Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19227 | 1 Laobancms | 1 Laobancms | 2018-12-11 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/liuyan.php neirong[] parameter. | |||||
| CVE-2018-19223 | 1 Laobancms | 1 Laobancms | 2018-12-11 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in LAOBANCMS 2.0. It allows XSS via the first input field to the admin/type.php?id=1 URI. | |||||
| CVE-2018-19229 | 1 Laobancms | 1 Laobancms | 2018-12-11 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/art.php?typeid=1 biaoti parameter. | |||||
| CVE-2018-18927 | 1 Publiccms | 1 Publiccms | 2018-12-11 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list "attached" attribute (which typically has 'class="icon-globe icon-large"' in its value), as demonstrated by an 'UPDATE sys_module SET attached = "[XSS]" WHERE id="page_list"' statement. | |||||
| CVE-2018-19145 | 1 S-cms | 1 S-cms | 2018-12-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in S-CMS v1.5. There is an XSS vulnerability in search.php via the keyword parameter. | |||||
| CVE-2018-19083 | 1 Wecenter | 1 Wecenter | 2018-12-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| WeCenter 3.2.0 through 3.2.2 has XSS in the views/default/question/index.tpl.html htmlspecialchars_decode function via the /?/publish/ajax/publish_question/ question_content parameter. | |||||
| CVE-2018-19091 | 1 Tianti Project | 1 Tianti | 2018-12-11 | 3.5 LOW | 5.4 MEDIUM |
| tianti 2.3 has reflected XSS in the user management module via the tianti-module-admin/user/list userName parameter. | |||||
| CVE-2018-19089 | 1 Tianti Project | 1 Tianti | 2018-12-11 | 3.5 LOW | 5.4 MEDIUM |
| tianti 2.3 has stored XSS in the userlist module via the tianti-module-admin/user/ajax/save_role name parameter, which is mishandled in tianti-module-admin\src\main\webapp\WEB-INF\views\user\user_list.jsp. | |||||
| CVE-2018-19090 | 1 Tianti Project | 1 Tianti | 2018-12-11 | 3.5 LOW | 5.4 MEDIUM |
| tianti 2.3 has stored XSS in the article management module via an article title. | |||||
| CVE-2018-18909 | 1 Xheditor | 1 Xheditor | 2018-12-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| xhEditor 1.2.2 allows XSS via JavaScript code in the SRC attribute of an IFRAME element within the editor's source-code view. | |||||
| CVE-2018-18825 | 1 Pagoda Linux Project | 1 Pagoda Linux | 2018-12-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pagoda Linux panel V6.0 has XSS via the verification code associated with an invalid account login. A crafted code is mishandled during rendering of the login log. | |||||
| CVE-2018-18919 | 1 Iiong | 1 Wp Editor.md | 2018-12-11 | 3.5 LOW | 4.8 MEDIUM |
| The WP Editor.md plugin 10.0.1 for WordPress allows XSS via the comment area. | |||||
| CVE-2018-7427 | 1 Splunk | 1 Splunk | 2018-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-18717 | 1 Eleanor-cms | 1 Eleanor Cms | 2018-12-10 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in Eleanor CMS through 2015-03-19. XSS exists via the ajax.php?direct=admin&file=autocomplete&query=[XSS] URI. | |||||
| CVE-2018-18868 | 1 No-cms Project | 1 No-cms | 2018-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| No-CMS 1.1.3 is prone to Persistent XSS via a contact_us name parameter, as demonstrated by the VG48Z5PqVWname parameter. | |||||
| CVE-2018-18943 | 1 Basercms | 1 Basercms | 2018-12-10 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the data[UploaderCategory][name] parameter to an admin/uploader/uploader_categories/edit URI. | |||||
| CVE-2011-5260 | 1 Sap | 1 Netweaver | 2018-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2011-4707 | 1 Sap | 1 Netweaver | 2018-12-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet. | |||||
| CVE-2016-1911 | 1 Sap | 1 Netweaver | 2018-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) Runtime Workbench (RWB) or (2) Pmitest servlet in the Process Monitoring Infrastructure (PMI), aka SAP Security Notes 2206793 and 2234918. | |||||
| CVE-2015-6663 | 1 Sap | 1 Afaria | 2018-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Client form in the Device Inspector page in SAP Afaria 7 allows remote attackers to inject arbitrary web script or HTML via crafted client name data, aka SAP Security Note 2152669. | |||||