Total
38032 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19191 | 1 Webmin | 1 Webmin | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter. | |||||
| CVE-2018-19190 | 1 Amazon | 1 Payfort-php-sdk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the error.php error_msg parameter. | |||||
| CVE-2018-19189 | 1 Amazon | 1 Payfort-php-sdk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in an error.php echo statement. | |||||
| CVE-2018-19188 | 1 Amazon | 1 Payfort-php-sdk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the success.php fort_id parameter. | |||||
| CVE-2018-19187 | 1 Amazon | 1 Payfort-php-sdk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in a success.php echo statement. | |||||
| CVE-2018-19186 | 1 Amazon | 1 Payfort-php-sdk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the route.php paymentMethod parameter. | |||||
| CVE-2018-19178 | 1 Jeesns | 1 Jeesns | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In JEESNS 1.3, com/lxinet/jeesns/core/utils/XssHttpServletRequestWrapper.java allows stored XSS via an HTML EMBED element, a different vulnerability than CVE-2018-17886. | |||||
| CVE-2018-19170 | 1 Jpress | 1 Jpress | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| In JPress v1.0-rc.5, there is stored XSS via each of the first three input fields to the starter-tomcat-1.0/admin/setting URI, as demonstrated by the web_name parameter. | |||||
| CVE-2018-19146 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Concrete5 8.4.3 has XSS because config/concrete.php allows uploads (by administrators) of SVG files that may contain HTML data with a SCRIPT element. | |||||
| CVE-2018-19145 | 1 S-cms | 1 S-cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in S-CMS v1.5. There is an XSS vulnerability in search.php via the keyword parameter. | |||||
| CVE-2018-19142 | 1 Otrs | 1 Open Ticket Request System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an admin to conduct an XSS attack via a modified URL. | |||||
| CVE-2018-19141 | 2 Debian, Otrs | 2 Debian Linux, Open Ticket Request System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled. | |||||
| CVE-2018-19137 | 1 Domainmod | 1 Domainmod | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address.php ipid parameter. | |||||
| CVE-2018-19136 | 1 Domainmod | 1 Domainmod | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| DomainMOD through 4.11.01 has XSS via the assets/edit/registrar-account.php raid parameter. | |||||
| CVE-2018-19131 | 1 Squid-cache | 1 Squid | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors. | |||||
| CVE-2018-19092 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in YzmCMS v5.2. It has XSS via a search/index/archives/pubtime/ query string, as demonstrated by the search/index/archives/pubtime/1526387722/page/1.html URI. NOTE: this does not obtain a user's cookie. | |||||
| CVE-2018-19091 | 1 Tianti Project | 1 Tianti | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| tianti 2.3 has reflected XSS in the user management module via the tianti-module-admin/user/list userName parameter. | |||||
| CVE-2018-19090 | 1 Tianti Project | 1 Tianti | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| tianti 2.3 has stored XSS in the article management module via an article title. | |||||
| CVE-2018-19089 | 1 Tianti Project | 1 Tianti | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| tianti 2.3 has stored XSS in the userlist module via the tianti-module-admin/user/ajax/save_role name parameter, which is mishandled in tianti-module-admin\src\main\webapp\WEB-INF\views\user\user_list.jsp. | |||||
| CVE-2018-19083 | 1 Wecenter | 1 Wecenter | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WeCenter 3.2.0 through 3.2.2 has XSS in the views/default/question/index.tpl.html htmlspecialchars_decode function via the /?/publish/ajax/publish_question/ question_content parameter. | |||||