Total
38242 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-19554 | 1 Dotcms | 1 Dotcms | 2024-11-21 | N/A |
| An issue was discovered in Dotcms through 5.0.3. Attackers may perform XSS attacks via the inode, identifier, or fieldName parameter in html/js/dotcms/dijit/image/image_tool.jsp. | ||||
| CVE-2018-19547 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | N/A |
| JTBC(PHP) 3.0.1.7 has XSS via the console/xml/manage.php?type=action&action=edit content parameter. | ||||
| CVE-2018-19546 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | N/A |
| JTBC(PHP) 3.0.1.7 has CSRF via the console/xml/manage.php?type=action&action=edit URI, as demonstrated by an XSS payload in the content parameter. | ||||
| CVE-2018-19527 | 1 I4 | 1 Ai Si Assistant | 2024-11-21 | N/A |
| i4 assistant 7.85 allows XSS via a crafted machine name field within iOS settings. | ||||
| CVE-2018-19525 | 1 Systrome | 6 Cumilon Isg-600c, Cumilon Isg-600c Firmware, Cumilon Isg-600h and 3 more | 2024-11-21 | N/A |
| An issue was discovered on Systrome ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. There is CSRF via /ui/?g=obj_keywords_add and /ui/?g=obj_keywords_addsave with resultant XSS because of a lack of csrf token validation. | ||||
| CVE-2018-19509 | 1 Ens | 1 Webgalamb | 2024-11-21 | N/A |
| wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars() instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to XSS. | ||||
| CVE-2018-19508 | 1 Cmsimple | 1 Cmsimple | 2024-11-21 | N/A |
| CMSimple 4.7.5 has XSS via an admin's upload of an SVG file at a ?userfiles&subdir=userfiles/images/flags/ URI. | ||||
| CVE-2018-19507 | 1 Cmsimple | 1 Cmsimple | 2024-11-21 | N/A |
| CMSimple 4.7.5 has XSS via an admin's use of a ?file=config&action=array URI. | ||||
| CVE-2018-19506 | 1 Zurmo | 1 Zurmo | 2024-11-21 | N/A |
| Zurmo 3.2.4 has XSS via an admin's use of the name parameter in the reports section, aka the app/index.php/reports/default/details?id=1 URI. | ||||
| CVE-2018-19498 | 1 Simplenia | 1 Pages | 2024-11-21 | N/A |
| The Simplenia Pages plugin 2.6.0 for Atlassian Bitbucket Server has XSS. | ||||
| CVE-2018-19493 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is a persistent XSS vulnerability in the environment pages due to a lack of input validation and output encoding. | ||||
| CVE-2018-19469 | 1 Articlecms Project | 1 Articlecms | 2024-11-21 | N/A |
| ArticleCMS through 2017-02-19 has XSS via the /update_personal_infomation realname or email parameter. | ||||
| CVE-2018-19465 | 1 Maccms | 1 Maccms | 2024-11-21 | N/A |
| Maccms through 8.0 allows XSS via the site_keywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/system_config.html, related to template/paody/html/vod_index.html. | ||||
| CVE-2018-19464 | 1 Dismall | 1 Discuz\! | 2024-11-21 | 4.8 Medium |
| Discuz! X3.4 allows XSS via admin.php because admincp/admincp_setting.php and template\default\common\footer.htm mishandles statcode field from third-party stats code. | ||||
| CVE-2018-19461 | 1 Phome | 1 Empirecms | 2024-11-21 | N/A |
| admin\db\DoSql.php in EmpireCMS through 7.5 allows XSS via crafted SQL syntax to admin/admin.php. | ||||
| CVE-2018-19439 | 1 Oracle | 1 Secure Global Desktop | 2024-11-21 | N/A |
| XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). helpwindow.jsp has reflected XSS via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter. | ||||
| CVE-2018-19433 | 1 Showdoc | 1 Showdoc | 2024-11-21 | N/A |
| ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value. | ||||
| CVE-2018-19414 | 1 Plikli | 1 Plikli Cms | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Plikli CMS 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to groups.php; (2) username parameter to login.php; or (3) date parameter to search.php. | ||||
| CVE-2018-19394 | 1 Cobham | 4 Satcom Sailor 800, Satcom Sailor 800 Firmware, Satcom Sailor 900 and 1 more | 2024-11-21 | N/A |
| Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device's configuration file, inserting an XSS payload into a relevant field (e.g., Satellite name), and then restoring the malicious configuration file. | ||||
| CVE-2018-19391 | 1 Cobham | 4 Satcom Sailor 250, Satcom Sailor 250 Firmware, Satcom Sailor 500 and 1 more | 2024-11-21 | N/A |
| Cobham Satcom Sailor 250 and 500 devices before 1.25 contained persistent XSS, which could be exploited by an unauthenticated threat actor via the /index.lua?pageID=Phone%20book name field. | ||||