Total
36794 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19286 | 1 Mubu | 1 Curtain | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The server in mubu note 2018-11-11 has XSS by configuring an account with a crafted name value (along with an arbitrary username value), and then creating and sharing a note. | |||||
| CVE-2018-19280 | 1 Centreon | 1 Centreon | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Centreon 3.4.x (fixed in Centreon 18.10.0) has XSS via the resource name or macro expression of a poller macro. | |||||
| CVE-2018-19229 | 1 Laobancms | 1 Laobancms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/art.php?typeid=1 biaoti parameter. | |||||
| CVE-2018-19227 | 1 Laobancms | 1 Laobancms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/liuyan.php neirong[] parameter. | |||||
| CVE-2018-19223 | 1 Laobancms | 1 Laobancms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in LAOBANCMS 2.0. It allows XSS via the first input field to the admin/type.php?id=1 URI. | |||||
| CVE-2018-19222 | 1 Laobancms | 1 Laobancms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in LAOBANCMS 2.0. It allows a /install/mysql_hy.php?riqi=0&i=0 attack to reset the admin password, even if install.txt exists. | |||||
| CVE-2018-19206 | 2 Debian, Roundcube | 2 Debian Linux, Webmail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment. | |||||
| CVE-2018-19202 | 1 Mybb | 1 Mybb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.19 allows remote attackers to inject JavaScript via the 'upsetting[bburl]' parameter. | |||||
| CVE-2018-19201 | 1 Mybb | 1 Mybb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the 'username' parameter. | |||||
| CVE-2018-19195 | 1 Xiaocms | 1 Xiaocms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in XiaoCms 20141229. There is XSS related to the template\default\show_product.html file. | |||||
| CVE-2018-19193 | 1 Xiaocms | 1 Xiaocms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in XiaoCms 20141229. There is XSS via the largest input box on the "New news" screen. | |||||
| CVE-2018-19191 | 1 Webmin | 1 Webmin | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter. | |||||
| CVE-2018-19190 | 1 Amazon | 1 Payfort-php-sdk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the error.php error_msg parameter. | |||||
| CVE-2018-19189 | 1 Amazon | 1 Payfort-php-sdk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in an error.php echo statement. | |||||
| CVE-2018-19188 | 1 Amazon | 1 Payfort-php-sdk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the success.php fort_id parameter. | |||||
| CVE-2018-19187 | 1 Amazon | 1 Payfort-php-sdk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via an arbitrary parameter name or value that is mishandled in a success.php echo statement. | |||||
| CVE-2018-19186 | 1 Amazon | 1 Payfort-php-sdk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the route.php paymentMethod parameter. | |||||
| CVE-2018-19178 | 1 Jeesns | 1 Jeesns | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In JEESNS 1.3, com/lxinet/jeesns/core/utils/XssHttpServletRequestWrapper.java allows stored XSS via an HTML EMBED element, a different vulnerability than CVE-2018-17886. | |||||
| CVE-2018-19170 | 1 Jpress | 1 Jpress | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| In JPress v1.0-rc.5, there is stored XSS via each of the first three input fields to the starter-tomcat-1.0/admin/setting URI, as demonstrated by the web_name parameter. | |||||
| CVE-2018-19146 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Concrete5 8.4.3 has XSS because config/concrete.php allows uploads (by administrators) of SVG files that may contain HTML data with a SCRIPT element. | |||||