Total
36731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10300 | 1 Web-dorado | 1 Wd Instagram Feed | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in an Instagram profile's bio. | |||||
| CVE-2018-10298 | 1 Discuz | 1 Discuzx | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content. | |||||
| CVE-2018-10297 | 1 Discuz | 1 Discuzx | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related to mishandling of IMG elements associated with remote images. | |||||
| CVE-2018-10296 | 1 1234n | 1 Minicms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| MiniCMS V1.10 has XSS via the mc-admin/post-edit.php title parameter. | |||||
| CVE-2018-10294 | 1 Flexense | 1 Diskboss | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Flexense DiskBoss Enterprise v7.4.28 to v9.1.16 has XSS. | |||||
| CVE-2018-10268 | 1 Fastadmin | 1 Fastadmin | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in FastAdmin V1.0.0.20180417_beta. There is XSS via the application\api\controller\User.php avatar parameter. | |||||
| CVE-2018-10259 | 1 Hrsale Project | 1 Hrsale | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An Authenticated Stored XSS vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user. | |||||
| CVE-2018-10250 | 1 Icmsdev | 1 Icms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixin_category action, aka a WeChat Classified Management keyword search. | |||||
| CVE-2018-10234 | 1 Ultimatemember | 1 User Profile \& Membership | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated Cross site Scripting exists in the User Profile & Membership plugin before 2.0.11 for WordPress via the "Account Deletion Custom Text" input field on the wp-admin/admin.php?page=um_options§ion=account page. | |||||
| CVE-2018-10231 | 1 Topdesk | 1 Topdesk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in TOPdesk before 8.05.017 (June 2018 version) and before 5.7.SR9 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2018-10230 | 1 Zend | 1 Zend Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455. | |||||
| CVE-2018-10228 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote attackers to inject arbitrary web script or HTML via the changes_cp parameter to the index.php/admin/themes/sa/templatesavechanges URI. | |||||
| CVE-2018-10227 | 1 1234n | 1 Minicms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| MiniCMS v1.10 has XSS via the mc-admin/conf.php site_link parameter. | |||||
| CVE-2018-10221 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in WUZHI CMS V4.1.0. There is a persistent XSS vulnerability that can steal the administrator cookies via the tag[tag] parameter to the index.php?m=tags&f=index&v=add&&_su=wuzhicms URI. After a website editor (whose privilege is lower than the administrator) logs in, he can add a new TAGS with the XSS payload. | |||||
| CVE-2018-10183 | 1 Bigtreecms | 1 Bigtree Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in BigTree 4.2.22. There is cross-site scripting (XSS) in /core/inc/lib/less.php/test/index.php because of a $_SERVER['REQUEST_URI'] echo, as demonstrated by the dir parameter in a file=charsets action. | |||||
| CVE-2018-10165 | 1 Tp-link | 1 Eap Controller | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the userName parameter in the local user creation functionality. This is fixed in version 2.6.1_Windows. | |||||
| CVE-2018-10164 | 1 Tp-link | 1 Eap Controller | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the implementation of portalPictureUpload functionality. This is fixed in version 2.6.1_Windows. | |||||
| CVE-2018-10141 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated attacker to inject arbitrary JavaScript or HTML. | |||||
| CVE-2018-10139 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The PAN-OS response for GlobalProtect Gateway in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. PAN-OS 8.1 is NOT affected. | |||||
| CVE-2018-10138 | 1 Catalooksupport | 1 .netstore | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The CATALooK.netStore module through 7.2.8 for DNN (formerly DotNetNuke) allows XSS via the /ViewEditGoogleMaps.aspx PortalID or CATSkin parameter, or the /ImageViewer.aspx link or desc parameter. | |||||