Search Results (Refine Search)
- Keyword (text search): xss
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-10118 |
Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New Page screen under the admin/index.php?id=pages URI, related to plugins/box/pages/pages.admin.php. Published: April 16, 2018; 5:58:10 AM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-10109 |
Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog. Published: April 16, 2018; 5:58:09 AM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-10108 |
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the Treturn parameter to /htdocs/webinc/js/bsc_sms_inbox.php. Published: April 16, 2018; 5:58:09 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-10107 |
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the RESULT parameter to /htdocs/webinc/js/info.php. Published: April 16, 2018; 5:58:09 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-10102 |
Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag. Published: April 16, 2018; 5:58:09 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-10097 |
XSS exists in Domain Trader 2.5.3 via the recoverlogin.php email_address parameter. Published: April 16, 2018; 5:58:09 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-10096 |
joyplus-cms 1.6.0 has XSS via the device_name parameter in a manager/admin_ajax.php?action=save flag=add request. Published: April 13, 2018; 12:29:01 PM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2017-0365 |
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations. Published: April 13, 2018; 12:29:00 PM -0400 |
V4.0:(not available) V3.0: 4.7 MEDIUM V2.0: 2.6 LOW |
CVE-2018-6935 |
PHP Scripts Mall Student Profile Management System Script v2.0.6 has XSS via the Name field to list_student.php. Published: April 12, 2018; 6:29:00 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-6904 |
PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name field in an Edit Profile action. Published: April 12, 2018; 6:29:00 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-6902 |
PHP Scripts Mall Image Sharing Script 1.3.3 has XSS via the Full Name field in an Edit Profile action. Published: April 12, 2018; 6:29:00 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-6900 |
PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the Last Name field on the My Profile page. Published: April 12, 2018; 6:29:00 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-6870 |
Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.0.3 via the Listings Search feature. Published: April 12, 2018; 6:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2015-0151 |
Cross-site request forgery (CSRF) vulnerability in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. Published: April 12, 2018; 5:29:00 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-10073 |
joyplus-cms 1.6.0 has XSS in manager/admin_vod.php via the keyword parameter. Published: April 12, 2018; 2:29:00 PM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-10068 |
The jDownloads extension before 3.2.59 for Joomla! has XSS. Published: April 12, 2018; 2:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-10061 |
Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used). Published: April 12, 2018; 12:29:00 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-10060 |
Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php. Published: April 12, 2018; 12:29:00 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-10059 |
Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name. Published: April 12, 2018; 12:29:00 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-10052 |
iScripts SupportDesk v4.3 has XSS via the admin/inteligentsearchresult.php txtinteligentsearch parameter. Published: April 11, 2018; 4:29:00 PM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |