Search Results (Refine Search)
- Keyword (text search): xss
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-17595 |
In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI. Published: October 02, 2018; 2:29:02 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-17594 |
AirTies Air 5443v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. Published: October 02, 2018; 2:29:02 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-17593 |
AirTies Air 5453 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. Published: October 02, 2018; 2:29:02 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-17591 |
AirTies Air 5343v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. Published: October 02, 2018; 2:29:01 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-17590 |
AirTies Air 5442 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. Published: October 02, 2018; 2:29:01 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-17589 |
AirTies Air 5650 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. Published: October 02, 2018; 2:29:01 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-17588 |
AirTies Air 5021 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. Published: October 02, 2018; 2:29:01 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-17587 |
AirTies Air 5750 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. Published: October 02, 2018; 2:29:01 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-15563 |
_core/admin/pages/add/ in Subrion CMS 4.2.1 has XSS via the titles[en] parameter. Published: October 02, 2018; 2:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-17874 |
ExpressionEngine before 4.3.5 has reflected XSS. Published: October 01, 2018; 7:29:01 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-17868 |
DASAN H660GW devices have Stored XSS in the Port Forwarding functionality. Published: October 01, 2018; 7:29:00 PM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2015-9270 |
XSS exists in the the-holiday-calendar plugin before 1.11.3 for WordPress via the thc-month parameter. Published: October 01, 2018; 7:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-17835 |
An issue was discovered in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalink Structure parameter, which injects the XSS payload into any page created at the admin/pages.php URI. Published: October 01, 2018; 4:29:01 AM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-17832 |
XSS exists in WUZHI CMS 2.0 via the index.php v or f parameter. Published: October 01, 2018; 4:29:01 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-17830 |
The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted). The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=&args[ substring. Published: October 01, 2018; 4:29:01 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-17218 |
An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is reflected XSS in the SQUEAL search function. Published: September 30, 2018; 9:29:00 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-17574 |
An issue was discovered in YMFE YApi 1.3.23. There is stored XSS in the name field of a project. Published: September 28, 2018; 5:29:00 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-17571 |
Vanilla before 2.6.1 allows XSS via the email field of a profile. Published: September 28, 2018; 1:29:00 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-16277 |
The Image Import function in XWiki through 10.7 has XSS. Published: September 27, 2018; 8:29:01 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-17316 |
On the RICOH MP C6003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. Published: September 26, 2018; 6:29:02 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |