ReportizFlow
Filtered by vendor
Subscriptions
Total
40485 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-6469 | 1 Flickrrss Project | 1 Flickrrss | 2024-11-21 | N/A |
| A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_tags parameter to wp-admin/options-general.php. | ||||
| CVE-2018-6468 | 1 Flickrrss Project | 1 Flickrrss | 2024-11-21 | N/A |
| A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_id parameter to wp-admin/options-general.php. | ||||
| CVE-2018-6466 | 1 Flickrrss Project | 1 Flickrrss | 2024-11-21 | N/A |
| A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_set parameter to wp-admin/options-general.php. | ||||
| CVE-2018-6465 | 1 Wp-property-hive | 1 Propertyhive | 2024-11-21 | N/A |
| The PropertyHive plugin before 1.4.15 for WordPress has XSS via the body parameter to includes/admin/views/html-preview-applicant-matches-email.php. | ||||
| CVE-2018-6464 | 1 Mycolorway | 1 Simditor | 2024-11-21 | 6.1 Medium |
| Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrated by Firefox 54.0.1. | ||||
| CVE-2018-6449 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 6.1 Medium |
| Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers | ||||
| CVE-2018-6447 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 5.4 Medium |
| A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a user’s session and take over the account. | ||||
| CVE-2018-6380 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system. | ||||
| CVE-2018-6379 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability. | ||||
| CVE-2018-6378 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS attack vectors in the media manager. | ||||
| CVE-2018-6377 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in multiple field types, i.e., list, radio, and checkbox | ||||
| CVE-2018-6362 | 1 Ehcp | 1 Easy Hosting Control Panel | 2024-11-21 | N/A |
| Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the domainop action parameter, as demonstrated by reading the PHPSESSID cookie. | ||||
| CVE-2018-6361 | 1 Ehcp | 1 Easy Hosting Control Panel | 2024-11-21 | N/A |
| Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the op parameter, as demonstrated by adding a backdoor FTP account. | ||||
| CVE-2018-6357 | 1 Acurax | 1 Social Media Widget | 2024-11-21 | N/A |
| The acx_asmw_saveorder_callback function in function.php in the acurax-social-media-widget plugin before 3.2.6 for WordPress has CSRF via the recordsArray parameter to wp-admin/admin-ajax.php, with resultant social_widget_icon_array_order XSS. | ||||
| CVE-2018-6355 | 1 Iball | 2 Ib-wrb302n, Ib-wrb302n Firmware | 2024-11-21 | N/A |
| /goform/setLang on iBall 300M devices with "iB-WRB302N_1.0.1-Sep 8 2017" firmware has Unauthenticated Stored Cross Site Scripting via the lang parameter. | ||||
| CVE-2018-6354 | 1 Formspree | 1 Formspree | 2024-11-21 | N/A |
| templates/forms/thanks.html in Formspree before 2018-01-23 allows XSS related to the _next parameter. | ||||
| CVE-2018-6313 | 1 Wbce | 1 Wbce Cms | 2024-11-21 | N/A |
| Cross-site scripting (XSS) in WBCE CMS 1.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the Modify Page screen, a different issue than CVE-2017-2118. | ||||
| CVE-2018-6291 | 1 Kaspersky | 1 Secure Mail Gateway | 2024-11-21 | N/A |
| WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1. | ||||
| CVE-2018-6227 | 1 Trendmicro | 1 Email Encryption Gateway | 2024-11-21 | N/A |
| A stored cross-site scripting (XSS) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject client-side scripts into vulnerable systems. | ||||
| CVE-2018-6226 | 1 Trendmicro | 1 Email Encryption Gateway | 2024-11-21 | N/A |
| Reflected cross-site scripting (XSS) vulnerabilities in two Trend Micro Email Encryption Gateway 5.5 configuration files could allow an attacker to inject client-side scripts into vulnerable systems. | ||||