Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12810 | 1 Stivasoft | 1 Phpjabbers Newsletter Script | 2018-01-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the admin panel. | |||||
| CVE-2017-12811 | 1 Stivasoft | 1 Phpjabbers Star Rating Script | 2018-01-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item. | |||||
| CVE-2017-12813 | 1 Stivasoft | 1 Phpjabbers File Sharing Script | 2018-01-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHPJabbers File Sharing Script 1.0 has stored XSS in the comments section. | |||||
| CVE-2017-12812 | 1 Stivasoft | 1 Phpjabbers Night Club Booking Software | 2018-01-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHPJabbers Night Club Booking Software has stored XSS in the name parameter in the reservations tab. | |||||
| CVE-2017-18012 | 1 Z-url Preview Project | 1 Z-url Preview | 2018-01-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter. | |||||
| CVE-2017-18004 | 1 Zurmo | 1 Zurmo Crm | 2018-01-11 | 3.5 LOW | 5.4 MEDIUM |
| Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint. | |||||
| CVE-2015-7324 | 1 Stackideas | 1 Komento | 2018-01-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in helpers/comment.php in the StackIdeas Komento (com_komento) component before 2.0.5 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) img or (2) url tag of a new comment. | |||||
| CVE-2017-17911 | 1 Archon | 1 Archon | 2018-01-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| packages/core/contact.php in Archon 3.21 rev-1 has XSS in the referer parameter in an index.php?p=core/contact request, aka Open Bug Bounty ID OBB-278503. | |||||
| CVE-2012-1779 | 1 Idevspot | 1 Idev-businessdirectory | 2018-01-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IDevSpot idev-BusinessDirectory 3.0 allows remote attackers to inject arbitrary web script or HTML via the SEARCH parameter to index.php. | |||||
| CVE-2012-1787 | 1 Webglimpse | 1 Webglimpse | 2018-01-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in wgarcmin.cgi in Webglimpse 2.20.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) FILE, or (3) DOMAIN parameters. | |||||
| CVE-2012-1039 | 1 Dotclear | 1 Dotclear | 2018-01-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) login_data parameter to admin/auth.php; (2) nb parameter to admin/blogs.php; (3) type, (4) sortby, (5) order, or (6) status parameters to admin/comments.php; or (7) page parameter to admin/plugin.php. | |||||
| CVE-2012-1788 | 1 Wonderdesk | 1 Wonderdesk Sql | 2018-01-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in wonderdesk.cgi in WonderDesk SQL 4.14 allow remote attackers to inject arbitrary web script or HTML via the (1) cus_email parameter in a cust_lostpw action; or (2) help_name, (3) help_email, (4) help_website, or (5) help_example_url parameters in an hd_modify_record action. | |||||
| CVE-2012-1209 | 1 Fork-cms | 1 Fork Cms | 2018-01-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. | |||||
| CVE-2017-17869 | 1 Mgl-instagram-gallery Project | 1 Mgl-instagram-gallery | 2018-01-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter. | |||||
| CVE-2017-17909 | 1 Responsive Realestate Script Project | 1 Responsive Realestate Script | 2018-01-10 | 3.5 LOW | 4.8 MEDIUM |
| PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter. | |||||
| CVE-2017-16768 | 1 Synology | 1 Mailplus Server | 2018-01-10 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter. | |||||
| CVE-2017-17937 | 1 Vanguard Project | 1 Marketplace Digital Products Php | 2018-01-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search. | |||||
| CVE-2017-17929 | 1 Ordermanagementscript | 1 Professional Service Script | 2018-01-10 | 3.5 LOW | 4.8 MEDIUM |
| PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter. | |||||
| CVE-2017-17925 | 1 Ordermanagementscript | 1 Professional Service Script | 2018-01-10 | 3.5 LOW | 4.8 MEDIUM |
| PHP Scripts Mall Professional Service Script has XSS via the admin/general_settingupd.php website_title parameter. | |||||
| CVE-2012-0195 | 1 Ibm | 6 Maximo Asset Management, Maximo Asset Management Essentials, Maximo Service Desk and 3 more | 2018-01-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via the display name. | |||||