Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-8906 | 1 Dsmall Project | 1 Dsmall | 2018-04-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| dsmall v20180320 has XSS via a crafted street address to public/index.php/home/memberaddress/index.html, which is mishandled at public/index.php/home/memberaddress/edit/address_id/2.html. | |||||
| CVE-2018-8899 | 1 Identityserver | 1 Identityserver4 | 2018-04-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations. | |||||
| CVE-2017-18094 | 1 Atlassian | 2 Crucible, Fisheye | 2018-04-17 | 3.5 LOW | 4.8 MEDIUM |
| Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allow remote attackers with administrative privileges to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the base path setting of a configured file system repository. | |||||
| CVE-2018-9017 | 1 Dsmall Project | 1 Dsmall | 2018-04-17 | 3.5 LOW | 5.4 MEDIUM |
| dsmall v20180320 allows XSS via the member search box at the public/index.php/home/membersnsfriend/findlist.html URI. | |||||
| CVE-2018-9016 | 1 Dsmall Project | 1 Dsmall | 2018-04-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| dsmall v20180320 allows XSS via the main page search box at the public/index.php/home URI. | |||||
| CVE-2018-9307 | 1 Dsmall Project | 1 Dsmall | 2018-04-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| dsmall v20180320 allows XSS via the pdr_sn parameter to public/index.php/home/predeposit/index.html. | |||||
| CVE-2018-9015 | 1 Dsmall Project | 1 Dsmall | 2018-04-17 | 3.5 LOW | 5.4 MEDIUM |
| dsmall v20180320 allows XSS via the public/index.php/home/predeposit/index.html pdr_sn parameter (aka the CMS search box). | |||||
| CVE-2018-9123 | 1 Crea8social | 1 Crea8social | 2018-04-17 | 3.5 LOW | 5.4 MEDIUM |
| In Crea8social 2018.2, there is Stored Cross-Site Scripting via a User Profile. | |||||
| CVE-2018-9122 | 1 Crea8social | 1 Crea8social | 2018-04-17 | 3.5 LOW | 5.4 MEDIUM |
| In Crea8social 2018.2, there is Reflected Cross-Site Scripting via the term parameter to the /search URI. | |||||
| CVE-2018-9121 | 1 Crea8social | 1 Crea8social | 2018-04-17 | 3.5 LOW | 5.4 MEDIUM |
| In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post comment. | |||||
| CVE-2018-9120 | 1 Crea8social | 1 Crea8social | 2018-04-17 | 3.5 LOW | 5.4 MEDIUM |
| In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post. | |||||
| CVE-2018-7193 | 1 Osticket | 1 Osticket | 2018-04-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "order" parameter. | |||||
| CVE-2018-7196 | 1 Osticket | 1 Osticket | 2018-04-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "sort" parameter. | |||||
| CVE-2018-7192 | 1 Osticket | 1 Osticket | 2018-04-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "message" parameter. | |||||
| CVE-2018-9925 | 1 Icmsdev | 1 Icms | 2018-04-17 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists via the nickname field in an admincp.php?app=user&do=save&frame=iPHP request. | |||||
| CVE-2018-8832 | 1 Enhavo | 1 Enhavo | 2018-04-17 | 3.5 LOW | 4.8 MEDIUM |
| enhavo 0.4.0 has XSS via a user-group that contains executable JavaScript code in the user-group name. The XSS attack launches when a victim visits the admin user group page. | |||||
| CVE-2018-5233 | 1 Getgrav | 1 Grav Cms | 2018-04-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/tools. | |||||
| CVE-2018-0534 | 1 Arsenol Project | 1 Arsenol | 2018-04-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in ArsenoL Version 0.5 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-0538 | 1 Qqq Systems Project | 1 Qqq Systems | 2018-04-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2018-10033 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-04-13 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (aka CMSMS) 2.2.7 has Stored XSS in admin/siteprefs.php via the metadata parameter. | |||||