Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20791 | 1 Tecrail | 1 Responsive Filemanager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the media_preview action.
|
|||||
| CVE-2018-20778 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element.
|
|||||
| CVE-2018-20777 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field.
|
|||||
| CVE-2018-20774 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field.
|
|||||
| CVE-2018-20758 | 1 Modx | 1 Modx Revolution | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description.
|
|||||
| CVE-2018-20757 | 1 Modx | 1 Modx Revolution | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name.
|
|||||
| CVE-2018-20756 | 1 Modx | 1 Modx Revolution | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs.
|
|||||
| CVE-2018-20755 | 1 Modx | 1 Modx Revolution | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
MODX Revolution through v2.7.0-pl allows XSS via the User Photo field.
|
|||||
| CVE-2018-20737 | 1 Wso2 | 3 Api Manager, Identity Server, Identity Server As Key Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product.
|
|||||
| CVE-2018-20736 | 1 Wso2 | 1 Api Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product.
|
|||||
| CVE-2018-20731 | 1 Nedi | 1 Nedi | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A stored cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via User-Chat.php.
|
|||||
| CVE-2018-20729 | 1 Nedi | 1 Nedi | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A reflected cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via the reg parameter in mh.php.
|
|||||
| CVE-2018-20726 | 1 Cacti | 1 Cacti | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.
|
|||||
| CVE-2018-20725 | 1 Cacti | 1 Cacti | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.
|
|||||
| CVE-2018-20724 | 1 Cacti | 1 Cacti | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.
|
|||||
| CVE-2018-20723 | 1 Cacti | 1 Cacti | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.
|
|||||
| CVE-2018-20703 | 1 Cubecart | 1 Cubecart | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string.
|
|||||
| CVE-2018-20682 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka "Admin ids" input in the Facebook section).
|
|||||
| CVE-2018-20680 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field.
|
|||||
| CVE-2018-20677 | 1 Getbootstrap | 1 Bootstrap | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
|
|||||
| CVE-2018-20676 | 1 Getbootstrap | 1 Bootstrap | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
|
|||||
| CVE-2018-20663 | 1 Haulmont | 2 Cuba Platform, Reporting | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA Platform through 6.10.x has Persistent XSS via the "Reports > Reports" name field.
|
|||||
| CVE-2018-20645 | 1 Basic B2b Script Project | 1 Basic B2b Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
PHP Scripts Mall Basic B2B Script 2.0.9 has HTML injection via the First Name or Last Name field.
|
|||||
| CVE-2018-20640 | 1 Entrepreneur Job Portal Script Project | 1 Entrepreneur Job Portal Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has stored Cross-Site Scripting (XSS) via the Full Name field.
|
|||||
| CVE-2018-20639 | 1 Entrepreneur Job Portal Script Project | 1 Entrepreneur Job Portal Script | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has HTML injection via the Search Bar.
|
|||||
| CVE-2018-20636 | 1 Chartered Accountant \ | 1 Auditor Website Project | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has HTML injection via the First Name field.
|
|||||
| CVE-2018-20632 | 1 Advance B2b Script Project | 1 Advance B2b Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
PHP Scripts Mall Advance B2B Script 2.1.4 has stored Cross-Site Scripting (XSS) via the FIRST NAME or LAST NAME field.
|
|||||
| CVE-2018-20627 | 1 Consumer Reviews Script Project | 1 Consumer Reviews Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
PHP Scripts Mall Consumer Reviews Script 4.0.3 has HTML injection via the search box.
|
|||||
| CVE-2018-20611 | 1 Txjia | 1 Imcat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo.php?cookie URI.
|
|||||
| CVE-2018-20601 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action.
|
|||||
| CVE-2018-20600 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit action.
|
|||||
| CVE-2018-20597 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action.
|
|||||
| CVE-2018-20594 | 1 Hsweb | 1 Hsweb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerability due to the absence of type parameter checking in FlowableModelManagerController.java.
|
|||||
| CVE-2018-20590 | 1 Generic Content Management System Project | 1 Generic Content Management System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/users.php user ID.
|
|||||
| CVE-2018-20589 | 1 Generic Content Management System Project | 1 Generic Content Management System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/add_pictures.php article ID.
|
|||||
| CVE-2018-20583 | 1 Thephpleague | 1 Commonmark | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library versions 0.15.6 through 0.18.x before 0.18.1 allows remote attackers to insert unsafe URLs into HTML (even if allow_unsafe_links is false) via a newline character (e.g., writing javascript as javascri%0apt).
|
|||||
| CVE-2018-20565 | 1 Douco | 1 Douphp | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?rec=update has XSS via the nav_name parameter.
|
|||||
| CVE-2018-20564 | 1 Douco | 1 Douphp | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product_category.php?rec=update has XSS via the cat_name parameter.
|
|||||
| CVE-2018-20563 | 1 Douco | 1 Douphp | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS via the mobile_name parameter.
|
|||||
| CVE-2018-20562 | 1 Douco | 1 Douphp | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article_category.php?rec=update has XSS via the cat_name parameter.
|
|||||