Total
36786 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16631 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter. | |||||
| CVE-2018-16630 | 1 Getkirby | 1 Kirby | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file. | |||||
| CVE-2018-16629 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element. | |||||
| CVE-2018-16628 | 1 Getkirby | 1 Kirby | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| panel/login in Kirby v2.5.12 allows XSS via a blog name. | |||||
| CVE-2018-16626 | 1 Typesettercms | 1 Typesetter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| index.php/Admin/Classes in Typesetter 5.1 allows XSS via the description of a new class name. | |||||
| CVE-2018-16625 | 1 Typesettercms | 1 Typesetter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file with JavaScript in a SCRIPT element. | |||||
| CVE-2018-16624 | 1 Getkirby | 1 Kirby | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| panel/pages/home/edit in Kirby v2.5.12 allows XSS via the title of a new page. | |||||
| CVE-2018-16623 | 1 Getkirby | 1 Kirby | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Kirby V2.5.12 is prone to a Persistent XSS attack via the Title of the "Site options" in the admin panel dashboard dropdown. | |||||
| CVE-2018-16622 | 1 Html-js | 1 Doracms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in /api/content/addOne in DoraCMS v2.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) discription or (2) comments field, related to users/userAddContent. | |||||
| CVE-2018-16619 | 1 Sonatype | 1 Nexus Repository Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sonatype Nexus Repository Manager before 3.14 allows XSS. | |||||
| CVE-2018-16607 | 1 Opmantek | 1 Open-audit | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field. | |||||
| CVE-2018-16605 | 1 Dlink | 2 Dir-600m, Dir-600m Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| D-Link DIR-600M devices allow XSS via the Hostname and Username fields in the Dynamic DNS Configuration page. | |||||
| CVE-2018-16555 | 1 Siemens | 8 Scalance S602, Scalance S602 Firmware, Scalance S612 and 5 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability has been identified in SCALANCE S602 (All versions < V4.0.1.1), SCALANCE S612 (All versions < V4.0.1.1), SCALANCE S623 (All versions < V4.0.1.1), SCALANCE S627-2M (All versions < V4.0.1.1). The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known. | |||||
| CVE-2018-16551 | 1 Lavalite | 1 Lavalite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit. | |||||
| CVE-2018-16519 | 1 Coyoapp | 1 Coyo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| COYO 9.0.8, 10.0.11 and 12.0.4 has cross-site scripting (XSS) via URLs used by "iFrame" widgets. | |||||
| CVE-2018-16516 | 1 Flask-admin Project | 1 Flask-admin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a crafted URL. | |||||
| CVE-2018-16514 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 2.6 LOW | 4.7 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) and Edit Filter page (manage_filter_edit_page.php) in MantisBT 2.1.0 through 2.17.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-13055. | |||||
| CVE-2018-16484 | 1 M-server Project | 1 M-server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A XSS vulnerability was found in module m-server <1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names. | |||||
| CVE-2018-16481 | 1 Html-pages Project | 1 Html-pages | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code to be executed in the user's browser due to the absence of sanitization of the paths before rendering. | |||||
| CVE-2018-16480 | 1 Public Project | 1 Public | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A XSS vulnerability was found in module public <0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering. | |||||