Total
41658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16484 | 1 M-server Project | 1 M-server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A XSS vulnerability was found in module m-server <1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names. | |||||
| CVE-2018-16481 | 1 Html-pages Project | 1 Html-pages | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code to be executed in the user's browser due to the absence of sanitization of the paths before rendering. | |||||
| CVE-2018-16480 | 1 Public Project | 1 Public | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A XSS vulnerability was found in module public <0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering. | |||||
| CVE-2018-16474 | 1 Tianma-static Project | 1 Tianma-static | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored xss in tianma-static module versions <=1.0.4 allows an attacker to execute arbitrary javascript. | |||||
| CVE-2018-16471 | 2 Debian, Rack Project | 2 Debian Linux, Rack | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable. | |||||
| CVE-2018-16468 | 2 Debian, Loofah Project | 2 Debian Linux, Loofah | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. | |||||
| CVE-2018-16459 | 1 Exceljs Project | 1 Exceljs | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An unescaped payload in exceljs <v1.6 allows a possible XSS via cell value when worksheet is displayed in browser. | |||||
| CVE-2018-16456 | 1 Phpscriptsmall | 1 Website Seller Script | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a keyword. NOTE: This may overlap with CVE-2018-6870 which has XSS via the Listings Search feature. | |||||
| CVE-2018-16455 | 1 Marketplace Script Project | 1 Marketplace Script | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Market Place Script 1.0.1 allows XSS via a keyword. | |||||
| CVE-2018-16453 | 1 Domain Lookup Script Project | 1 Domain Lookup Script | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Domain Lookup Script 3.0.5 allows XSS in the search bar. | |||||
| CVE-2018-16450 | 1 Craftedweb Project | 1 Craftedweb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| CraftedWeb through 2013-09-24 has reflected XSS via the p parameter. | |||||
| CVE-2018-16407 | 1 Mayan-edms | 1 Mayan Edms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mayan EDMS before 3.0.3. The Tags app has XSS because tag label values are mishandled. | |||||
| CVE-2018-16406 | 1 Mayan-edms | 1 Mayan Edms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mayan EDMS before 3.0.2. The Cabinets app has XSS via a crafted cabinet label. | |||||
| CVE-2018-16405 | 1 Mayan-edms | 1 Mayan Edms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS. | |||||
| CVE-2018-16381 | 1 E107 | 1 E107 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter. | |||||
| CVE-2018-16379 | 1 Digimute | 1 Ogma Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Ogma CMS 0.4 Beta has XSS via the "Footer Text footer" field on the "Theme/Theme Options" screen. | |||||
| CVE-2018-16374 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings. | |||||
| CVE-2018-16372 | 1 Ideacms | 1 Ideacms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The issue was discovered in IdeaCMS through 2016-04-30. There is reflected XSS via the index.php?c=content&a=search kw parameter. NOTE: this product is discontinued. | |||||
| CVE-2018-16371 | 1 Pescms | 1 Pescms Team | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| PESCMS Team 2.2.1 has multiple reflected XSS via the keyword parameter: g=Team&m=User&a=index&keyword=, g=Team&m=User_group&a=index&keyword=, g=Team&m=Department&a=index&keyword=, and g=Team&m=Bulletin&a=index&keyword=. | |||||
| CVE-2018-16363 | 1 Filemanagerpro | 1 File Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wp_file_manager request because set_transient is used in file_folder_manager.php and there is an echo of lang in lib\wpfilemanager.php. | |||||