Total
29081 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10318 | 1 Frogcms Project | 1 Frogcms | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| Frog CMS 0.9.5 has XSS via the admin/?/page/edit page[keywords] parameter, aka Edit Page Metadata. | |||||
| CVE-2018-10391 | 1 Wuzhicms | 1 Wuzhi Cms | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the email parameter to the index.php?m=member&v=register URI. | |||||
| CVE-2018-10307 | 1 Ilias | 1 Ilias | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| error.php in ILIAS 5.2.x through 5.3.x before 5.3.4 allows XSS via the text of a PDO exception. | |||||
| CVE-2018-6527 | 2 D-link, Dlink | 6 Dir-860l Firmware, Dir-860l, Dir-865l and 3 more | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi. | |||||
| CVE-2018-3764 | 1 Nextcloud | 1 Contacts | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| In Nextcloud Contacts before 2.1.2, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins. | |||||
| CVE-2016-10537 | 1 Backbone Project | 1 Backbone | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the `Model#Escape` function of backbone 0.3.3 and earlier, if a user is able to supply input. This is due to the regex that's replacing things to miss the conversion of things such as `<` to `<`. | |||||
| CVE-2017-14536 | 1 Netfortris | 1 Trixbox | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| trixbox 2.8.0.4 has XSS via the PATH_INFO to /maint/index.php or /user/includes/language/langChooser.php. | |||||
| CVE-2017-7427 | 1 Netiq | 1 Identity Manager | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Manager 4.6.1. In certain scenarios it was possible to execute arbitrary JavaScript code in the context of vulnerable application, via user.Context in the Object Selector, via vdtData in the Version discovery and via nextFrame in the Object Inspector and via Host GUID in the System details plugins. | |||||
| CVE-2018-1000529 | 1 Grails | 1 Grails Fields | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Grails Fields plugin version 2.2.7 contains a Cross Site Scripting (XSS) vulnerability in Using the display tag that can result in XSS . This vulnerability appears to have been fixed in 2.2.8. | |||||
| CVE-2018-10580 | 1 Latest Posts On Profile Project | 1 Latest Posts On Profile | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| The "Latest Posts on Profile" plugin 1.1 for MyBB has XSS because there is an added section in a user profile that displays that user's most recent posts without sanitizing the tsubject (aka thread subject) field. | |||||
| CVE-2018-11011 | 1 Halo | 1 Halo | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to FrontCommentController.java. | |||||
| CVE-2018-0251 | 1 Cisco | 1 Adaptive Security Appliance Software | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the Web Server Authentication Required screen of the Clientless Secure Sockets Layer (SSL) VPN portal of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of that portal on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the portal or allow the attacker to access sensitive browser-based information. This vulnerability affects the following Cisco products if they are running a vulnerable release of Cisco ASA Software: 3000 Series Industrial Security Appliances, Adaptive Security Virtual Appliance (ASAv), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches, ASA Services Module for Cisco 7600 Series Routers. Cisco Bug IDs: CSCvh20742. | |||||
| CVE-2018-6882 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment. | |||||
| CVE-2012-6346 | 1 Fortinet | 1 Fortiweb | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in FortiWeb before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) redir or (2) mkey parameter to waf/pcre_expression/validate. | |||||
| CVE-2017-18121 | 2 Debian, Simplesamlphp | 2 Debian Linux, Simplesamlphp | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim's web browser. | |||||
| CVE-2018-8078 | 1 Yzmcms | 1 Yzmcms | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| YzmCMS 3.7 has Stored XSS via the title parameter to advertisement/adver/edit.html. | |||||
| CVE-2018-1376 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Security Guardium Big Data Intelligence (SonarG) 3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137777. | |||||
| CVE-2018-13256 | 1 Chartered Accountant \ | 1 Auditor Website Project | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Auditor Website 2.0.1 has XSS via the lastname or firstname parameter. | |||||
| CVE-2018-0602 | 1 Email Subscribers \& Newsletters Project | 1 Email Subscribers \& Newsletters | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Email Subscribers & Newsletters versions prior to 3.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-12711 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page URL. | |||||