Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19845 | 1 Get-simple | 1 Getsimple Cms | 2019-02-25 | 3.5 LOW | 5.4 MEDIUM |
| There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to CVE-2018-16325. | |||||
| CVE-2018-19901 | 1 No-cms Project | 1 No-cms | 2019-02-25 | 3.5 LOW | 4.8 MEDIUM |
| No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article/index/ "article_title" parameter. | |||||
| CVE-2018-19902 | 1 No-cms Project | 1 No-cms | 2019-02-25 | 3.5 LOW | 4.8 MEDIUM |
| No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article "keyword" parameter. | |||||
| CVE-2018-19918 | 1 Cuppacms | 1 Cuppacms | 2019-02-25 | 3.5 LOW | 5.4 MEDIUM |
| CuppaCMS has XSS via an SVG document uploaded to the administrator/#/component/table_manager/view/cu_views URI. | |||||
| CVE-2018-19600 | 1 Rhymix | 1 Rhymix | 2019-02-25 | 3.5 LOW | 4.8 MEDIUM |
| Rhymix CMS 1.9.8.1 allows XSS via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload. | |||||
| CVE-2018-17301 | 1 Espocrm | 1 Espocrm | 2019-02-25 | 3.5 LOW | 5.4 MEDIUM |
| Reflected XSS exists in client/res/templates/global-search/name-field.tpl in EspoCRM 5.3.6 via /#Account in the search panel. | |||||
| CVE-2019-9142 | 1 B3log | 1 Symphony | 2019-02-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS exists via the userIntro and userNickname fields to processor/SettingsProcessor.java. | |||||
| CVE-2018-19906 | 1 Razorcms | 1 Razorcms | 2019-02-25 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS exists in razorCMS 3.4.8 via the /#/page description parameter. | |||||
| CVE-2019-9078 | 1 Zzcms | 1 Zzcms | 2019-02-25 | 3.5 LOW | 5.4 MEDIUM |
| zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter because inc/stopsqlin.php does not block a mixed-case string such as sCrIpT. | |||||
| CVE-2018-18692 | 1 Semcosoft | 1 Semcosoft | 2019-02-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-Site scripting (XSS) vulnerability in SEMCO Semcosoft 5.3 allows remote attackers to inject arbitrary web scripts or HTML via the username parameter to the Login Form. | |||||
| CVE-2019-9108 | 1 Wuzhicms | 1 Wuzhicms | 2019-02-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in WUZHI CMS 4.1.0 via index.php?m=core&f=map&v=baidumap&x=[XSS]&y=[XSS] to coreframe/app/core/map.php. | |||||
| CVE-2019-9109 | 1 Wuzhicms | 1 Wuzhi Cms | 2019-02-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in WUZHI CMS 4.1.0 via index.php?m=message&f=message&v=add&username=[XSS] to coreframe/app/message/message.php. | |||||
| CVE-2019-9110 | 1 Wuzhicms | 1 Wuzhi Cms | 2019-02-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in WUZHI CMS 4.1.0 via index.php?m=content&f=postinfo&v=listing&set_iframe=[XSS] to coreframe/app/content/postinfo.php. | |||||
| CVE-2019-9107 | 1 Wuzhicms | 1 Wuzhi Cms | 2019-02-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecut&v=init&imgurl=[XSS] to coreframe/app/attachment/imagecut.php. | |||||
| CVE-2019-9066 | 1 Php Appointment Booking Script Project | 1 Php Appointment Booking Script | 2019-02-25 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall PHP Appointment Booking Script 3.0.3 allows HTML injection in a user profile. | |||||
| CVE-2018-20791 | 1 Tecrail | 1 Responsive Filemanager | 2019-02-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the media_preview action. | |||||
| CVE-2019-9016 | 1 Mopcms | 1 Mopcms | 2019-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability was discovered in MOPCMS through 2018-11-30. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[name] parameter in a mod=column request, as demonstrated by the /mopcms/X0AZgf(index).php?mod=column&ac=list&menuid=28&ac=add&menuid=29 URI. | |||||
| CVE-2019-5727 | 1 Splunk | 1 Splunk | 2019-02-22 | 3.5 LOW | 5.4 MEDIUM |
| Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1.14, and 6.0.x before 6.0.15 and Splunk Light before 6.6.0 has Persistent XSS, aka SPL-138827. | |||||
| CVE-2019-8983 | 1 Altn | 1 Mdaemon | 2019-02-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 1 of 2). | |||||
| CVE-2019-8984 | 1 Altn | 1 Mdaemon | 2019-02-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 2 of 2). | |||||