Search Results (Refine Search)
- Keyword (text search): xss
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-10566 |
XSS exists in Flexense DupScout Enterprise from v10.0.18 to v10.7. Published: May 02, 2018; 5:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-10565 |
XSS exists in Flexense DiskSavvy Enterprise from v10.4 to v10.7. Published: May 02, 2018; 5:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-10564 |
XSS exists in Flexense DiskPulse Enterprise from v10.4 to v10.7. Published: May 02, 2018; 5:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-10563 |
An XSS in Flexense SyncBreeze affects all versions (tested from SyncBreeze Enterprise from v10.1 to v10.7). Published: May 02, 2018; 5:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-10294 |
Flexense DiskBoss Enterprise v7.4.28 to v9.1.16 has XSS. Published: May 02, 2018; 5:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-10680 |
Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to "Web site settings --> Basic setting --> Website title" and enters an XSS payload via the zb_system/cmd.php ZC_BLOG_NAME parameter. NOTE: the vendor disputes the security relevance, noting it is "just a functional bug. Published: May 02, 2018; 3:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-10665 |
ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to shib_logout.php and third-party demo files. Published: May 02, 2018; 1:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-10259 |
An Authenticated Stored XSS vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user. Published: May 01, 2018; 3:29:01 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-10365 |
An XSS issue was discovered in the Threads to Link plugin 1.3 for MyBB. When editing a thread, the user is given the option to convert the thread to a link. The thread link input box is not properly sanitized. Published: May 01, 2018; 12:29:00 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-10364 |
BigTree before 4.2.22 has XSS in the Users management page via the name or company field. Published: April 30, 2018; 5:29:00 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-10570 |
Frog CMS 0.9.5 has XSS in /install/index.php via the ['config']['admin_username'] field. Published: April 30, 2018; 12:29:00 PM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-10554 |
An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; (2) includes/components/xicore/downtime.php, related to the update_pages function; (3) the ajaxhelper.php opts or background parameter; (4) the i[] array parameter to ajax_handler.php; or (5) the deploynotification.php title parameter. Published: April 29, 2018; 11:29:00 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-10547 |
An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712. Published: April 29, 2018; 5:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-10527 |
EasyCMS 1.3 is prone to Stored XSS when posting an article; four fields are affected: title, keyword, abstract, and content, as demonstrated by the /admin/index/index.html#listarticle URI. Published: April 28, 2018; 12:29:00 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-7465 |
An XSS issue was discovered in VirtueMart before 3.2.14. All the textareas in the backend of the plugin can be closed by simply adding </textarea> to the value and saving the product/config. By editing back the product/config, the editor's browser will execute everything after the </textarea>, leading to a possible XSS. Published: April 26, 2018; 3:29:00 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-10430 |
An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. There is a Stored XSS Vulnerability in the fourth textbox of "System setting->site setting" of admin/index.php. Published: April 26, 2018; 1:29:00 PM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2017-9275 |
NetIQ Identity Reporting, in versions prior to 5.5 Service Pack 1, is susceptible to an XSS attack. Published: April 26, 2018; 11:29:00 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-6518 |
Composr CMS 10.0.13 has XSS via the site_name parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php. Published: April 26, 2018; 10:29:00 AM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-10422 |
An issue was discovered in HongCMS 3.0.0. The post news feature has Stored XSS via the content field. Published: April 26, 2018; 1:29:00 AM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-10391 |
An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the email parameter to the index.php?m=member&v=register URI. Published: April 26, 2018; 1:29:00 AM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |