Vulnerabilities (CVE)

  1. Yack CVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Angry Yack Logo
Total 42233 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-16780 1 Complete Responsive Cms Blog Project 1 Complete Responsive Cms Blog 2024-11-21 3.5 LOW 5.4 MEDIUM
Complete Responsive CMS Blog through 2018-05-20 has XSS via a comment.
CVE-2018-16779 1 Blogcms Project 1 Blogcms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
BlogCMS through 2016-10-25 has XSS via a comment.
CVE-2018-16778 1 Jenzabar 1 Jenzabar 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Jenzabar v8.2.1 through 9.2.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter (aka the Search Field).
CVE-2018-16776 1 Creatiwity 1 Witycms 2024-11-21 3.5 LOW 4.8 MEDIUM
wityCMS 0.6.2 has XSS via the "Site Name" field found in the "Contact" "Configuration" page.
CVE-2018-16775 1 Victor Cms Project 1 Victor Cms 2024-11-21 3.5 LOW 4.8 MEDIUM
An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the site name in the "Categories" menu.
CVE-2018-16773 1 Easycms 1 Easycms 2024-11-21 3.5 LOW 4.8 MEDIUM
EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field.
CVE-2018-16772 1 Hoosk 1 Hoosk 2024-11-21 3.5 LOW 4.8 MEDIUM
Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new.
CVE-2018-16759 1 Easycms 1 Easycms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The removeXSS function in App/Common/common.php (called from App/Modules/Index/Action/SearchAction.class.php) in EasyCMS v1.4 allows XSS via an onhashchange event.
CVE-2018-16736 1 Rcfilters Project 1 Rcfilters 2024-11-21 3.5 LOW 5.4 MEDIUM
In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the _whatfilter and _messages parameters (in the Filters section of the settings).
CVE-2018-16730 1 Chshcms 1 Cscms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name.
CVE-2018-16729 1 Pluck-cms 1 Pluck 2024-11-21 3.5 LOW 5.4 MEDIUM
Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages->manage under admin.php?action=files.
CVE-2018-16728 1 Feindura 1 Feindura 2024-11-21 3.5 LOW 5.4 MEDIUM
feindura 2.0.7 allows XSS via the tags field of a new page created at index.php?category=0&page=new.
CVE-2018-16727 1 Razorcms 1 Razorcms 2024-11-21 3.5 LOW 5.4 MEDIUM
razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component.
CVE-2018-16726 1 Razorcms 1 Razorcms 2024-11-21 3.5 LOW 5.4 MEDIUM
razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings component.
CVE-2018-16725 1 Baijiacms Project 1 Baijiacms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue is discovered in baijiacms V4. XSS exists via the assets/weengine/components/zclip/ZeroClipboard.swf id parameter, aka "Non-standard use of the flash component."
CVE-2018-16718 1 Nih 1 Ncbi Toolbox 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An XSS vulnerability exists in wwwblast.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox via a crafted -z1 argument.
CVE-2018-16655 1 Gxlcms 1 Gxlcms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Gxlcms 1.0 has XSS via the PATH_INFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php.
CVE-2018-16654 1 Zurmo 1 Zurmo Crm 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Zurmo 3.2.4 Stable allows XSS via app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1.
CVE-2018-16653 1 Rejucms Project 1 Rejucms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
rejucms 2.1 has XSS via the ucenter/cms_user_add.php u_name parameter.
CVE-2018-16639 1 Typesettercms 1 Typesetter 2024-11-21 3.5 LOW 5.4 MEDIUM
Typesetter 5.1 allows XSS via the index.php/Admin LABEL parameter during new page creation.
CVE-2018-16638 1 Modx 1 Evolution Cms 2024-11-21 3.5 LOW 5.4 MEDIUM
Evolution CMS 1.4.x allows XSS via the manager/ search parameter.
CVE-2018-16637 1 Modx 1 Evolution Cms 2024-11-21 3.5 LOW 5.4 MEDIUM
Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI.
CVE-2018-16636 1 Nucleuscms 1 Nucleus Cms 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Nucleus CMS 3.70 allows HTML Injection via the index.php body parameter.
CVE-2018-16635 1 Blackcat-cms 1 Blackcat Cms 2024-11-21 3.5 LOW 5.4 MEDIUM
Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php.
CVE-2018-16633 1 Pluck-cms 1 Pluck 2024-11-21 3.5 LOW 5.4 MEDIUM
Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title.
CVE-2018-16632 1 Jupo 1 Mezzanine 2024-11-21 3.5 LOW 4.8 MEDIUM
Mezzanine CMS v4.3.1 allows XSS via the /admin/blog/blogcategory/add/?_to_field=id&_popup=1 title parameter at admin/blog/blogpost/add/.
CVE-2018-16631 1 Intelliants 1 Subrion Cms 2024-11-21 3.5 LOW 5.4 MEDIUM
Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter.
CVE-2018-16630 1 Getkirby 1 Kirby 2024-11-21 3.5 LOW 4.8 MEDIUM
Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file.
CVE-2018-16629 1 Intelliants 1 Subrion Cms 2024-11-21 3.5 LOW 4.8 MEDIUM
panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element.
CVE-2018-16628 1 Getkirby 1 Kirby 2024-11-21 3.5 LOW 5.4 MEDIUM
panel/login in Kirby v2.5.12 allows XSS via a blog name.
CVE-2018-16626 1 Typesettercms 1 Typesetter 2024-11-21 3.5 LOW 4.8 MEDIUM
index.php/Admin/Classes in Typesetter 5.1 allows XSS via the description of a new class name.
CVE-2018-16625 1 Typesettercms 1 Typesetter 2024-11-21 3.5 LOW 4.8 MEDIUM
index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file with JavaScript in a SCRIPT element.
CVE-2018-16624 1 Getkirby 1 Kirby 2024-11-21 3.5 LOW 5.4 MEDIUM
panel/pages/home/edit in Kirby v2.5.12 allows XSS via the title of a new page.
CVE-2018-16623 1 Getkirby 1 Kirby 2024-11-21 3.5 LOW 4.8 MEDIUM
Kirby V2.5.12 is prone to a Persistent XSS attack via the Title of the "Site options" in the admin panel dashboard dropdown.
CVE-2018-16622 1 Html-js 1 Doracms 2024-11-21 3.5 LOW 5.4 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in /api/content/addOne in DoraCMS v2.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) discription or (2) comments field, related to users/userAddContent.
CVE-2018-16619 1 Sonatype 1 Nexus Repository Manager 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Sonatype Nexus Repository Manager before 3.14 allows XSS.
CVE-2018-16607 1 Opmantek 1 Open-audit 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field.
CVE-2018-16605 1 Dlink 2 Dir-600m, Dir-600m Firmware 2024-11-21 3.5 LOW 5.4 MEDIUM
D-Link DIR-600M devices allow XSS via the Hostname and Username fields in the Dynamic DNS Configuration page.
CVE-2018-16555 1 Siemens 8 Scalance S602, Scalance S602 Firmware, Scalance S612 and 5 more 2024-11-21 3.5 LOW 5.4 MEDIUM
A vulnerability has been identified in SCALANCE S602 (All versions < V4.0.1.1), SCALANCE S612 (All versions < V4.0.1.1), SCALANCE S623 (All versions < V4.0.1.1), SCALANCE S627-2M (All versions < V4.0.1.1). The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At th ...

Show More
CVE-2018-16551 1 Lavalite 1 Lavalite 2024-11-21 3.5 LOW 5.4 MEDIUM
LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit.