Search Results (Refine Search)
- Keyword (text search): xss
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-15570 |
In waimai Super Cms 20150505, there is stored XSS via the /admin.php/Foodcat/editsave fcname parameter. Published: August 19, 2018; 9:29:01 PM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-15567 |
CMSUno before 1.5.3 has XSS via the title field. Published: August 19, 2018; 9:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-15566 |
tp5cms through 2017-05-25 has XSS via the admin.php/article/index.html q parameter. Published: August 19, 2018; 9:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-15559 |
The editor in Xiuno BBS 4.0.4 allows stored XSS. Published: August 19, 2018; 8:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-14888 |
inc/plugins/thankyoulike.php in the Eldenroot Thank You/Like plugin before 3.1.0 for MyBB allows XSS via a post or thread subject. Published: August 14, 2018; 2:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-3781 |
A missing sanitization of search results for an autocomplete field in NextCloud Talk <3.2.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users. Published: August 13, 2018; 3:29:01 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-3780 |
A missing sanitization of search results for an autocomplete field in NextCloud Server <13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users. Published: August 13, 2018; 3:29:00 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-14850 |
Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the mouse pointer over a modified link or thumb image. Published: August 13, 2018; 1:29:01 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-14849 |
Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php. Published: August 13, 2018; 1:29:01 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-10569 |
An issue was discovered in Edimax EW-7438RPn Mini v2 before version 1.26. There is XSS in an SSID field. Published: August 13, 2018; 1:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-15190 |
PHP Scripts Mall hotel-booking-script 2.0.4 allows XSS via the First Name, Last Name, or Address field. Published: August 10, 2018; 1:29:00 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-14837 |
Wolf CMS 0.8.3.1 has XSS in the Snippets tab, as demonstrated by a ?/admin/snippet/edit/1 URI. Published: August 10, 2018; 12:29:00 PM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-15189 |
PHP Scripts Mall advanced-real-estate-script has XSS via the Name field of a profile. Published: August 10, 2018; 11:29:01 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-15184 |
PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 has Stored XSS via the USERNAME field, a related issue to CVE-2018-6795. Published: August 09, 2018; 3:29:01 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-15183 |
PHP Scripts Mall Myperfectresume / JobHero / Resume Clone Script 2.0.6 has Stored XSS via the Full Name and Title fields. Published: August 09, 2018; 3:29:01 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-15182 |
PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the FirstName and LastName fields. Published: August 09, 2018; 3:29:00 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-15181 |
JioFi 4G Hotspot M2S devices allow attackers to cause a denial of service (secure configuration outage) via an XSS payload in the SSID name and Security Key fields. Published: August 09, 2018; 3:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 6.8 MEDIUM |
CVE-2018-15199 |
AuraCMS 2.3 allows XSS via a Bukutamu -> AddGuestbook action. Published: August 07, 2018; 11:29:00 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-15130 |
ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter. Published: August 07, 2018; 10:29:00 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-15129 |
ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&ac=comment&ts=do content parameter. Published: August 07, 2018; 3:29:00 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |