Filtered by CWE-79

Search

Switch to Advanced Search (Beta)
Total 43720 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-19926 1 Zenitel 2 Ip-stationweb, Ip-stationweb Firmware 2024-11-21 N/A
Zenitel Norway IP-StationWeb before 4.2.3.9 allows reflected XSS via the goform/ PATH_INFO.
CVE-2018-19924 1 Sales \& Company Management System Project 1 Sales \& Company Management System 2024-11-21 N/A
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. An email address can be modified in between the request for a validation code and the entry of the validation code, leading to storage of an XSS payload contained in the modified address.
CVE-2018-19922 1 Actiontec 2 C1000a, C1000a Firmware 2024-11-21 N/A
Persistent Cross-Site Scripting (XSS) in the advancedsetup_websiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary HTML into the 'TodUrlAdd' URL parameter in a /urlfilter.cmd POST request.
CVE-2018-19921 1 Zohocorp 1 Manageengine Opmanager 2024-11-21 N/A
Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller.
CVE-2018-19919 1 Pixelimity 1 Pixelimity 2024-11-21 N/A
Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php data[title] parameter, as demonstrated by a crafted onload attribute of an SVG element.
CVE-2018-19917 1 Microweber 1 Microweber 2024-11-21 N/A
Microweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilities.
CVE-2018-19915 1 Domainmod 1 Domainmod 2024-11-21 N/A
DomainMOD through 4.11.01 has XSS via the assets/edit/host.php Web Host Name or Web Host URL field.
CVE-2018-19914 1 Domainmod 1 Domainmod 2024-11-21 N/A
DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field.
CVE-2018-19913 1 Domainmod 1 Domainmod 2024-11-21 N/A
DomainMOD through 4.11.01 has XSS via the assets/add/registrar-accounts.php UserName, Reseller ID, or notes field.
CVE-2018-19903 1 Xsltcms.org Project 1 Xsltcms.org 2024-11-21 N/A
Persistent XSS exists in XSLT CMS via the create/?action=items.edit&type=Page title field.
CVE-2018-19902 1 No-cms Project 1 No-cms 2024-11-21 N/A
No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article "keyword" parameter.
CVE-2018-19901 1 No-cms Project 1 No-cms 2024-11-21 N/A
No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article/index/ "article_title" parameter.
CVE-2018-19892 1 Domainmod 1 Domainmod 2024-11-21 N/A
DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field.
CVE-2018-19877 1 Adiscon 1 Loganalyzer 2024-11-21 N/A
login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field.
CVE-2018-19849 1 Yzmcms 1 Yzmcms 2024-11-21 N/A
An issue was discovered in YzmCMS 5.2. XSS exists via the admin/content/search.html searinfo parameter.
CVE-2018-19845 1 Get-simple 1 Getsimple Cms 2024-11-21 N/A
There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to CVE-2018-16325.
CVE-2018-19844 1 Frogcms Project 1 Frogcms 2024-11-21 N/A
FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, which is mishandled during an edit action, a related issue to CVE-2018-10319.
CVE-2018-19836 1 Metinfo 1 Metinfo 2024-11-21 N/A
In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers (including the Cookie header), and common.inc.php allows registering variables from the $_COOKIE value. This issue can, for example, be exploited in conjunction with CVE-2018-19835 to bypass many XSS filters such as the Chrome XSS filter.
CVE-2018-19835 1 Metinfo 1 Metinfo 2024-11-21 N/A
Metinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_columnerr4 parameter.
CVE-2018-19828 1 Artica 1 Integria Ims 2024-11-21 N/A
Artica Integria IMS 5.0.83 has XSS via the search_string parameter.