Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-79
Total 21765 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-15184 1 Naukri Clone Script Project 1 Naukri Clone Script 2018-10-09 3.5 LOW 5.4 MEDIUM
PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 has Stored XSS via the USERNAME field, a related issue to CVE-2018-6795.
CVE-2016-8527 1 Hp 1 Airwave 2018-10-09 4.3 MEDIUM 6.1 MEDIUM
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into AirWave in the same browser.
CVE-2018-15190 1 Hotel Booking Script Project 1 Hotel Booking Script 2018-10-06 3.5 LOW 5.4 MEDIUM
PHP Scripts Mall hotel-booking-script 2.0.4 allows XSS via the First Name, Last Name, or Address field.
CVE-2018-15189 1 Advanced Real Estate Script Project 1 Advanced Real Estate Script 2018-10-05 3.5 LOW 5.4 MEDIUM
PHP Scripts Mall advanced-real-estate-script has XSS via the Name field of a profile.
CVE-2018-14503 1 Coremail 1 Coremail Xt 2018-10-05 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in intervalCheck.jsp in Coremail XT 3.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter.
CVE-2018-14837 1 Wolfcms 1 Wolf Cms 2018-10-05 3.5 LOW 4.8 MEDIUM
Wolf CMS 0.8.3.1 has XSS in the Snippets tab, as demonstrated by a ?/admin/snippet/edit/1 URI.
CVE-2016-4392 1 Hp 1 Business Service Management 2018-10-05 3.5 LOW 5.4 MEDIUM
A remote cross site scripting vulnerability has been identified in HP Business Service Management software v9.1x, v9.20 - v9.25IP1.
CVE-2018-15182 1 Car Rental Script Project 1 Car Rental Script 2018-10-05 3.5 LOW 5.4 MEDIUM
PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the FirstName and LastName fields.
CVE-2018-15130 1 Thinksaas 1 Thinksaas 2018-10-05 3.5 LOW 5.4 MEDIUM
ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter.
CVE-2017-8991 1 Hp 1 Centralview Fraud Risk Management 2018-10-05 3.5 LOW 5.4 MEDIUM
HPE has identified a cross site scripting (XSS) vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version.
CVE-2018-7075 1 Hp 1 Intelligent Management Center 2018-10-05 4.3 MEDIUM 6.1 MEDIUM
A remote cross-site scripting (XSS) vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT version v7.3 (E0506). The vulnerability is fixed in Intelligent Management Center PLAT 7.3 E0605P04 or subsequent version.
CVE-2018-15129 1 Thinksaas 1 Thinksaas 2018-10-05 3.5 LOW 5.4 MEDIUM
ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&ac=comment&ts=do content parameter.
CVE-2018-15169 1 Zohocorp 1 Manageengine Applications Manager 2018-10-05 4.3 MEDIUM 6.1 MEDIUM
A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter.
CVE-2016-4400 1 Hp 1 Network Node Manager I 2018-10-04 3.5 LOW 5.4 MEDIUM
A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS).
CVE-2016-4399 1 Hp 1 Network Node Manager I 2018-10-04 3.5 LOW 5.4 MEDIUM
A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS).
CVE-2018-12943 1 Seeddms 1 Seeddms 2018-10-04 4.3 MEDIUM 6.1 MEDIUM
Cross-Site Scripting (XSS) vulnerability in every page that includes the "action" URL parameter in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
CVE-2006-3756 1 Geeklog 1 Geeklog 2018-10-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Geeklog 1.4.0sr4 and earlier, and 1.3.11sr6 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when validating comments in (1) lib-comment.php (1.4.0sr4) or (2) comment.php (0.3.11sr6).
CVE-2018-13055 1 Mantisbt 1 Mantisbt 2018-10-04 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO.
CVE-2016-4406 1 Hp 3 Integrated Lights-out, Integrated Lights-out 3 Firmware, Integrated Lights-out 4 Firmware 2018-10-04 4.3 MEDIUM 6.1 MEDIUM
A remote cross site scripting vulnerability was identified in HPE iLO 3 all version prior to v1.88 and HPE iLO 4 all versions prior to v2.44.
CVE-2018-14964 1 Emlsoft Project 1 Emlsoft 2018-10-04 3.5 LOW 5.4 MEDIUM
An issue was discovered in EMLsoft 5.4.5. XSS exists via the eml/upload/eml/?action=address&do=edit page.