Total
35377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20150 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins. | |||||
| CVE-2018-20149 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data. | |||||
| CVE-2018-20141 | 1 Abantecart | 1 Abantecart | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| AbanteCart 1.2.12 has reflected cross-site scripting (XSS) via the sort parameter, as demonstrated by a /apparel--accessories?sort= substring. | |||||
| CVE-2018-20140 | 1 Zenphoto | 1 Zenphoto | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zenphoto 1.4.14 has multiple cross-site scripting (XSS) vulnerabilities via different URL parameters. | |||||
| CVE-2018-20138 | 1 Readymadeb2bscript | 1 Entrepreneur B2b Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Entrepreneur B2B Script 3.0.6 allows Stored XSS via Account Settings fields such as FirstName and LastName, a similar issue to CVE-2018-14541. | |||||
| CVE-2018-20137 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| XSS exists in FUEL CMS 1.4.3 via the Page title, Meta description, or Meta keywords during page data management, as demonstrated by the pages/edit/1?lang=english URI. | |||||
| CVE-2018-20136 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| XSS exists in FUEL CMS 1.4.3 via the Header or Body in the Layout Variables during new-page creation, as demonstrated by the pages/edit/1?lang=english URI. | |||||
| CVE-2018-20121 | 1 Podcastgenerator | 1 Podcast Generator | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Podcast Generator 2.7 has stored cross-site scripting (XSS) via the URL addcategory parameter. | |||||
| CVE-2018-20101 | 1 Codection | 1 Import Users From Csv With Meta | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The codection "Import users from CSV with meta" plugin before 1.12.1 for WordPress allows XSS via the value of a cell. | |||||
| CVE-2018-20071 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Insufficiently strict origin checks during JIT payment app installation in Payments in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to install a service worker for a domain that can host attacker controled files via a crafted HTML page. | |||||
| CVE-2018-20017 | 1 Sem-cms | 1 Semcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| SEMCMS 3.5 has XSS via the first text box to the SEMCMS_Main.php URI. | |||||
| CVE-2018-20012 | 1 Phpcmf | 1 Phpcmf | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=member&c=register&m=index URI. | |||||
| CVE-2018-20011 | 1 Domainmod | 1 Domainmod | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field. | |||||
| CVE-2018-20010 | 1 Domainmod | 1 Domainmod | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field. | |||||
| CVE-2018-20009 | 1 Domainmod | 1 Domainmod | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field. | |||||
| CVE-2018-20006 | 1 Phpok | 1 Phpok | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in PHPok v5.0.055. There is a Stored XSS vulnerability via the title parameter to api.php?c=post&f=save (reachable via the index.php?id=book URI). | |||||
| CVE-2018-1984 | 1 Ibm | 1 Rational Team Concert | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 154137. | |||||
| CVE-2018-1983 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Team Concert | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 154136. | |||||
| CVE-2018-1982 | 1 Ibm | 1 Rational Team Concert | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 154135. | |||||
| CVE-2018-1975 | 1 Ibm | 1 Rational Doors Web Access | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational DOORS Web Access 9.5.1 through 9.5.2.9, and 9.6 through 9.6.1.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153916. | |||||