Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16629 | 1 Intelliants | 1 Subrion Cms | 2019-02-26 | 3.5 LOW | 4.8 MEDIUM |
| panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element. | |||||
| CVE-2018-16630 | 1 Getkirby | 1 Kirby | 2019-02-26 | 3.5 LOW | 4.8 MEDIUM |
| Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file. | |||||
| CVE-2018-16628 | 1 Getkirby | 1 Kirby | 2019-02-26 | 3.5 LOW | 5.4 MEDIUM |
| panel/login in Kirby v2.5.12 allows XSS via a blog name. | |||||
| CVE-2018-11627 | 2 Redhat, Sinatrarb | 2 Cloudforms, Sinatra | 2019-02-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception. | |||||
| CVE-2018-19506 | 1 Zurmo | 1 Zurmo | 2019-02-26 | 3.5 LOW | 4.8 MEDIUM |
| Zurmo 3.2.4 has XSS via an admin's use of the name parameter in the reports section, aka the app/index.php/reports/default/details?id=1 URI. | |||||
| CVE-2018-19596 | 1 Zurmo | 1 Zurmo | 2019-02-26 | 3.5 LOW | 4.8 MEDIUM |
| Zurmo 3.2.4 allows HTML Injection via an admin's use of HTML in the report section, a related issue to CVE-2018-19506. | |||||
| CVE-2018-19508 | 1 Cmsimple | 1 Cmsimple | 2019-02-26 | 3.5 LOW | 4.8 MEDIUM |
| CMSimple 4.7.5 has XSS via an admin's upload of an SVG file at a ?userfiles&subdir=userfiles/images/flags/ URI. | |||||
| CVE-2018-19597 | 1 Cmsmadesimple | 1 Cms Made Simple | 2019-02-26 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798. | |||||
| CVE-2010-2265 | 1 Microsoft | 3 Windows 2003 Server, Windows Server 2003, Windows Xp | 2019-02-26 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction. | |||||
| CVE-2011-0096 | 1 Microsoft | 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more | 2019-02-26 | 4.3 MEDIUM | N/A |
| The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability." | |||||
| CVE-2011-1894 | 1 Microsoft | 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more | 2019-02-26 | 4.3 MEDIUM | N/A |
| The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability." | |||||
| CVE-2009-0239 | 1 Microsoft | 3 Windows Search, Windows Server 2003, Windows Xp | 2019-02-26 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability." | |||||
| CVE-2012-2005 | 2 Hp, Microsoft | 4 Insight Management Agents, Windows 2003 Server, Windows Server 2003 and 1 more | 2019-02-26 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-19905 | 1 Razorcms | 1 Razorcms | 2019-02-26 | 3.5 LOW | 5.4 MEDIUM |
| HTML injection exists in razorCMS 3.4.8 via the /#/page keywords parameter. | |||||
| CVE-2018-19904 | 1 Xsltcms.org Project | 1 Xsltcms.org | 2019-02-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Persistent XSS exists in XSLT CMS via the create/?action=items.edit&type=Page "body" field. | |||||
| CVE-2015-5454 | 1 Nucleuscms | 1 Nucleus Cms | 2019-02-26 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Nucleus CMS allows remote attackers to inject arbitrary web script or HTML via the title parameter when adding a new item. | |||||
| CVE-2018-19903 | 1 Xsltcms.org Project | 1 Xsltcms.org | 2019-02-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Persistent XSS exists in XSLT CMS via the create/?action=items.edit&type=Page title field. | |||||
| CVE-2018-19507 | 1 Cmsimple | 1 Cmsimple | 2019-02-25 | 3.5 LOW | 4.8 MEDIUM |
| CMSimple 4.7.5 has XSS via an admin's use of a ?file=config&action=array URI. | |||||
| CVE-2018-19844 | 1 Frogcms Project | 1 Frogcms | 2019-02-25 | 3.5 LOW | 4.8 MEDIUM |
| FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, which is mishandled during an edit action, a related issue to CVE-2018-10319. | |||||
| CVE-2018-17302 | 1 Espocrm | 1 Espocrm | 2019-02-25 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /#Email/view saved draft message. | |||||