Search Results (Refine Search)
- Keyword (text search): xss
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-16450 |
CraftedWeb through 2013-09-24 has reflected XSS via the p parameter. Published: September 04, 2018; 12:29:01 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-16407 |
An issue was discovered in Mayan EDMS before 3.0.3. The Tags app has XSS because tag label values are mishandled. Published: September 03, 2018; 3:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-16406 |
An issue was discovered in Mayan EDMS before 3.0.2. The Cabinets app has XSS via a crafted cabinet label. Published: September 03, 2018; 3:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-16405 |
An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS. Published: September 03, 2018; 3:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-16379 |
Ogma CMS 0.4 Beta has XSS via the "Footer Text footer" field on the "Theme/Theme Options" screen. Published: September 02, 2018; 8:29:01 PM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-16374 |
Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings. Published: September 02, 2018; 8:29:00 PM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-16372 |
The issue was discovered in IdeaCMS through 2016-04-30. There is reflected XSS via the index.php?c=content&a=search kw parameter. NOTE: this product is discontinued. Published: September 02, 2018; 8:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-16371 |
PESCMS Team 2.2.1 has multiple reflected XSS via the keyword parameter: g=Team&m=User&a=index&keyword=, g=Team&m=User_group&a=index&keyword=, g=Team&m=Department&a=index&keyword=, and g=Team&m=Bulletin&a=index&keyword=. Published: September 02, 2018; 8:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-16358 |
A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.php in the media manager in Dotclear through 2.14.1 allows remote authenticated users to upload HTML content containing an XSS payload with the file extension .ahtml. Published: September 02, 2018; 6:29:00 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-16350 |
WUZHI CMS 4.1.0 has XSS via the index.php?m=core&f=set&v=basic form[statcode] parameter. Published: September 02, 2018; 2:29:01 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-16349 |
WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add form[remark] parameter. Published: September 02, 2018; 2:29:01 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-16348 |
SeaCMS V6.61 has XSS via the admin_video.php v_content parameter, related to the site name. Published: September 02, 2018; 2:29:01 PM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-16347 |
An issue was discovered in Gleez CMS v1.2.0. There is XSS via media/imagecache/resize. Published: September 02, 2018; 2:29:01 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-16346 |
ChemCMS 1.0.6 has XSS via the "setting -> website information" field. Published: September 02, 2018; 2:29:01 PM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-16342 |
ShowDoc v1.8.0 has XSS via a new page. Published: September 02, 2018; 2:29:00 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-16330 |
Pandao Editor.md 1.5.0 allows XSS via crafted attributes of an invalid IMG element. Published: September 01, 2018; 11:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-16327 |
There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration. Published: September 01, 2018; 6:29:00 PM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-16325 |
There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field. Published: September 01, 2018; 6:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-16324 |
In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field. Published: September 01, 2018; 2:29:01 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-16313 |
Bludit 2.3.4 allows XSS via a user name. Published: September 01, 2018; 2:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |