Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1000556 | 1 Veronalabs | 1 Wp Statistics | 2018-08-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which could be from stealing a cookie to code injection. This attack appear to be exploitable via an attacker must craft an URL with payload and send to the user. Victim need to open the link to be affected by reflected XSS. . | |||||
| CVE-2018-1000543 | 1 Rockiger | 1 Akiee | 2018-08-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Akiee version 0.0.3 contains a XSS leading to code execution due to the use of node integration vulnerability in "Details" of a task is not validated that can result in XSS leading to abritrary code execution. This attack appear to be exploitable via The attacker tricks the victim into opening a crafted markdown. | |||||
| CVE-2018-13002 | 1 Weblication | 1 Cms Core \& Grid | 2018-08-20 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in Inhaltsprojekte in Weblication CMS Core & Grid v12.6.24. The vulnerability is located in the `wFilemanager.php` and `index.php` files of the `/grid5/scripts/` modules. The injection point is located in the Project `Title` and the execution point occurs in the `Inhaltsprojekte` output listing section. Remote attackers with privileged user accounts are able to inject their own malicious script code with a persistent attack vector to compromise user session credentials or to manipulate the affected web-application module output context. The request method to inject is POST. | |||||
| CVE-2018-13001 | 1 Sandoba | 1 Cp\ | 2018-08-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in Sandoba CP:Shop v2016.1. The vulnerability is located in the `admin.php` file of the `./cpshop/` module. Remote attackers are able to inject their own script codes to the client-side requested vulnerable web-application parameters. The attack vector of the vulnerability is non-persistent and the request method to inject/execute is GET with the path, search, rename, or dir parameter. | |||||
| CVE-2018-13000 | 1 Anelectron | 1 Advanced Electron Forum | 2018-08-20 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in Advanced Electron Forum (AEF) v1.0.9. A persistent XSS vulnerability is located in the `FTP Link` element of the `Private Message` module. The editor of the private message module allows inserting links without sanitizing the content. This allows remote attackers to inject malicious script code payloads as a private message (aka pmbody). The injection point is the editor ftp link element and the execution point occurs in the message body context on arrival. The request method to inject is POST with restricted user privileges. | |||||
| CVE-2018-12996 | 1 Zohocorp | 1 Manageengine Applications Manager | 2018-08-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager before 13 (Build 13800) allows remote attackers to inject arbitrary web script or HTML via the parameter 'method' to GraphicalView.do. | |||||
| CVE-2018-12919 | 1 Craftedweb Project | 1 Craftedweb | 2018-08-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| In CraftedWeb through 2013-09-24, aasp_includes/pages/notice.php allows XSS via the e parameter. | |||||
| CVE-2018-0603 | 1 Geminilabs | 1 Site Reviews | 2018-08-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Site Reviews versions prior to 2.15.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-12696 | 1 Mao10 | 1 Mao10cms | 2018-08-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| mao10cms 6 allows XSS via the article page. | |||||
| CVE-2018-12695 | 1 Mao10 | 1 Mao10cms | 2018-08-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| mao10cms 6 allows XSS via the m=bbs&a=index page. | |||||
| CVE-2013-6042 | 1 Softaculous | 1 Webuzo | 2018-08-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in filemanager/login.php in the File Manager module in Softaculous Webuzo before 2.1.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter. | |||||
| CVE-2014-0046 | 1 Emberjs | 1 Ember.js | 2018-08-13 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML via the title attribute. | |||||
| CVE-2014-0013 | 1 Emberjs | 1 Ember.js | 2018-08-13 | 3.5 LOW | 5.4 MEDIUM |
| Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application that contains templates whose context is set to a user-supplied primitive value and also contain the `{{this}}` special Handlebars variable. | |||||
| CVE-2015-7565 | 1 Emberjs | 1 Ember.js | 2018-08-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2017-10991 | 1 Wp-statistics | 1 Wp Statistics | 2018-08-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Statistics plugin through 12.0.9 for WordPress has XSS in the rangestart and rangeend parameters on the wps_referrers_page page. | |||||
| CVE-2009-3618 | 1 Viewvc | 1 Viewvc | 2018-08-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in viewvc.py in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the view parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1355 | 1 Vsecurity | 1 Tandberg Video Communication Server | 2018-08-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability on the TANDBERG Video Communication Server (VCS) before X5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Reference ID 66316. | |||||
| CVE-2010-1649 | 1 Joomla | 1 Joomla\! | 2018-08-13 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the back end in Joomla! 1.5 through 1.5.17 allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "various administrator screens," possibly the search parameter in administrator/index.php. | |||||
| CVE-2010-3712 | 1 Joomla | 1 Joomla\! | 2018-08-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before 1.5.21 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving "multiple encoded entities," as demonstrated by the query string to index.php in the com_weblinks or com_content component. | |||||
| CVE-2011-1481 | 1 Phpnuke | 1 Php-nuke | 2018-08-13 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi PHP-Nuke 8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sender_name or (2) sender_email parameter in a Feedback action to modules.php. | |||||