Total
38234 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-19170 | 1 Jpress | 1 Jpress | 2024-11-21 | N/A |
| In JPress v1.0-rc.5, there is stored XSS via each of the first three input fields to the starter-tomcat-1.0/admin/setting URI, as demonstrated by the web_name parameter. | ||||
| CVE-2018-19146 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | N/A |
| Concrete5 8.4.3 has XSS because config/concrete.php allows uploads (by administrators) of SVG files that may contain HTML data with a SCRIPT element. | ||||
| CVE-2018-19145 | 1 S-cms | 1 S-cms | 2024-11-21 | N/A |
| An issue was discovered in S-CMS v1.5. There is an XSS vulnerability in search.php via the keyword parameter. | ||||
| CVE-2018-19142 | 1 Otrs | 1 Open Ticket Request System | 2024-11-21 | N/A |
| Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an admin to conduct an XSS attack via a modified URL. | ||||
| CVE-2018-19141 | 2 Debian, Otrs | 2 Debian Linux, Open Ticket Request System | 2024-11-21 | N/A |
| Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled. | ||||
| CVE-2018-19137 | 1 Domainmod | 1 Domainmod | 2024-11-21 | N/A |
| DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address.php ipid parameter. | ||||
| CVE-2018-19136 | 1 Domainmod | 1 Domainmod | 2024-11-21 | N/A |
| DomainMOD through 4.11.01 has XSS via the assets/edit/registrar-account.php raid parameter. | ||||
| CVE-2018-19131 | 1 Squid-cache | 1 Squid | 2024-11-21 | N/A |
| Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors. | ||||
| CVE-2018-19092 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | N/A |
| An issue was discovered in YzmCMS v5.2. It has XSS via a search/index/archives/pubtime/ query string, as demonstrated by the search/index/archives/pubtime/1526387722/page/1.html URI. NOTE: this does not obtain a user's cookie. | ||||
| CVE-2018-19091 | 1 Tianti Project | 1 Tianti | 2024-11-21 | N/A |
| tianti 2.3 has reflected XSS in the user management module via the tianti-module-admin/user/list userName parameter. | ||||
| CVE-2018-19090 | 1 Tianti Project | 1 Tianti | 2024-11-21 | N/A |
| tianti 2.3 has stored XSS in the article management module via an article title. | ||||
| CVE-2018-19089 | 1 Tianti Project | 1 Tianti | 2024-11-21 | N/A |
| tianti 2.3 has stored XSS in the userlist module via the tianti-module-admin/user/ajax/save_role name parameter, which is mishandled in tianti-module-admin\src\main\webapp\WEB-INF\views\user\user_list.jsp. | ||||
| CVE-2018-19083 | 1 Wecenter | 1 Wecenter | 2024-11-21 | N/A |
| WeCenter 3.2.0 through 3.2.2 has XSS in the views/default/question/index.tpl.html htmlspecialchars_decode function via the /?/publish/ajax/publish_question/ question_content parameter. | ||||
| CVE-2018-19080 | 2 Foscam, Opticam | 6 C2, C2 Application Firmware, C2 System Firmware and 3 more | 2024-11-21 | N/A |
| An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetHostname method allows unauthenticated persistent XSS. | ||||
| CVE-2018-19057 | 1 Sparksuite | 1 Simplemde | 2024-11-21 | N/A |
| SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG element, or via certain input with [ and ( characters, which is mishandled during construction of an A element. | ||||
| CVE-2018-19056 | 1 Ipandao | 1 Editor.md | 2024-11-21 | N/A |
| pandao Editor.md 1.5.0 has DOM XSS via input starting with a "<<" substring, which is mishandled during construction of an A element. | ||||
| CVE-2018-19051 | 1 Metinfo | 1 Metinfo | 2024-11-21 | N/A |
| MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword abt_type parameter. | ||||
| CVE-2018-19050 | 1 Metinfo | 1 Metinfo | 2024-11-21 | N/A |
| MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter. | ||||
| CVE-2018-19048 | 1 Mycolorway | 1 Simditor | 2024-11-21 | N/A |
| Simditor through 2.3.21 allows DOM XSS via an onload attribute within a malformed SVG element. | ||||
| CVE-2018-19041 | 1 Media File Manager Project | 1 Media File Manager | 2024-11-21 | N/A |
| The Media File Manager plugin 1.4.2 for WordPress allows XSS via the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI. | ||||