Total
43716 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-19146 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | N/A |
| Concrete5 8.4.3 has XSS because config/concrete.php allows uploads (by administrators) of SVG files that may contain HTML data with a SCRIPT element. | ||||
| CVE-2018-19145 | 1 S-cms | 1 S-cms | 2024-11-21 | N/A |
| An issue was discovered in S-CMS v1.5. There is an XSS vulnerability in search.php via the keyword parameter. | ||||
| CVE-2018-19142 | 1 Otrs | 1 Open Ticket Request System | 2024-11-21 | N/A |
| Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an admin to conduct an XSS attack via a modified URL. | ||||
| CVE-2018-19141 | 2 Debian, Otrs | 2 Debian Linux, Open Ticket Request System | 2024-11-21 | N/A |
| Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled. | ||||
| CVE-2018-19137 | 1 Domainmod | 1 Domainmod | 2024-11-21 | N/A |
| DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address.php ipid parameter. | ||||
| CVE-2018-19136 | 1 Domainmod | 1 Domainmod | 2024-11-21 | N/A |
| DomainMOD through 4.11.01 has XSS via the assets/edit/registrar-account.php raid parameter. | ||||
| CVE-2018-19131 | 1 Squid-cache | 1 Squid | 2024-11-21 | N/A |
| Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors. | ||||
| CVE-2018-19092 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | N/A |
| An issue was discovered in YzmCMS v5.2. It has XSS via a search/index/archives/pubtime/ query string, as demonstrated by the search/index/archives/pubtime/1526387722/page/1.html URI. NOTE: this does not obtain a user's cookie. | ||||
| CVE-2018-19091 | 1 Tianti Project | 1 Tianti | 2024-11-21 | N/A |
| tianti 2.3 has reflected XSS in the user management module via the tianti-module-admin/user/list userName parameter. | ||||
| CVE-2018-19090 | 1 Tianti Project | 1 Tianti | 2024-11-21 | N/A |
| tianti 2.3 has stored XSS in the article management module via an article title. | ||||
| CVE-2018-19089 | 1 Tianti Project | 1 Tianti | 2024-11-21 | N/A |
| tianti 2.3 has stored XSS in the userlist module via the tianti-module-admin/user/ajax/save_role name parameter, which is mishandled in tianti-module-admin\src\main\webapp\WEB-INF\views\user\user_list.jsp. | ||||
| CVE-2018-19083 | 1 Wecenter | 1 Wecenter | 2024-11-21 | N/A |
| WeCenter 3.2.0 through 3.2.2 has XSS in the views/default/question/index.tpl.html htmlspecialchars_decode function via the /?/publish/ajax/publish_question/ question_content parameter. | ||||
| CVE-2018-19080 | 2 Foscam, Opticam | 6 C2, C2 Application Firmware, C2 System Firmware and 3 more | 2024-11-21 | N/A |
| An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetHostname method allows unauthenticated persistent XSS. | ||||
| CVE-2018-19057 | 1 Sparksuite | 1 Simplemde | 2024-11-21 | N/A |
| SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG element, or via certain input with [ and ( characters, which is mishandled during construction of an A element. | ||||
| CVE-2018-19056 | 1 Ipandao | 1 Editor.md | 2024-11-21 | N/A |
| pandao Editor.md 1.5.0 has DOM XSS via input starting with a "<<" substring, which is mishandled during construction of an A element. | ||||
| CVE-2018-19051 | 1 Metinfo | 1 Metinfo | 2024-11-21 | N/A |
| MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword abt_type parameter. | ||||
| CVE-2018-19050 | 1 Metinfo | 1 Metinfo | 2024-11-21 | N/A |
| MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter. | ||||
| CVE-2018-19048 | 1 Mycolorway | 1 Simditor | 2024-11-21 | N/A |
| Simditor through 2.3.21 allows DOM XSS via an onload attribute within a malformed SVG element. | ||||
| CVE-2018-19041 | 1 Media File Manager Project | 1 Media File Manager | 2024-11-21 | N/A |
| The Media File Manager plugin 1.4.2 for WordPress allows XSS via the dir parameter of an mrelocator_getdir action to the wp-admin/admin-ajax.php URI. | ||||
| CVE-2018-19006 | 1 Osisoft | 1 Pi Vision | 2024-11-21 | N/A |
| OSIsoft PI Vision, versions PI Vision 2017, and PI Vision 2017 R2, The application contains a cross-site scripting vulnerability where displays that reference AF elements and attributes containing JavaScript are affected. This vulnerability requires the ability of authorized AF users to store JavaScript in AF elements and attributes. | ||||