U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): xss
There are 7,918 matching records.
Displaying matches 6,561 through 6,580.
Vuln ID Summary CVSS Severity
CVE-2018-14869

PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Address Line 2, Bank name, or A/C Holder name field in a profile.

Published: August 06, 2018; 5:29:00 PM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2018-14977

An issue was discovered in QCMS 3.0.1. upload/System/Controller/guest.php has XSS, as demonstrated by the name parameter, a different vulnerability than CVE-2018-8070.

Published: August 06, 2018; 11:29:01 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-14976

An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/category.php has XSS.

Published: August 06, 2018; 11:29:01 AM -0400 		V4.0:(not available)
 V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2018-14975

An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/album.php has XSS.

Published: August 06, 2018; 11:29:01 AM -0400 		V4.0:(not available)
 V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2018-14974

An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/news.php has XSS.

Published: August 06, 2018; 11:29:01 AM -0400 		V4.0:(not available)
 V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2018-14973

An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/product.php has XSS.

Published: August 06, 2018; 11:29:00 AM -0400 		V4.0:(not available)
 V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2018-14972

An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/down.php has XSS.

Published: August 06, 2018; 11:29:00 AM -0400 		V4.0:(not available)
 V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2018-14971

An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/user.php has XSS.

Published: August 06, 2018; 11:29:00 AM -0400 		V4.0:(not available)
 V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2018-14970

An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/slideshow.php has XSS.

Published: August 06, 2018; 11:29:00 AM -0400 		V4.0:(not available)
 V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2018-14969

An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/system.php has XSS.

Published: August 06, 2018; 11:29:00 AM -0400 		V4.0:(not available)
 V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2018-14964

An issue was discovered in EMLsoft 5.4.5. XSS exists via the eml/upload/eml/?action=address&do=edit page.

Published: August 06, 2018; 11:29:00 AM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2018-14962

zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php.

Published: August 06, 2018; 11:29:00 AM -0400 		V4.0:(not available)
 V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2017-12614

It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. Firefox and other browsers don't, and are vulnerable to this attack. Mitigation: The fix for this is to upgrade to Apache Airflow 1.9.0 or above.

Published: August 06, 2018; 9:29:00 AM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-14955

The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute).

Published: August 05, 2018; 2:29:00 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-14954

The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute.

Published: August 05, 2018; 2:29:00 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-14953

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack.

Published: August 05, 2018; 2:29:00 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-14952

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack.

Published: August 05, 2018; 2:29:00 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-14951

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack.

Published: August 05, 2018; 2:29:00 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-14950

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<svg><a xlink:href=" attack.

Published: August 05, 2018; 2:29:00 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-14937

The Add page option in my little forum 2.4.12 allows XSS via the Menu Link field.

Published: August 04, 2018; 9:29:00 PM -0400 		V4.0:(not available)
 V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW