Total
41664 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18419 | 1 Ardawan | 1 User Management | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1, as demonstrated by a .jpg filename to the /account URI. | |||||
| CVE-2018-18417 | 1 Creativeitem | 1 Ekushey Project Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI. | |||||
| CVE-2018-18416 | 1 Pokkho | 1 Lango | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| LANGO Codeigniter Multilingual Script 1.0 has XSS in the input and upload sections, as demonstrated by the site_name parameter to the admin/settings/update URI. | |||||
| CVE-2018-18405 | 1 Jquery | 1 Jquery | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry | |||||
| CVE-2018-18381 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments. | |||||
| CVE-2018-18379 | 1 Elementor | 1 Elementor Page Builder | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The elementor-edit-template class in wp-admin/customize.php in the Elementor Pro plugin before 2.0.10 for WordPress has XSS. | |||||
| CVE-2018-18374 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter. | |||||
| CVE-2018-18373 | 1 Schiocco | 1 Support Board - Chat And Help Desk | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for WordPress, a Stored XSS vulnerability has been discovered in file upload areas in the Chat and Help Desk sections via the msg parameter in a /wp-admin/admin-ajax.php sb_ajax_add_message action. | |||||
| CVE-2018-18372 | 1 Kaasoft | 1 Library Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Stored XSS vulnerability has been discovered in KAASoft Library CMS - Powerful Book Management System 2.1.1 via the /admin/book/create/ title parameter. | |||||
| CVE-2018-18370 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2. | |||||
| CVE-2018-18362 | 1 Symantec | 1 Norton Password Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Norton Password Manager for Android (formerly Norton Identity Safe) may be susceptible to a cross site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. | |||||
| CVE-2018-18361 | 1 Nconsulting | 1 Nc-cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in nc-cms through 2017-03-10. index.php?action=edit_html allows XSS via the name parameter, as demonstrated by a value beginning with home_content and containing a crafted SRC attribute of an IMG element. | |||||
| CVE-2018-18324 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has XSS via the admin/fileManager2.php fm_current_dir parameter, or the admin/index.php module, service_start, service_fullstatus, service_restart, service_stop, or file (within the file_editor) parameter. | |||||
| CVE-2018-18308 | 1 Bigtreecms | 1 Bigtree Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the 4.2.23 version of BigTree, a Stored XSS vulnerability has been discovered in /admin/ajax/file-browser/upload/ (aka the image upload area). | |||||
| CVE-2018-18296 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| MetInfo 6.1.2 has XSS via the /admin/index.php bigclass parameter in an n=column&a=doadd action. | |||||
| CVE-2018-18291 | 1 Asus | 2 Rt-ac58u, Rt-ac58u Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross site scripting (XSS) vulnerability on ASUS RT-AC58U 3.0.0.4.380_6516 devices allows remote attackers to inject arbitrary web script or HTML via Advanced_ASUSDDNS_Content.asp, Advanced_WSecurity_Content.asp, Advanced_Wireless_Content.asp, Logout.asp, Main_Login.asp, MobileQIS_Login.asp, QIS_wizard.htma, YandexDNS.asp, ajax_status.xml, apply.cgi, clients.asp, disk.asp, disk_utility.asp, or internet.asp. | |||||
| CVE-2018-18290 | 1 Nconsulting | 1 Nc-cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in nc-cms through 2017-03-10. index.php?action=edit_html&name=home_content allows XSS via the HTML Source Editor. NOTE: the vendor disputes this because the form requires administrator privileges, and entering JavaScript is supported functionality | |||||
| CVE-2018-18282 | 1 Zeit | 1 Next.js | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page. | |||||
| CVE-2018-18276 | 1 Profiles Project | 1 Profiles | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| XSS exists in the ProFiles 1.5 component for Joomla! via the name or path parameter when creating a new folder in the administrative panel. | |||||
| CVE-2018-18271 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action. | |||||