Search Results (Refine Search)
- Keyword (text search): xss
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-18943 |
An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the data[UploaderCategory][name] parameter to an admin/uploader/uploader_categories/edit URI. Published: November 05, 2018; 4:29:00 AM -0500 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-18939 |
An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via a seventh input field. Published: November 05, 2018; 4:29:00 AM -0500 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-18938 |
An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an ontoggle attribute to details/open/ within a second input field. Published: November 05, 2018; 4:29:00 AM -0500 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-18927 |
An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list "attached" attribute (which typically has 'class="icon-globe icon-large"' in its value), as demonstrated by an 'UPDATE sys_module SET attached = "[XSS]" WHERE id="page_list"' statement. Published: November 04, 2018; 1:29:00 AM -0500 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-18919 |
The WP Editor.md plugin 10.0.1 for WordPress allows XSS via the comment area. Published: November 04, 2018; 1:29:00 AM -0500 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-18909 |
xhEditor 1.2.2 allows XSS via JavaScript code in the SRC attribute of an IFRAME element within the editor's source-code view. Published: November 03, 2018; 12:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-6343 |
JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder (usually admins) to click on links to /dashbuilder/Controller containing malicious scripts. Successful exploitation would allow execution of script code within the context of the affected user. Published: October 31, 2018; 9:29:00 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-18868 |
No-CMS 1.1.3 is prone to Persistent XSS via a contact_us name parameter, as demonstrated by the VG48Z5PqVWname parameter. Published: October 31, 2018; 2:29:00 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-18841 |
XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexkey parameter. Published: October 30, 2018; 2:29:01 AM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-18840 |
XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexmetatit parameter. Published: October 30, 2018; 2:29:01 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-18825 |
Pagoda Linux panel V6.0 has XSS via the verification code associated with an invalid account login. A crafted code is mishandled during rendering of the login log. Published: October 30, 2018; 2:29:00 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-18783 |
XSS was discovered in SEMCMS V3.4 via the semcms_remail.php?type=ok umail parameter. Published: October 29, 2018; 8:29:10 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-18782 |
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ftype parameter. Published: October 29, 2018; 8:29:10 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-18781 |
DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or keyword parameter. Published: October 29, 2018; 8:29:10 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-18745 |
An XSS issue was discovered in SEMCMS 3.4 via admin/SEMCMS_Menu.php?lgid=1 during editing. Published: October 29, 2018; 8:29:09 AM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-18744 |
An XSS issue was discovered in SEMCMS 3.4 via the fifth text box to the admin/SEMCMS_Main.php URI. Published: October 29, 2018; 8:29:09 AM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-18743 |
An XSS issue was discovered in SEMCMS 3.4 via the second text field to the admin/SEMCMS_Categories.php?pid=1&lgid=1 URI. Published: October 29, 2018; 8:29:09 AM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-18741 |
An XSS issue was discovered in SEMCMS 3.4 via admin/SEMCMS_Download.php?lgid=1 during editing. Published: October 29, 2018; 8:29:08 AM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-18740 |
An XSS issue was discovered in SEMCMS 3.4 via the first input field to the admin/SEMCMS_Link.php?lgid=1 URI. Published: October 29, 2018; 8:29:08 AM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-18739 |
An XSS issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_Products.php?lgid=1 Keywords field. Published: October 29, 2018; 8:29:08 AM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |