Total
35377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16379 | 1 Digimute | 1 Ogma Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Ogma CMS 0.4 Beta has XSS via the "Footer Text footer" field on the "Theme/Theme Options" screen. | |||||
| CVE-2018-16374 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings. | |||||
| CVE-2018-16372 | 1 Ideacms | 1 Ideacms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The issue was discovered in IdeaCMS through 2016-04-30. There is reflected XSS via the index.php?c=content&a=search kw parameter. NOTE: this product is discontinued. | |||||
| CVE-2018-16371 | 1 Pescms | 1 Pescms Team | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| PESCMS Team 2.2.1 has multiple reflected XSS via the keyword parameter: g=Team&m=User&a=index&keyword=, g=Team&m=User_group&a=index&keyword=, g=Team&m=Department&a=index&keyword=, and g=Team&m=Bulletin&a=index&keyword=. | |||||
| CVE-2018-16363 | 1 Filemanagerpro | 1 File Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wp_file_manager request because set_transient is used in file_folder_manager.php and there is an echo of lang in lib\wpfilemanager.php. | |||||
| CVE-2018-16362 | 1 Mantisbt | 1 Source Integration | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the Source Integration plugin before 1.5.9 and 2.x before 2.1.5 for MantisBT. A cross-site scripting (XSS) vulnerability in the Manage Repository and Changesets List pages allows execution of arbitrary code (if CSP settings permit it) via repo_manage_page.php or list.php. | |||||
| CVE-2018-16361 | 1 Btiteam | 1 Xbtit | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in BTITeam XBTIT 2.5.4. news.php allows XSS via the id parameter. | |||||
| CVE-2018-16358 | 1 Dotclear | 1 Dotclear | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml. | |||||
| CVE-2018-16350 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WUZHI CMS 4.1.0 has XSS via the index.php?m=core&f=set&v=basic form[statcode] parameter. | |||||
| CVE-2018-16349 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add form[remark] parameter. | |||||
| CVE-2018-16348 | 1 Seacms | 1 Seacms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| SeaCMS V6.61 has XSS via the admin_video.php v_content parameter, related to the site name. | |||||
| CVE-2018-16347 | 1 Gleezcms | 1 Gleez Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Gleez CMS v1.2.0. There is XSS via media/imagecache/resize. | |||||
| CVE-2018-16346 | 1 Chemcms Project | 1 Chemcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| ChemCMS 1.0.6 has XSS via the "setting -> website information" field. | |||||
| CVE-2018-16342 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| ShowDoc v1.8.0 has XSS via a new page. | |||||
| CVE-2018-16330 | 1 Ipandao | 1 Editor.md | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pandao Editor.md 1.5.0 allows XSS via crafted attributes of an invalid IMG element. | |||||
| CVE-2018-16327 | 1 Intelliants | 1 Subrion | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration. | |||||
| CVE-2018-16326 | 1 Phpscriptsmall | 1 Olx Clone | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Olx Clone 3.4.2 has XSS. | |||||
| CVE-2018-16325 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field. | |||||
| CVE-2018-16324 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field. | |||||
| CVE-2018-16316 | 1 Portainer | 1 Portainer | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored Cross-site scripting (XSS) vulnerability in Portainer through 1.19.1 allows remote authenticated users to inject arbitrary JavaScript and/or HTML via the Team Name field. | |||||