Total
35377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14513 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[content] parameter to the index.php?m=feedback&f=index&v=contact URI. | |||||
| CVE-2018-14512 | 1 Wuzhicms | 1 Wuzhi Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[nickname] parameter to the index.php?m=core&f=set&v=sendmail URI. When the administrator accesses the "system settings - mail server" screen, the XSS payload is triggered. | |||||
| CVE-2018-14504 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. A cross-site scripting (XSS) vulnerability in the Edit Filter page allows execution of arbitrary code (if CSP settings permit it) when displaying a filter with a crafted name (e.g., 'foobar" onclick="alert(1)'). | |||||
| CVE-2018-14503 | 1 Coremail | 1 Coremail Xt | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in intervalCheck.jsp in Coremail XT 3.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. | |||||
| CVE-2018-14500 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| joyplus-cms 1.6.0 has XSS via the manager/collect/collect_vod_zhuiju.php keyword parameter. | |||||
| CVE-2018-14499 | 1 Hyphp | 1 Hybbs | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was found in HYBBS through 2016-03-08. There is an XSS vulnerablity via an article title to post.html. | |||||
| CVE-2018-14497 | 1 Tendacn | 2 D152, D152 Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Tenda D152 ADSL routers allow XSS via a crafted SSID. | |||||
| CVE-2018-14493 | 1 Opmantek | 1 Open-audit | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name. | |||||
| CVE-2018-14486 | 1 Dnnsoftware | 1 Dotnetnuke | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML. | |||||
| CVE-2018-14481 | 1 Osclass | 1 Osclass | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Osclass 3.7.4 has XSS via the query string to index.php, a different vulnerability than CVE-2014-6280. | |||||
| CVE-2018-14478 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter. | |||||
| CVE-2018-14476 | 1 Metalgenix | 1 Genixcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step 1 of installation. | |||||
| CVE-2018-14430 | 1 Mondula | 1 Multi Step Form | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows XSS via the fw_data [id][1], fw_data [id][2], fw_data [id][3], fw_data [id][4], or email field of the contact form, exploitable with an fw_send_email action to wp-admin/admin-ajax.php. | |||||
| CVE-2018-14425 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite (ZCS) Zimbra Web Client (ZWC) 8.8.8 before 8.8.8 Patch 7 and 8.8.9 before 8.8.9 Patch 1. | |||||
| CVE-2018-14422 | 1 Sanscms | 1 Sanscms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| blog/index.php in SansCMS 0.7 has XSS via the q parameter. | |||||
| CVE-2018-14419 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page. | |||||
| CVE-2018-14415 | 1 Icmsdev | 1 Icms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in idreamsoft iCMS before 7.0.10. XSS exists via the fourth and fifth input elements on the admincp.php?app=prop&do=add screen. | |||||
| CVE-2018-14397 | 1 Cremecrm | 1 Cremecrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Creme CRM 1.6.12. The organization creation page is affected by 9 stored cross-site scripting vulnerabilities involving the name, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters. | |||||
| CVE-2018-14396 | 1 Cremecrm | 1 Cremecrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Creme CRM 1.6.12. The salesman creation page is affected by 10 stored cross-site scripting vulnerabilities involving the firstname, lastname, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters. | |||||
| CVE-2018-14392 | 1 Mybb | 1 New Threads | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The New Threads plugin before 1.2 for MyBB has XSS. | |||||