Search Results (Refine Search)
- Keyword (text search): xss
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-16773 |
EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field. Published: September 10, 2018; 12:29:01 AM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-16772 |
Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new. Published: September 10, 2018; 12:29:01 AM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-16759 |
The removeXSS function in App/Common/common.php (called from App/Modules/Index/Action/SearchAction.class.php) in EasyCMS v1.4 allows XSS via an onhashchange event. Published: September 09, 2018; 5:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-16736 |
In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the _whatfilter and _messages parameters (in the Filters section of the settings). Published: September 09, 2018; 8:29:00 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-16730 |
\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name. Published: September 08, 2018; 11:29:00 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-16725 |
An issue is discovered in baijiacms V4. XSS exists via the assets/weengine/components/zclip/ZeroClipboard.swf id parameter, aka "Non-standard use of the flash component." Published: September 08, 2018; 11:29:00 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-9283 |
An XSS issue was discovered in CremeCRM 1.6.12. It is affected by 10 stored Cross-Site Scripting (XSS) vulnerabilities in the firstname, lastname, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters in the contact creation and modification page. The payload is stored within the application database and allows the execution of JavaScript code each time a client visit an infected page. Published: September 07, 2018; 6:29:02 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-16363 |
The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wp_file_manager request because set_transient is used in file_folder_manager.php and there is an echo of lang in lib\wpfilemanager.php. Published: September 07, 2018; 6:29:01 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-16655 |
Gxlcms 1.0 has XSS via the PATH_INFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php. Published: September 07, 2018; 1:29:00 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-16654 |
Zurmo 3.2.4 Stable allows XSS via app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1. Published: September 07, 2018; 1:29:00 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-16653 |
rejucms 2.1 has XSS via the ucenter/cms_user_add.php u_name parameter. Published: September 07, 2018; 1:29:00 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-16285 |
The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userpro_shortcode_template action to wp-admin/admin-ajax.php. Published: September 06, 2018; 7:29:01 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-1000671 |
sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available. Published: September 06, 2018; 2:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2018-1000665 |
Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/_base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliver malware, steal HTTP cookies, bypass CORS trust. This attack appear to be exploitable via Victims are typically lured to a web site under the attacker's control; the XSS vulnerability on the target domain is silently exploited without the victim's knowledge. This vulnerability appears to have been fixed in 1.14. Published: September 06, 2018; 1:29:01 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-16459 |
An unescaped payload in exceljs <v1.6 allows a possible XSS via cell value when worksheet is displayed in browser. Published: September 06, 2018; 9:29:00 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-16551 |
LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit. Published: September 05, 2018; 6:29:00 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-16381 |
e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter. Published: September 05, 2018; 5:29:03 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-16361 |
An issue was discovered in BTITeam XBTIT 2.5.4. news.php allows XSS via the id parameter. Published: September 05, 2018; 5:29:03 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-15677 |
The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has stored XSS via the title of a news item. This is also exploitable via CSRF. Published: September 05, 2018; 5:29:01 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-16516 |
helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a crafted URL. Published: September 05, 2018; 10:29:01 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |