Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-6671 | 1 Dragonbyte-tech | 1 Forumon Rpg Module | 2018-01-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in actions/main.php in the DragonByte Technologies Forumon RPG module before 1.0.8 for vBulletin when creating a new monster, allow remote attackers to inject arbitrary web script or HTML via the (1) monster[title] or (2) monster[description] parameters. | |||||
| CVE-2012-6670 | 1 Dragonbyte-tech | 1 Vbactivity Module | 2018-01-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the DragonByte Technologies vbActivity module before 3.0.1 for vBulletin allow remote attackers to inject arbitrary web script or HTML via the reason parameter in (1) actions/nominatemedal.php or (2) actions/requestmedal.php. | |||||
| CVE-2012-6668 | 1 Dragonbyte-tech | 1 Vbshout Module | 2018-01-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Shout Reports in the DragonByte Technologies vBShout module before 6.0.6 for vBulletin allow remote attackers to inject arbitrary web script or HTML via the (1) reportreason parameter in actions/doreport.php or (2) modnotes parameter in actions/updatereport.php. | |||||
| CVE-2017-9509 | 1 Atlassian | 2 Crucible, Fisheye | 2018-01-30 | 3.5 LOW | 5.4 MEDIUM |
| The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the charset of a previously uploaded file. | |||||
| CVE-2017-9507 | 1 Atlassian | 2 Crucible, Fisheye | 2018-01-30 | 3.5 LOW | 5.4 MEDIUM |
| The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the review filter title parameter. | |||||
| CVE-2017-1000428 | 1 Flatcore | 1 Flatcore-cms | 2018-01-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| flatCore-CMS 1.4.6 is vulnerable to reflected XSS in user_management.php due to the use of $_SERVER['PHP_SELF'] to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string. | |||||
| CVE-2018-5331 | 1 Discuz | 1 Discuzx | 2018-01-29 | 3.5 LOW | 5.4 MEDIUM |
| Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php. | |||||
| CVE-2018-1361 | 1 Ibm | 1 Websphere Portal | 2018-01-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137158. | |||||
| CVE-2018-0799 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2018-01-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016 allows a cross-site-scripting (XSS) vulnerability due to the way image field values are handled, aka "Microsoft Access Tampering Vulnerability". | |||||
| CVE-2016-0336 | 1 Ibm | 1 Security Identity Manager | 2018-01-29 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111737. | |||||
| CVE-2012-6667 | 1 Dragonbyte-tech | 1 Vbshout | 2018-01-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in vbshout.php in DragonByte Technologies vBShout module for vBulletin allows remote attackers to inject arbitrary web script or HTML via the shout parameter in a shout action. | |||||
| CVE-2018-5369 | 1 Srbtranslatin Project | 1 Srbtranslatin | 2018-01-29 | 3.5 LOW | 4.8 MEDIUM |
| The SrbTransLatin plugin 1.46 for WordPress has XSS via an srbtranslatoptions action to wp-admin/options-general.php with a lang_identificator parameter. | |||||
| CVE-2018-5284 | 1 Wpscoop | 1 Imageinject | 2018-01-29 | 3.5 LOW | 4.8 MEDIUM |
| The ImageInject plugin 1.15 for WordPress has XSS via the flickr_appid parameter to wp-admin/options-general.php. | |||||
| CVE-2018-5263 | 1 Stackideas | 1 Easydiscuss | 2018-01-29 | 3.5 LOW | 5.4 MEDIUM |
| The StackIdeas EasyDiscuss (aka com_easydiscuss) extension before 4.0.21 for Joomla! allows XSS. | |||||
| CVE-2017-1000429 | 1 Finecms Project | 1 Finecms | 2018-01-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file Weixin.php. | |||||
| CVE-2018-5312 | 1 Wpshopmart | 1 Tabs Responsive | 2018-01-26 | 3.5 LOW | 5.4 MEDIUM |
| The tabs-responsive plugin 1.8.0 for WordPress has XSS via the post_title parameter to wp-admin/post.php. | |||||
| CVE-2018-5311 | 1 Tonjoostudio | 1 Easy Custom Auto Excerpt | 2018-01-26 | 3.5 LOW | 5.4 MEDIUM |
| The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS via the tonjoo_ecae_options[custom_css] parameter to the wp-admin/admin.php?page=tonjoo_excerpt URI. | |||||
| CVE-2018-5375 | 1 Discuz | 1 Discuzx | 2018-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php appid parameter in a delete action. | |||||
| CVE-2017-1623 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2018-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133121. | |||||
| CVE-2015-9248 | 1 Skyboxsecurity | 1 Skybox Platform | 2018-01-24 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Skybox Platform before 7.5.201. Stored cross-site scripting vulnerabilities exist in the title, Comments, or Description field to /skyboxview/webskybox/tickets in Change Manager. | |||||