Total
38102 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-16347 | 1 Gleezcms | 1 Gleez Cms | 2024-11-21 | N/A |
| An issue was discovered in Gleez CMS v1.2.0. There is XSS via media/imagecache/resize. | ||||
| CVE-2018-16346 | 1 Chemcms Project | 1 Chemcms | 2024-11-21 | N/A |
| ChemCMS 1.0.6 has XSS via the "setting -> website information" field. | ||||
| CVE-2018-16342 | 1 Showdoc | 1 Showdoc | 2024-11-21 | N/A |
| ShowDoc v1.8.0 has XSS via a new page. | ||||
| CVE-2018-16330 | 1 Ipandao | 1 Editor.md | 2024-11-21 | N/A |
| Pandao Editor.md 1.5.0 allows XSS via crafted attributes of an invalid IMG element. | ||||
| CVE-2018-16327 | 1 Intelliants | 1 Subrion | 2024-11-21 | N/A |
| There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration. | ||||
| CVE-2018-16326 | 1 Phpscriptsmall | 1 Olx Clone | 2024-11-21 | N/A |
| PHP Scripts Mall Olx Clone 3.4.2 has XSS. | ||||
| CVE-2018-16325 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | N/A |
| There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field. | ||||
| CVE-2018-16324 | 1 Icewarp | 1 Mail Server | 2024-11-21 | N/A |
| In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field. | ||||
| CVE-2018-16316 | 1 Portainer | 1 Portainer | 2024-11-21 | N/A |
| A stored Cross-site scripting (XSS) vulnerability in Portainer through 1.19.1 allows remote authenticated users to inject arbitrary JavaScript and/or HTML via the Team Name field. | ||||
| CVE-2018-16313 | 1 Bludit | 1 Bludit | 2024-11-21 | N/A |
| Bludit 2.3.4 allows XSS via a user name. | ||||
| CVE-2018-16298 | 1 1234n | 1 Minicms | 2024-11-21 | N/A |
| An issue was discovered in MiniCMS 1.10. There is an mc-admin/post.php?tag= XSS vulnerability for a state=delete, state=draft, or state=publish request. | ||||
| CVE-2018-16285 | 1 Userproplugin | 1 Userpro | 2024-11-21 | N/A |
| The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userpro_shortcode_template action to wp-admin/admin-ajax.php. | ||||
| CVE-2018-16277 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A |
| The Image Import function in XWiki through 10.7 has XSS. | ||||
| CVE-2018-16259 | 1 Soflyy | 1 Wp All Import | 2024-11-21 | N/A |
| There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-settings large_feed_limit. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator | ||||
| CVE-2018-16258 | 1 Soflyy | 1 Wp All Import | 2024-11-21 | N/A |
| There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-import custom_type. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator | ||||
| CVE-2018-16257 | 1 Soflyy | 1 Wp All Import | 2024-11-21 | N/A |
| There are multiple XSS vulnerabilities in WP All Import plugin 3.4.9 for WordPress via action=template. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator | ||||
| CVE-2018-16256 | 1 Soflyy | 1 Wp All Import | 2024-11-21 | N/A |
| There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via Add Filtering Options(Add Rule). NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator | ||||
| CVE-2018-16255 | 1 Soflyy | 1 Wp All Import | 2024-11-21 | N/A |
| There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=evaluate. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator | ||||
| CVE-2018-16254 | 1 Soflyy | 1 Wp All Import | 2024-11-21 | N/A |
| There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=options. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator | ||||
| CVE-2018-16250 | 1 Creatiwity | 1 Witycms | 2024-11-21 | N/A |
| The "utilisateur" menu in Creatiwity wityCMS 0.6.2 modifies the presence of XSS at two input points for user information, with the "first name" and "last name" parameters. | ||||