Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14962 | 1 Zzcms | 1 Zzcms | 2018-10-04 | 3.5 LOW | 5.4 MEDIUM |
| zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php. | |||||
| CVE-2017-12614 | 1 Apache | 1 Airflow | 2018-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. Firefox and other browsers don't, and are vulnerable to this attack. Mitigation: The fix for this is to upgrade to Apache Airflow 1.9.0 or above. | |||||
| CVE-2018-14869 | 1 Php Template Store Script Project | 1 Php Template Store Script | 2018-10-04 | 3.5 LOW | 5.4 MEDIUM |
| PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Address Line 2, Bank name, or A/C Holder name field in a profile. | |||||
| CVE-2018-15199 | 1 Auracms | 1 Auracms | 2018-10-04 | 3.5 LOW | 5.4 MEDIUM |
| AuraCMS 2.3 allows XSS via a Bukutamu -> AddGuestbook action. | |||||
| CVE-2009-1310 | 1 Mozilla | 1 Firefox | 2018-10-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element. | |||||
| CVE-2009-0312 | 1 Moinmoin | 1 Moinmoin | 2018-10-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the antispam feature (security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallowed content. | |||||
| CVE-2008-3422 | 2 Mono, Mono Project | 2 Mono, Mono | 2018-10-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren). | |||||
| CVE-2008-0780 | 1 Moinmoin | 1 Moinmoin | 2018-10-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action. | |||||
| CVE-2008-0781 | 1 Moinmoin | 1 Moinmoin | 2018-10-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) message, (2) pagename, and (3) target filenames. | |||||
| CVE-2008-1098 | 1 Moinmoin | 1 Moinmoin | 2018-10-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name, which triggers an injection in PageEditor.py when the page is successfully deleted by a victim in a DeletePage action; or (3) the destination page name for a RenamePage action, which triggers an injection in PageEditor.py when a victim's rename attempt fails because of a duplicate name. NOTE: the AttachFile XSS issue is already covered by CVE-2008-0781, and the login XSS issue is already covered by CVE-2008-0780. | |||||
| CVE-2018-1155 | 1 Tenable | 1 Securitycenter | 2018-10-03 | 3.5 LOW | 5.4 MEDIUM |
| In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented to correct this issue. | |||||
| CVE-2018-12607 | 1 Gitlab | 1 Gitlab | 2018-10-03 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding. | |||||
| CVE-2018-12606 | 1 Gitlab | 1 Gitlab | 2018-10-03 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature. | |||||
| CVE-2018-12605 | 1 Gitlab | 1 Gitlab | 2018-10-03 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter. | |||||
| CVE-2018-14977 | 1 Q-cms | 1 Qcms | 2018-10-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in QCMS 3.0.1. upload/System/Controller/guest.php has XSS, as demonstrated by the name parameter, a different vulnerability than CVE-2018-8070. | |||||
| CVE-2018-14975 | 1 Q-cms | 1 Qcms | 2018-10-03 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/album.php has XSS. | |||||
| CVE-2018-14976 | 1 Q-cms | 1 Qcms | 2018-10-03 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/category.php has XSS. | |||||
| CVE-2018-14974 | 1 Q-cms | 1 Qcms | 2018-10-03 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/news.php has XSS. | |||||
| CVE-2018-14972 | 1 Q-cms | 1 Qcms | 2018-10-03 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/down.php has XSS. | |||||
| CVE-2018-14973 | 1 Q-cms | 1 Qcms | 2018-10-03 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/product.php has XSS. | |||||