Search Results (Refine Search)
- Keyword (text search): xss
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-7547 |
lyadmin 1.x has XSS via the config[WEB_SITE_TITLE] parameter to the /admin.php?s=/admin/config/groupsave.html URI. Published: February 27, 2018; 4:29:00 PM -0500 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2012-3536 |
Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project. An attacker could send a carefully crafted email to a user of Hupa which would trigger a XSS when the email was opened or when a list of messages were viewed. This issue was addressed in Hupa 0.0.3. Published: February 27, 2018; 2:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-17478 |
An XSS issue was discovered in Designer Studio in Pegasystems Pega Platform 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2, 7.2.1, and 7.2.2. A user with developer credentials can insert malicious code (up to 64 characters) into a text field in Designer Studio, after establishing context. Designer Studio is the developer workbench for Pega Platform. That XSS payload will execute when other developers visit the affected pages. Published: February 27, 2018; 10:29:00 AM -0500 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-4876 |
Adobe Experience Manager versions 6.3, 6.2, and 6.1 are vulnerable to cross-site scripting via a bypass of the Sling XSSAPI#getValidHref function. Published: February 27, 2018; 12:29:00 AM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-0908 |
Microsoft Identity Manager 2016 SP1 allows an attacker to gain elevated privileges when it does not properly sanitize a specially crafted attribute value being displayed to a user on an affected MIM 2016 server, aka "Microsoft Identity Manager XSS Elevation of Privilege Vulnerability." Published: February 26, 2018; 5:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-9425 |
The Facetag extension 0.0.3 for Piwigo allows XSS via the name parameter to ws.php in a facetag.changeTag action. Published: February 25, 2018; 11:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-7476 |
controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site Scripting (XSS) via the id or lid parameter in a c=linkage,m=import request to admin.php, because the xss_clean protection mechanism is defeated by crafted input that lacks a '<' or '>' character. Published: February 25, 2018; 2:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-7447 |
mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. The 'Title' and 'Subtitle' fields of the 'Blog' page are vulnerable. NOTE: The software maintainer disputes this as a vulnerability because the fields claimed to be vulnerable to XSS are only available to administrators who are supposed to have access to add scripts Published: February 23, 2018; 9:29:06 PM -0500 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2018-7302 |
Tiki 17.1 allows upload of a .PNG file that actually has SVG content, leading to XSS. Published: February 21, 2018; 3:29:00 PM -0500 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-7280 |
The Ninja Forms plugin before 3.2.14 for WordPress has XSS. Published: February 21, 2018; 11:29:01 AM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-7261 |
There are multiple Persistent XSS vulnerabilities in Radiant CMS 1.1.4. They affect Personal Preferences (Name and Username) and Configuration (Site Title, Dev Site Domain, Page Parts, and Page Fields). Published: February 21, 2018; 11:29:01 AM -0500 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2016-0348 |
Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3, 3.3.1, 3.3.2, and 3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111813. Published: February 21, 2018; 11:29:00 AM -0500 |
V4.0:(not available) V3.0: 8.0 HIGH V2.0: 6.0 MEDIUM |
CVE-2013-4891 |
The xss_clean function in CodeIgniter before 2.1.4 might allow remote attackers to bypass an intended protection mechanism and conduct cross-site scripting (XSS) attacks via an unclosed HTML tag. Published: February 21, 2018; 11:29:00 AM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-7278 |
An issue was discovered on RLE Protocol Converter FDS-PC / FDS-PC-DP 2.1 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP. Published: February 20, 2018; 8:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-7277 |
An issue was discovered on RLE Wi-MGR/FDS-Wi 6.2 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP. Published: February 20, 2018; 8:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-7265 |
Shimmie 2 2.6.0 allows an attacker to upload a crafted SVG file that enables stored XSS. Published: February 20, 2018; 5:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-6941 |
A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with XSS. Published: February 20, 2018; 10:29:00 AM -0500 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-6940 |
A /shell?cmd= XSS issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with CSRF. Published: February 20, 2018; 10:29:00 AM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-16356 |
Reflected XSS in Kubik-Rubik SIGE (aka Simple Image Gallery Extended) before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/plugin_sige/print.php link with a crafted img, name, or caption parameter. Published: February 20, 2018; 10:29:00 AM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-7198 |
October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page. Published: February 17, 2018; 10:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |