Total
35377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16653 | 1 Rejucms Project | 1 Rejucms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| rejucms 2.1 has XSS via the ucenter/cms_user_add.php u_name parameter. | |||||
| CVE-2018-16639 | 1 Typesettercms | 1 Typesetter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Typesetter 5.1 allows XSS via the index.php/Admin LABEL parameter during new page creation. | |||||
| CVE-2018-16638 | 1 Modx | 1 Evolution Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Evolution CMS 1.4.x allows XSS via the manager/ search parameter. | |||||
| CVE-2018-16637 | 1 Modx | 1 Evolution Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI. | |||||
| CVE-2018-16636 | 1 Nucleuscms | 1 Nucleus Cms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Nucleus CMS 3.70 allows HTML Injection via the index.php body parameter. | |||||
| CVE-2018-16635 | 1 Blackcat-cms | 1 Blackcat Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php. | |||||
| CVE-2018-16633 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title. | |||||
| CVE-2018-16632 | 1 Jupo | 1 Mezzanine | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Mezzanine CMS v4.3.1 allows XSS via the /admin/blog/blogcategory/add/?_to_field=id&_popup=1 title parameter at admin/blog/blogpost/add/. | |||||
| CVE-2018-16631 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter. | |||||
| CVE-2018-16630 | 1 Getkirby | 1 Kirby | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file. | |||||
| CVE-2018-16629 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element. | |||||
| CVE-2018-16628 | 1 Getkirby | 1 Kirby | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| panel/login in Kirby v2.5.12 allows XSS via a blog name. | |||||
| CVE-2018-16626 | 1 Typesettercms | 1 Typesetter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| index.php/Admin/Classes in Typesetter 5.1 allows XSS via the description of a new class name. | |||||
| CVE-2018-16625 | 1 Typesettercms | 1 Typesetter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file with JavaScript in a SCRIPT element. | |||||
| CVE-2018-16624 | 1 Getkirby | 1 Kirby | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| panel/pages/home/edit in Kirby v2.5.12 allows XSS via the title of a new page. | |||||
| CVE-2018-16623 | 1 Getkirby | 1 Kirby | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Kirby V2.5.12 is prone to a Persistent XSS attack via the Title of the "Site options" in the admin panel dashboard dropdown. | |||||
| CVE-2018-16622 | 1 Html-js | 1 Doracms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in /api/content/addOne in DoraCMS v2.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) discription or (2) comments field, related to users/userAddContent. | |||||
| CVE-2018-16619 | 1 Sonatype | 1 Nexus Repository Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sonatype Nexus Repository Manager before 3.14 allows XSS. | |||||
| CVE-2018-16607 | 1 Opmantek | 1 Open-audit | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field. | |||||
| CVE-2018-16605 | 1 Dlink | 2 Dir-600m, Dir-600m Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| D-Link DIR-600M devices allow XSS via the Hostname and Username fields in the Dynamic DNS Configuration page. | |||||