Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10391 | 1 Wuzhicms | 1 Wuzhi Cms | 2018-05-24 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the email parameter to the index.php?m=member&v=register URI. | |||||
| CVE-2018-10311 | 1 Wuzhicms | 1 Wuzhi Cms | 2018-05-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tag[pinyin] parameter to the /index.php?m=tags&f=index&v=add URI. | |||||
| CVE-2018-10367 | 1 Wuzhicms | 1 Wuzhi Cms | 2018-05-24 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in WUZHI CMS 4.1.0. The content-management feature has Stored XSS via the title or content section. | |||||
| CVE-2018-10213 | 1 Vaultize | 1 Enterprise File Sharing | 2018-05-24 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is XSS in invitation mail received from a different user, who can modify the HTML in that mail before sending it. | |||||
| CVE-2018-10209 | 1 Vaultize | 1 Enterprise File Sharing | 2018-05-24 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS on the file or folder download pop-up via a crafted file or folder name. | |||||
| CVE-2018-10208 | 1 Vaultize | 1 Enterprise File Sharing | 2018-05-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is anonymous reflected XSS on the error page via a /share/error?message= URI. | |||||
| CVE-2018-10206 | 1 Vaultize | 1 Enterprise File Sharing | 2018-05-24 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS via the optional message field of a file request. | |||||
| CVE-2017-15640 | 1 Phpipam | 1 Phpipam | 2018-05-24 | 3.5 LOW | 5.4 MEDIUM |
| app/sections/user-menu.php in phpIPAM before 1.3.1 has XSS via the ip parameter. | |||||
| CVE-2018-9101 | 1 Mitel | 2 Mivoice Connect, St 14.2 | 2018-05-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the launch_presenter.php page. A successful exploit could allow an attacker to execute arbitrary scripts. | |||||
| CVE-2018-9103 | 1 Mitel | 2 Mivoice Connect, St 14.2 | 2018-05-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. A successful exploit could allow an attacker to execute arbitrary scripts. | |||||
| CVE-2018-10234 | 1 Ultimatemember | 1 User Profile \& Membership | 2018-05-24 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated Cross site Scripting exists in the User Profile & Membership plugin before 2.0.11 for WordPress via the "Account Deletion Custom Text" input field on the wp-admin/admin.php?page=um_options§ion=account page. | |||||
| CVE-2017-17889 | 1 Kliqqi | 1 Kliqqi Cms | 2018-05-24 | 3.5 LOW | 5.4 MEDIUM |
| Kliqqi CMS 3.5.2 has XSS via a crafted group name in pligg/groups.php, a crafted Homepage string in a profile, or a crafted string in Tags or Description within pligg/submit.php. | |||||
| CVE-2018-9104 | 1 Mitel | 2 Mivoice Connect, St 14.2 | 2018-05-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the api.php page. A successful exploit could allow an attacker to execute arbitrary scripts. | |||||
| CVE-2018-10313 | 1 Wuzhicms | 1 Wuzhi Cms | 2018-05-23 | 3.5 LOW | 5.4 MEDIUM |
| WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter to the /index.php?m=member&f=index&v=profile&set_iframe=1 URI. | |||||
| CVE-2018-10374 | 1 Easycms | 1 Easycms | 2018-05-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value) in an index.php?s=/index/search/index.html request. | |||||
| CVE-2018-8831 | 1 Kodi | 1 Kodi | 2018-05-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist. | |||||
| CVE-2015-1952 | 1 Ibm | 1 Security Appscan | 2018-05-22 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM AppScan Enterprise Edition 9.0.x before 9.0.2 iFix 001 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 103416. | |||||
| CVE-2018-1445 | 1 Ibm | 1 Websphere Portal | 2018-05-22 | 3.5 LOW | 5.4 MEDIUM |
| IBM WebSphere Portal 8.0.0 through 8.0.0.1, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139907. | |||||
| CVE-2018-10230 | 1 Zend | 1 Zend Server | 2018-05-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455. | |||||
| CVE-2018-10221 | 1 Wuzhicms | 1 Wuzhicms | 2018-05-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in WUZHI CMS V4.1.0. There is a persistent XSS vulnerability that can steal the administrator cookies via the tag[tag] parameter to the index.php?m=tags&f=index&v=add&&_su=wuzhicms URI. After a website editor (whose privilege is lower than the administrator) logs in, he can add a new TAGS with the XSS payload. | |||||