Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 21765 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-8522 1 Hp 1 Diagnostics 2018-03-05 3.5 LOW 5.4 MEDIUM
A cross-site scripting vulnerability in HPE Diagnostics version 9.24 IP1, 9.26 , 9.26IP1 was found.
CVE-2018-1000062 1 Wondercms 1 Wondercms 2018-03-05 3.5 LOW 4.4 MEDIUM
WonderCMS version 2.4.0 contains a Stored Cross-Site Scripting on File Upload through SVG vulnerability in uploadFileAction(), 'svg' => 'image/svg+xml' that can result in An attacker can execute arbitrary script on an unsuspecting user's browser. This attack appear to be exploitable via Crafted SVG File.
CVE-2016-8517 1 Hp 1 Systems Insight Manager 2018-03-05 4.3 MEDIUM 6.1 MEDIUM
A cross site scripting vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found.
CVE-2018-7197 1 Pluck-cms 1 Pluck 2018-03-05 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Pluck through 4.7.4. A stored cross-site scripting (XSS) vulnerability allows remote unauthenticated users to inject arbitrary web script or HTML into admin/blog Reaction Comments via a crafted URL.
CVE-2018-7280 1 Ninjaforms 1 Ninja Forms 2018-03-05 4.3 MEDIUM 6.1 MEDIUM
The Ninja Forms plugin before 3.2.14 for WordPress has XSS.
CVE-2017-16356 1 Kubik-rubik 1 Simple Image Gallery Extended 2018-03-05 4.3 MEDIUM 6.1 MEDIUM
Reflected XSS in Kubik-Rubik SIGE (aka Simple Image Gallery Extended) before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/plugin_sige/print.php link with a crafted img, name, or caption parameter.
CVE-2018-6193 1 Routers2 Project 1 Routers2 2018-03-02 2.6 LOW 4.7 MEDIUM
A Cross-Site Scripting (XSS) vulnerability was found in Routers2 2.24, affecting the 'rtr' GET parameter in a page=graph action to cgi-bin/routers2.pl.
CVE-2017-12544 3 Hp, Linux, Microsoft 3 System Management Homepage, Linux Kernel, Windows 2018-03-02 3.5 LOW 5.4 MEDIUM
A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
CVE-2018-6866 1 Learning And Examination Management System Script Project 1 Learning And Examination Management System Script 2018-03-01 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) exists in PHP Scripts Mall Learning and Examination Management System Script 2.3.1 via a crafted message.
CVE-2018-6867 1 Alibaba Clone Script Project 1 Alibaba Clone Script 2018-03-01 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba Clone Script 1.0.2 via a profile parameter.
CVE-2018-6868 1 Groupon Clone Script Project 1 Groupon Clone Script 2018-03-01 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / DealNews / Groupon Clone Script 3.0.2 via a User Profile Field parameter.
CVE-2016-8532 1 Hp 1 Matrix Operating Environment 2018-03-01 3.5 LOW 5.4 MEDIUM
A cross site scripting vulnerability in HPE Matrix Operating Environment version 7.6 was found.
CVE-2018-1000020 1 Open-emr 1 Openemr 2018-03-01 4.3 MEDIUM 6.1 MEDIUM
OpenEMR version 5.0.0 contains a Cross Site Scripting (XSS) vulnerability in open-flash-chart.swf and _posteddata.php that can result in . This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher.
CVE-2018-6795 1 Naukri Clone Script Project 1 Naukri Clone Script 2018-03-01 3.5 LOW 5.4 MEDIUM
PHP Scripts Mall Naukri Clone Script 3.0.3 has Stored XSS via every profile input field.
CVE-2018-6878 1 Hot Scripts Clone Project 1 Hot Scripts Clone 2018-03-01 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) exists in the review section in PHP Scripts Mall Hot Scripts Clone Script Classified 3.1 via the title or description field.
CVE-2018-6468 1 Flickrrss Project 1 Flickrrss 2018-02-28 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_id parameter to wp-admin/options-general.php.
CVE-2018-6466 1 Flickrrss Project 1 Flickrrss 2018-02-28 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_set parameter to wp-admin/options-general.php.
CVE-2018-6469 1 Flickrrss Project 1 Flickrrss 2018-02-28 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_tags parameter to wp-admin/options-general.php.
CVE-2018-6824 1 Cozy 1 Cozy 2018-02-27 4.3 MEDIUM 6.1 MEDIUM
Cozy version 2 has XSS allowing remote attackers to obtain administrative access via JavaScript code in the url parameter to the /api/proxy URI, as demonstrated by an XMLHttpRequest call with an 'email:"attacker@example.com"' request, which can be followed by a password reset.
CVE-2018-5306 1 Sonatype 1 Nexus Repository Manager 2018-02-27 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the "File Upload" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality.