Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 21765 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-10029 1 Cmsmadesimple 1 Cms Made Simple 2018-04-13 3.5 LOW 4.8 MEDIUM
CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_name parameter, related to moduledepends, a different vulnerability than CVE-2017-16799.
CVE-2018-10032 1 Cmsmadesimple 1 Cms Made Simple 2018-04-13 3.5 LOW 4.8 MEDIUM
CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_version parameter.
CVE-2018-8737 1 Bylancer 1 Bookme 2018-04-13 3.5 LOW 5.4 MEDIUM
Bookme Control Panel 2.0 Application is vulnerable to stored XSS within the Customers "Book Me" function. Within the Name and Note (aka custName and custNote) sections of the Customers screen, the application does not sanitize user-supplied input and renders injected JavaScript code to the user's browser.
CVE-2018-8948 1 Misp-project 1 Misp 2018-04-13 4.3 MEDIUM 6.1 MEDIUM
In MISP before 2.4.89, app/View/Events/resolved_attributes.ctp has multiple XSS issues via a malicious MISP module.
CVE-2018-0535 1 Php 2chbbs Project 1 Php 2chbbs 2018-04-13 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in PHP 2chBBS version bbs18c allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-8805 1 Yxcms 1 Yxcms 2018-04-13 4.3 MEDIUM 6.1 MEDIUM
Yxcms building system (compatible cell phone) v1.4.7 has XSS via the content parameter to protected\apps\default\view\default\extend_guestbook.php or protected\apps\default\view\mobile\extend_guestbook.php in an index.php?r=default/column/index&col=guestbook request.
CVE-2018-8815 1 Alkacon 1 Opencms 2018-04-13 3.5 LOW 4.6 MEDIUM
Cross-site scripting (XSS) vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote attackers to inject arbitrary web script or HTML via a malicious SVG image.
CVE-2014-1665 1 Owncloud 1 Owncloud 2018-04-13 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.
CVE-2018-8767 1 Joyplus-cms Project 1 Joyplus-cms 2018-04-13 3.5 LOW 4.8 MEDIUM
joyplus-cms 1.6.0 has XSS in manager/admin_ajax.php?action=save&tab={pre}vod_type via the t_name parameter.
CVE-2018-1000139 1 I-librarian 1 I Librarian 2018-04-13 4.3 MEDIUM 6.1 MEDIUM
I, Librarian version 4.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in "id" parameter in stable.php that can result in an attacker using the XSS to send a malicious script to an unsuspecting user.
CVE-2017-17954 1 Php Multivendor Ecommerce Project 1 Php Multivendor Ecommerce 2018-04-13 4.3 MEDIUM 6.1 MEDIUM
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the seller-view.php usid parameter.
CVE-2017-17956 1 Php Multivendor Ecommerce Project 1 Php Multivendor Ecommerce 2018-04-13 4.3 MEDIUM 6.1 MEDIUM
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the admin/sellerupd.php companyname parameter.
CVE-2017-17955 1 Php Multivendor Ecommerce Project 1 Php Multivendor Ecommerce 2018-04-13 4.3 MEDIUM 6.1 MEDIUM
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the shopping-cart.php cusid parameter.
CVE-2017-17958 1 Php Multivendor Ecommerce Project 1 Php Multivendor Ecommerce 2018-04-13 4.3 MEDIUM 6.1 MEDIUM
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the my_wishlist.php fid parameter.
CVE-2017-17953 1 Php Multivendor Ecommerce Project 1 Php Multivendor Ecommerce 2018-04-13 4.3 MEDIUM 6.1 MEDIUM
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter.
CVE-2017-17949 1 Cells 1 Blog 2018-04-13 4.3 MEDIUM 6.1 MEDIUM
Cells Blog 3.5 has XSS via the pub_readpost.php fmid parameter.
CVE-2017-17948 1 Cells 1 Blog 2018-04-13 4.3 MEDIUM 6.1 MEDIUM
Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request.
CVE-2018-0536 1 Qqq Systems Project 1 Qqq Systems 2018-04-12 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an attacker to inject arbitrary web script or HTML via quiz.cgi.
CVE-2018-0537 1 Qqq Systems Project 1 Qqq Systems 2018-04-12 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an attacker to inject arbitrary web script or HTML via quiz_op.cgi.
CVE-2015-7458 1 Ibm 1 Connections 2018-04-12 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108354.