Search Results (Refine Search)
- Keyword (text search): xss
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-19927 |
Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zForm_save_changes sip_nick parameter. The password of alphaadmin for the admin account may be used for authentication in some cases. Published: December 06, 2018; 6:29:01 PM -0500 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-19926 |
Zenitel Norway IP-StationWeb before 4.2.3.9 allows reflected XSS via the goform/ PATH_INFO. Published: December 06, 2018; 6:29:01 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-19924 |
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. An email address can be modified in between the request for a validation code and the entry of the validation code, leading to storage of an XSS payload contained in the modified address. Published: December 06, 2018; 6:29:01 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-19921 |
Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller. Published: December 06, 2018; 5:29:04 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-19919 |
Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php data[title] parameter, as demonstrated by a crafted onload attribute of an SVG element. Published: December 06, 2018; 3:29:00 PM -0500 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-19915 |
DomainMOD through 4.11.01 has XSS via the assets/edit/host.php Web Host Name or Web Host URL field. Published: December 06, 2018; 2:29:00 PM -0500 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-19914 |
DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field. Published: December 06, 2018; 2:29:00 PM -0500 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-19913 |
DomainMOD through 4.11.01 has XSS via the assets/add/registrar-accounts.php UserName, Reseller ID, or notes field. Published: December 06, 2018; 2:29:00 PM -0500 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-19892 |
DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field. Published: December 05, 2018; 10:29:00 PM -0500 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-19877 |
login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field. Published: December 05, 2018; 4:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-18642 |
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has XSS. Published: December 04, 2018; 6:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-11348 |
Two XSS vulnerabilities are located in the profile edition page of the user panel of the YunoHost 2.7.2 through 2.7.14 web application. By injecting a JavaScript payload, these flaws could be used to manipulate a user's session. Published: December 04, 2018; 12:29:00 PM -0500 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-16633 |
Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title. Published: December 04, 2018; 11:29:00 AM -0500 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-16631 |
Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter. Published: December 04, 2018; 11:29:00 AM -0500 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-16629 |
panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element. Published: December 04, 2018; 11:29:00 AM -0500 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-16628 |
panel/login in Kirby v2.5.12 allows XSS via a blog name. Published: December 04, 2018; 11:29:00 AM -0500 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-19849 |
An issue was discovered in YzmCMS 5.2. XSS exists via the admin/content/search.html searinfo parameter. Published: December 04, 2018; 4:29:00 AM -0500 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-19836 |
In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers (including the Cookie header), and common.inc.php allows registering variables from the $_COOKIE value. This issue can, for example, be exploited in conjunction with CVE-2018-19835 to bypass many XSS filters such as the Chrome XSS filter. Published: December 03, 2018; 2:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-19835 |
Metinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_columnerr4 parameter. Published: December 03, 2018; 2:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-1002009 |
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable. Published: December 03, 2018; 11:29:00 AM -0500 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |