Search Results (Refine Search)
- Keyword (text search): xss
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-10268 |
An issue was discovered in FastAdmin V1.0.0.20180417_beta. There is XSS via the application\api\controller\User.php avatar parameter. Published: April 21, 2018; 9:29:01 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-15640 |
app/sections/user-menu.php in phpIPAM before 1.3.1 has XSS via the ip parameter. Published: April 21, 2018; 5:29:00 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-10250 |
iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixin_category action, aka a WeChat Classified Management keyword search. Published: April 20, 2018; 2:29:00 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-10230 |
Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455. Published: April 19, 2018; 12:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-10227 |
MiniCMS v1.10 has XSS via the mc-admin/conf.php site_link parameter. Published: April 19, 2018; 4:29:00 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-10221 |
An issue was discovered in WUZHI CMS V4.1.0. There is a persistent XSS vulnerability that can steal the administrator cookies via the tag[tag] parameter to the index.php?m=tags&f=index&v=add&&_su=wuzhicms URI. After a website editor (whose privilege is lower than the administrator) logs in, he can add a new TAGS with the XSS payload. Published: April 19, 2018; 4:29:00 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-10110 |
D-Link DIR-615 T1 devices allow XSS via the Add User feature. Published: April 18, 2018; 5:29:00 PM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-1000160 |
RisingStack protect version 1.2.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in isXss() function in lib/rules/xss.js that can result in dangerous XSS strings being validated as safe. This attack appears to be exploitable via A number of XSS strings(26) detailed in the GitHub issue #16. Published: April 18, 2018; 3:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-8831 |
A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist. Published: April 18, 2018; 1:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-9999 |
In Zulip Server versions before 1.7.2, there was an XSS issue with user uploads and the (default) LOCAL_UPLOADS_DIR storage backend. Published: April 18, 2018; 4:29:00 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-9990 |
In Zulip Server versions before 1.7.2, there was an XSS issue with stream names in topic typeahead. Published: April 18, 2018; 4:29:00 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-9987 |
In Zulip Server versions 1.5.x, 1.6.x, and 1.7.x before 1.7.2, there was an XSS issue with muting notifications. Published: April 18, 2018; 4:29:00 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-9986 |
In Zulip Server versions before 1.7.2, there were XSS issues with the frontend markdown processor. Published: April 18, 2018; 4:29:00 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-8071 |
Mautic before v2.13.0 has stored XSS via a theme config file. Published: April 18, 2018; 4:29:00 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-10138 |
The CATALooK.netStore module through 7.2.8 for DNN (formerly DotNetNuke) allows XSS via the /ViewEditGoogleMaps.aspx PortalID or CATSkin parameter, or the /ImageViewer.aspx link or desc parameter. Published: April 16, 2018; 4:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-10136 |
iScripts UberforX 2.2 has Stored XSS in the "manage_settings" section of the Admin Panel via a value field to the /cms?section=manage_settings&action=edit URI. Published: April 16, 2018; 2:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-10135 |
iScripts eSwap v2.4 has Reflected XSS via the "catwiseproducts.php" catid parameter in the User Panel. Published: April 16, 2018; 2:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-10128 |
An issue was discovered in XYHCMS 3.5. It has XSS via the test parameter to index.php. Published: April 16, 2018; 11:29:00 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-9169 |
Z-BlogPHP 1.5.1 has XSS via the zb_users/plugin/AppCentre/plugin_edit.php app_id parameter. The component must be accessed directly by an administrator, or through CSRF. Published: April 16, 2018; 5:58:12 AM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-10121 |
plugins/box/pages/pages.admin.php in Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the title section of an admin/index.php?id=pages&action=edit_page&name=error404 (aka Edit 404 page) action. Published: April 16, 2018; 5:58:10 AM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |