Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18868 | 1 No-cms Project | 1 No-cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
No-CMS 1.1.3 is prone to Persistent XSS via a contact_us name parameter, as demonstrated by the VG48Z5PqVWname parameter.
|
|||||
| CVE-2018-18864 | 1 Loadbalancer | 1 Enterprise Va Max | 2024-11-21 | 9.3 HIGH | 9.6 CRITICAL |
|
Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed.
|
|||||
| CVE-2018-18845 | 1 Advanced Comment System Project | 1 Advanced Comment System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
internal/advanced_comment_system/index.php and internal/advanced_comment_system/admin.php in Advanced Comment System, version 1.0, contain a reflected cross-site scripting vulnerability via ACS_path. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The product is discontinued.
|
|||||
| CVE-2018-18841 | 1 Sem-cms | 1 Semcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexkey parameter.
|
|||||
| CVE-2018-18840 | 1 Sem-cms | 1 Semcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexmetatit parameter.
|
|||||
| CVE-2018-18825 | 1 Pagoda Linux Project | 1 Pagoda Linux | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Pagoda Linux panel V6.0 has XSS via the verification code associated with an invalid account login. A crafted code is mishandled during rendering of the login log.
|
|||||
| CVE-2018-18824 | 1 Wolfcms | 1 Wolf Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
WolfCMS v0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/file_manager/browse/.
|
|||||
| CVE-2018-18823 | 1 Wolfcms | 1 Wolf Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
WolfCMS 0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/file_manager/browse/.
|
|||||
| CVE-2018-18816 | 1 Tibco | 3 Jasperreports Server, Jaspersoft, Jaspersoft Reporting And Analytics | 2024-11-21 | 3.5 LOW | 8.0 HIGH |
|
The repository component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS contains a persistent cross site scripting vulnerability. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Commu ...
Show More |
|||||
| CVE-2018-18813 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2024-11-21 | 4.3 MEDIUM | 8.8 HIGH |
|
The Spotfire web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains multiple vulnerabilities that may allow persistent and reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0; 10.0.0.
|
|||||
| CVE-2018-18807 | 1 Tibco | 1 Statistica Server | 2024-11-21 | 3.5 LOW | 7.6 HIGH |
|
The web application of the TIBCO Statistica component of TIBCO Software Inc.'s TIBCO Statistica Server contains vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Statistica Server versions up to and including 13.4.0.
|
|||||
| CVE-2018-18783 | 1 Sem-cms | 1 Semcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS was discovered in SEMCMS V3.4 via the semcms_remail.php?type=ok umail parameter.
|
|||||
| CVE-2018-18782 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ftype parameter.
|
|||||
| CVE-2018-18781 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or keyword parameter.
|
|||||
| CVE-2018-18776 | 1 Microstrategy | 1 Microstrategy Web | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the admin/admin.asp ShowAll parameter. NOTE: this is a deprecated product.
|
|||||
| CVE-2018-18775 | 1 Microstrategy | 1 Microstrategy Web | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp Msg parameter. NOTE: this is a deprecated product.
|
|||||
| CVE-2018-18774 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter.
|
|||||
| CVE-2018-18745 | 1 Sem-cms | 1 Semcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An XSS issue was discovered in SEMCMS 3.4 via admin/SEMCMS_Menu.php?lgid=1 during editing.
|
|||||
| CVE-2018-18744 | 1 Sem-cms | 1 Semcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An XSS issue was discovered in SEMCMS 3.4 via the fifth text box to the admin/SEMCMS_Main.php URI.
|
|||||
| CVE-2018-18743 | 1 Sem-cms | 1 Semcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An XSS issue was discovered in SEMCMS 3.4 via the second text field to the admin/SEMCMS_Categories.php?pid=1&lgid=1 URI.
|
|||||
| CVE-2018-18741 | 1 Sem-cms | 1 Semcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An XSS issue was discovered in SEMCMS 3.4 via admin/SEMCMS_Download.php?lgid=1 during editing.
|
|||||
| CVE-2018-18740 | 1 Sem-cms | 1 Semcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An XSS issue was discovered in SEMCMS 3.4 via the first input field to the admin/SEMCMS_Link.php?lgid=1 URI.
|
|||||
| CVE-2018-18739 | 1 Sem-cms | 1 Semcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An XSS issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_Products.php?lgid=1 Keywords field.
|
|||||
| CVE-2018-18738 | 1 Sem-cms | 1 Semcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An XSS issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_Categories.php?pid=1&lgid=1 category_key parameter.
|
|||||
| CVE-2018-18736 | 1 Catfish-cms | 1 Catfish Blog | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An XSS issue was discovered in catfish blog 2.0.33, related to "write source code."
|
|||||
| CVE-2018-18733 | 1 Catfish-cms | 1 Catfish Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An XSS issue was discovered in Catfish CMS 4.8.30, related to "write source code," a similar issue to CVE-2018-13999.
|
|||||
| CVE-2018-18726 | 1 Yunucms | 1 Yunucms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An XSS issue was discovered in admin/sitelink/editsitelink?id=16 in YUNUCMS 1.1.5.
|
|||||
| CVE-2018-18725 | 1 Yunucms | 1 Yunucms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An XSS issue was discovered in admin/banner/editbanner?id=20 in YUNUCMS 1.1.5.
|
|||||
| CVE-2018-18724 | 1 Yunucms | 1 Yunucms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An XSS issue was discovered in index.php/admin/category/editcategory?id=73 in YUNUCMS 1.1.5.
|
|||||
| CVE-2018-18723 | 1 Yunucms | 1 Yunucms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An XSS issue was discovered in index.php/admin/area/editarea/id/110000 in YUNUCMS 1.1.5.
|
|||||
| CVE-2018-18722 | 1 Yunucms | 1 Yunucms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An XSS issue was discovered in admin/content/editcontent?id=29&gopage=1 in YUNUCMS 1.1.5.
|
|||||
| CVE-2018-18721 | 1 Yunucms | 1 Yunucms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An XSS issue was discovered in admin/link/editlink?id=5 in YUNUCMS 1.1.5.
|
|||||
| CVE-2018-18720 | 1 Yunucms | 1 Yunucms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An XSS issue was discovered in index.php/admin/system/basic in YUNUCMS 1.1.5.
|
|||||
| CVE-2018-18717 | 1 Eleanor-cms | 1 Eleanor Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered in Eleanor CMS through 2015-03-19. XSS exists via the ajax.php?direct=admin&file=autocomplete&query=[XSS] URI.
|
|||||
| CVE-2018-18716 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability.
|
|||||
| CVE-2018-18715 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS.
|
|||||
| CVE-2018-18694 | 1 Monstra | 1 Monstra | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
admin/index.php?id=filesmanager in Monstra CMS 3.0.4 allows remote authenticated administrators to trigger stored XSS via JavaScript content in a file whose name lacks an extension. Such a file is interpreted as text/html in certain cases.
|
|||||
| CVE-2018-18692 | 1 Semcosoft | 1 Semcosoft | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A reflected Cross-Site scripting (XSS) vulnerability in SEMCO Semcosoft 5.3 allows remote attackers to inject arbitrary web scripts or HTML via the username parameter to the Login Form.
|
|||||
| CVE-2018-18678 | 1 Sir | 1 Gnuboard | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board group extra contents" parameter, aka the adm/boardgroup_form_update.php gr_1~10 parameter.
|
|||||
| CVE-2018-18676 | 1 Sir | 1 Gnuboard | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board tail contents" parameter, aka the adm/board_form_update.php bo_mobile_content_tail parameter.
|
|||||