. | |||||
| CVE-2017-1000462 | 1 Bookstackapp | 1 Bookstack | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code. | |||||
| CVE-2017-1000482 | 1 Plone | 1 Plone | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page. | |||||
| CVE-2017-1000467 | 1 Lavalite | 1 Lavalite | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code. | |||||
| CVE-2017-1000495 | 1 Quickappscms | 1 Quickapps Cms | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site Scripting in the user's real name field resulting in denial of service and performing unauthorised actions with an administrator user's account | |||||
| CVE-2017-1000478 | 1 Elabftw | 1 Elabftw | 2018-01-17 | 3.5 LOW | 5.4 MEDIUM |
| ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in the experiment infos component resulting in arbitrary execution of JavaScript and denial of service. | |||||