Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16776 | 1 Creatiwity | 1 Witycms | 2018-11-02 | 3.5 LOW | 4.8 MEDIUM |
| wityCMS 0.6.2 has XSS via the "Site Name" field found in the "Contact" "Configuration" page. | |||||
| CVE-2018-16653 | 1 Rejucms Project | 1 Rejucms | 2018-11-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| rejucms 2.1 has XSS via the ucenter/cms_user_add.php u_name parameter. | |||||
| CVE-2018-14059 | 1 Pimcore | 1 Pimcore | 2018-11-01 | 3.5 LOW | 5.4 MEDIUM |
| Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions. | |||||
| CVE-2018-17090 | 1 I4a | 1 Donlinkage | 2018-11-01 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in DonLinkage 6.6.8. The modules /pages/bazy/bazy_adresow.php and /pages/proxy/add.php are vulnerable to stored XSS that can be triggered by closing <textarea> followed by <script></script> tags. | |||||
| CVE-2008-4065 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2018-11-01 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka "Stripped BOM characters bug." | |||||
| CVE-2018-17130 | 1 Phpmywind | 1 Phpmywind | 2018-11-01 | 3.5 LOW | 5.4 MEDIUM |
| PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header, | |||||
| CVE-2018-16978 | 1 Monstra | 1 Monstra | 2018-10-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Monstra CMS V3.0.4 has XSS when ones tries to register an account with a crafted password parameter to users/registration, a different vulnerability than CVE-2018-11473. | |||||
| CVE-2008-2462 | 1 Caucho | 1 Resin | 2018-10-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the viewfile documentation command in Caucho Resin before 3.0.25, and 3.1.x before 3.1.4, allows remote attackers to inject arbitrary web script or HTML via the file parameter. | |||||
| CVE-2018-14396 | 1 Cremecrm | 1 Cremecrm | 2018-10-31 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Creme CRM 1.6.12. The salesman creation page is affected by 10 stored cross-site scripting vulnerabilities involving the firstname, lastname, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters. | |||||
| CVE-2018-14397 | 1 Cremecrm | 1 Cremecrm | 2018-10-31 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Creme CRM 1.6.12. The organization creation page is affected by 9 stored cross-site scripting vulnerabilities involving the name, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters. | |||||
| CVE-2018-15896 | 1 Website Seller Script Project | 1 Website Seller Script | 2018-10-31 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Website Seller Script 2.0.5 has XSS via Personal Address or Company Name. | |||||
| CVE-2018-16405 | 1 Mayan-edms | 1 Mayan Edms | 2018-10-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS. | |||||
| CVE-2018-16406 | 1 Mayan-edms | 1 Mayan Edms | 2018-10-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mayan EDMS before 3.0.2. The Cabinets app has XSS via a crafted cabinet label. | |||||
| CVE-2018-16407 | 1 Mayan-edms | 1 Mayan Edms | 2018-10-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mayan EDMS before 3.0.3. The Tags app has XSS because tag label values are mishandled. | |||||
| CVE-2018-17025 | 1 Monstra | 1 Monstra | 2018-10-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an edit_page action for a page with no special role. | |||||
| CVE-2018-17026 | 1 Monstra | 1 Monstra | 2018-10-30 | 3.5 LOW | 4.8 MEDIUM |
| admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an edit_page&name=error404 action, a different vulnerability than CVE-2018-10121. | |||||
| CVE-2018-16233 | 1 1234n | 1 Minicms | 2018-10-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| MiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags parameter. | |||||
| CVE-2018-10227 | 1 1234n | 1 Minicms | 2018-10-30 | 3.5 LOW | 5.4 MEDIUM |
| MiniCMS v1.10 has XSS via the mc-admin/conf.php site_link parameter. | |||||
| CVE-2018-10296 | 1 1234n | 1 Minicms | 2018-10-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| MiniCMS V1.10 has XSS via the mc-admin/post-edit.php title parameter. | |||||
| CVE-2018-15899 | 1 1234n | 1 Minicms | 2018-10-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in MiniCMS 1.10. There is a post.php?date= XSS vulnerability. | |||||