Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6215 | 1 Paypal | 1 Php Permissions Sdk | 2018-09-27 | 3.5 LOW | 5.4 MEDIUM |
| paypal/permissions-sdk-php is vulnerable to reflected XSS in the samples/GetAccessToken.php verification_code parameter, resulting in code execution. | |||||
| CVE-2018-14873 | 1 Rincewind Project | 1 Rincewind | 2018-09-27 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Rincewind 0.1. There is a cross-site scripting (XSS) vulnerability involving a p=account request to index.php and another file named commonPages.php. | |||||
| CVE-2018-14904 | 1 Samsung | 1 Syncthru Web Service | 2018-09-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on several parameters, as demonstrated by ruiFw_pid. | |||||
| CVE-2018-14877 | 1 Weaselcms Project | 1 Weaselcms | 2018-09-27 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in WeaselCMS v0.3.5. XSS exists via Site Language, Site Title, Site Description, and Site Keywords on the SETTINGS page. | |||||
| CVE-2018-14936 | 1 Mylittleforum | 1 My Little Forum | 2018-09-27 | 3.5 LOW | 4.8 MEDIUM |
| The Add page option in my little forum 2.4.12 allows XSS via the Title field. | |||||
| CVE-2018-14937 | 1 Mylittleforum | 1 My Little Forum | 2018-09-27 | 3.5 LOW | 4.8 MEDIUM |
| The Add page option in my little forum 2.4.12 allows XSS via the Menu Link field. | |||||
| CVE-2018-14905 | 1 3cx | 1 3cx Web Server | 2018-09-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter. | |||||
| CVE-2018-14906 | 1 3cx | 1 3cx Web Server | 2018-09-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces' propertyPath parameters. | |||||
| CVE-2018-16772 | 1 Hoosk | 1 Hoosk | 2018-09-24 | 3.5 LOW | 4.8 MEDIUM |
| Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new. | |||||
| CVE-2018-16773 | 1 Easycms | 1 Easycms | 2018-09-24 | 3.5 LOW | 4.8 MEDIUM |
| EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field. | |||||
| CVE-2018-14493 | 1 Opmantek | 1 Open-audit | 2018-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name. | |||||
| CVE-2018-0655 | 1 Weseek | 1 Growi | 2018-09-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the app settings section of admin page. | |||||
| CVE-2018-0654 | 1 Weseek | 1 Growi | 2018-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the modal for creating Wiki page. | |||||
| CVE-2018-0653 | 1 Weseek | 1 Growi | 2018-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via Wiki page view. | |||||
| CVE-2018-0652 | 1 Weseek | 1 Growi | 2018-09-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the UserGroup Management section of admin page. | |||||
| CVE-2018-14430 | 1 Mondula | 1 Multi Step Form | 2018-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows XSS via the fw_data [id][1], fw_data [id][2], fw_data [id][3], fw_data [id][4], or email field of the contact form, exploitable with an fw_send_email action to wp-admin/admin-ajax.php. | |||||
| CVE-2018-1999016 | 1 Pydio | 1 Pydio | 2018-09-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pydio version 8.2.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in ./core/vendor/meenie/javascript-packer/example-inline.php line 48; ./core/vendor/dapphp/securimage/examples/test.mysql.static.php lines: 114,118 that can result in an unauthenticated remote attacker manipulating the web client via XSS code injection. This attack appear to be exploitable via the victim openning a specially crafted URL. This vulnerability appears to have been fixed in version 8.2.1. | |||||
| CVE-2018-1999024 | 1 Mathjax | 1 Mathjax | 2018-09-19 | 4.3 MEDIUM | 5.4 MEDIUM |
| MathJax version prior to version 2.7.4 contains a Cross Site Scripting (XSS) vulnerability in the \unicode{} macro that can result in Potentially untrusted Javascript running within a web browser. This attack appear to be exploitable via The victim must view a page where untrusted content is processed using Mathjax. This vulnerability appears to have been fixed in 2.7.4 and later. | |||||
| CVE-2018-1999021 | 1 Gleeztech | 1 Gleezcms | 2018-09-19 | 3.5 LOW | 5.4 MEDIUM |
| Gleezcms Gleez Cms version 1.3.0 contains a Cross Site Scripting (XSS) vulnerability in Profile page that can result in Inject arbitrary web script or HTML via the profile page editor. This attack appear to be exploitable via The victim must navigate to the attacker's profile page. | |||||
| CVE-2018-14527 | 1 Xiao5ucompany Project | 1 Xiao5ucompany | 2018-09-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection mechanism in Safe.asp is insufficient (for example, it considers SCRIPT and IMG elements, but does not consider VIDEO elements). | |||||