ReportizFlow
Filtered by vendor
Subscriptions
Total
40505 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-5962 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | N/A |
| index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the id parameter to the phpini_editor module or the email_address parameter to the mail_add-new module. | ||||
| CVE-2018-5961 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | N/A |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of the `index.php` file. | ||||
| CVE-2018-5950 | 4 Canonical, Debian, Gnu and 1 more | 10 Ubuntu Linux, Debian Linux, Mailman and 7 more | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL. | ||||
| CVE-2018-5799 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | N/A |
| In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139. | ||||
| CVE-2018-5798 | 1 Cloudera | 1 Cloudera Manager | 2024-11-21 | N/A |
| This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager. | ||||
| CVE-2018-5776 | 1 Wordpress | 1 Wordpress | 2024-11-21 | N/A |
| WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement). | ||||
| CVE-2018-5773 | 1 Python-markdown2 Project | 1 Python-markdown2 | 2024-11-21 | N/A |
| An issue was discovered in markdown2 (aka python-markdown2) through 2.3.5. The safe_mode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be triggered, as demonstrated by omitting the final '>' character from an IMG tag. | ||||
| CVE-2018-5754 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related to copying content to the clipboard. | ||||
| CVE-2018-5715 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | N/A |
| phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable). | ||||
| CVE-2018-5712 | 4 Canonical, Debian, Php and 1 more | 5 Ubuntu Linux, Debian Linux, Php and 2 more | 2024-11-21 | N/A |
| An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file. | ||||
| CVE-2018-5705 | 1 Reservo | 1 Image Hosting | 2024-11-21 | N/A |
| Reservo Image Hosting 1.6 is vulnerable to XSS attacks. The affected function is its search engine (the t parameter to the /search URI). Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admin(s). By sending users an infected URL, code will be executed. | ||||
| CVE-2018-5692 | 1 Piwigo | 1 Piwigo | 2024-11-21 | N/A |
| Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, `installstatus`, and `display` parameters of the `admin.php` file. | ||||
| CVE-2018-5691 | 1 Sonicwall | 2 Analyzer, Global Management System | 2024-11-21 | N/A |
| SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module. | ||||
| CVE-2018-5690 | 1 Dotclear | 1 Dotclear | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter (aka the page limit number). | ||||
| CVE-2018-5689 | 1 Dotclear | 1 Dotclear | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user's email. | ||||
| CVE-2018-5688 | 1 Ilias | 1 Ilias | 2024-11-21 | N/A |
| ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader function in setup/classes/class.ilSetupGUI.php in the Setup component. | ||||
| CVE-2018-5687 | 1 Newsbee Project | 1 Newsbee | 2024-11-21 | N/A |
| NewsBee allows XSS via the Company Name field in the Settings under admin/admin.php. | ||||
| CVE-2018-5681 | 1 Prestashop | 1 Prestashop | 2024-11-21 | N/A |
| PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages > Edit page" screen. | ||||
| CVE-2018-5672 | 1 Booking Calendar Project | 1 Booking Calendar | 2024-11-21 | N/A |
| An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php form_field5[label] parameter. | ||||
| CVE-2018-5671 | 1 Booking Calendar Project | 1 Booking Calendar | 2024-11-21 | N/A |
| An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php extra_field1[items][field_item1][price_percent] parameter. | ||||