Total
41666 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19186 | 1 Amazon | 1 Payfort-php-sdk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the route.php paymentMethod parameter. | |||||
| CVE-2018-19178 | 1 Jeesns | 1 Jeesns | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In JEESNS 1.3, com/lxinet/jeesns/core/utils/XssHttpServletRequestWrapper.java allows stored XSS via an HTML EMBED element, a different vulnerability than CVE-2018-17886. | |||||
| CVE-2018-19170 | 1 Jpress | 1 Jpress | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| In JPress v1.0-rc.5, there is stored XSS via each of the first three input fields to the starter-tomcat-1.0/admin/setting URI, as demonstrated by the web_name parameter. | |||||
| CVE-2018-19146 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Concrete5 8.4.3 has XSS because config/concrete.php allows uploads (by administrators) of SVG files that may contain HTML data with a SCRIPT element. | |||||
| CVE-2018-19145 | 1 S-cms | 1 S-cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in S-CMS v1.5. There is an XSS vulnerability in search.php via the keyword parameter. | |||||
| CVE-2018-19142 | 1 Otrs | 1 Open Ticket Request System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an admin to conduct an XSS attack via a modified URL. | |||||
| CVE-2018-19141 | 2 Debian, Otrs | 2 Debian Linux, Open Ticket Request System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled. | |||||
| CVE-2018-19137 | 1 Domainmod | 1 Domainmod | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address.php ipid parameter. | |||||
| CVE-2018-19136 | 1 Domainmod | 1 Domainmod | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| DomainMOD through 4.11.01 has XSS via the assets/edit/registrar-account.php raid parameter. | |||||
| CVE-2018-19131 | 1 Squid-cache | 1 Squid | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors. | |||||
| CVE-2018-19092 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in YzmCMS v5.2. It has XSS via a search/index/archives/pubtime/ query string, as demonstrated by the search/index/archives/pubtime/1526387722/page/1.html URI. NOTE: this does not obtain a user's cookie. | |||||
| CVE-2018-19091 | 1 Tianti Project | 1 Tianti | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| tianti 2.3 has reflected XSS in the user management module via the tianti-module-admin/user/list userName parameter. | |||||
| CVE-2018-19090 | 1 Tianti Project | 1 Tianti | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| tianti 2.3 has stored XSS in the article management module via an article title. | |||||
| CVE-2018-19089 | 1 Tianti Project | 1 Tianti | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| tianti 2.3 has stored XSS in the userlist module via the tianti-module-admin/user/ajax/save_role name parameter, which is mishandled in tianti-module-admin\src\main\webapp\WEB-INF\views\user\user_list.jsp. | |||||
| CVE-2018-19083 | 1 Wecenter | 1 Wecenter | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WeCenter 3.2.0 through 3.2.2 has XSS in the views/default/question/index.tpl.html htmlspecialchars_decode function via the /?/publish/ajax/publish_question/ question_content parameter. | |||||
| CVE-2018-19080 | 2 Foscam, Opticam | 6 C2, C2 Application Firmware, C2 System Firmware and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetHostname method allows unauthenticated persistent XSS. | |||||
| CVE-2018-19057 | 1 Sparksuite | 1 Simplemde | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG element, or via certain input with [ and ( characters, which is mishandled during construction of an A element. | |||||
| CVE-2018-19056 | 1 Ipandao | 1 Editor.md | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| pandao Editor.md 1.5.0 has DOM XSS via input starting with a "<<" substring, which is mishandled during construction of an A element. | |||||
| CVE-2018-19051 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword abt_type parameter. | |||||
| CVE-2018-19050 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter. | |||||