ReportizFlow
Filtered by vendor
Subscriptions
Total
40489 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-13998 | 1 Clippercms | 1 Clippercms | 2024-11-21 | N/A |
| ClipperCMS 1.3.3 has stored XSS via the Full Name field of (1) Security -> Manager Users or (2) Security -> Web Users. | ||||
| CVE-2018-13983 | 1 Impresscms | 1 Impresscms | 2024-11-21 | N/A |
| ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/index.php, htdocs/install/page_langselect.php, or htdocs/install/page_modcheck.php. | ||||
| CVE-2018-13879 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | N/A |
| A reflected XSS issue was discovered in the registration form in Rocket.Chat before 0.66. When one creates an account, the next step will ask for a username. This field will not save HTML control characters but an error will be displayed that shows the attempted username unescaped via packages/rocketchat-ui-login/client/username/username.js in packages/rocketchat-ui-login/client/username/username.html. | ||||
| CVE-2018-13878 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | N/A |
| An XSS issue was discovered in packages/rocketchat-mentions/Mentions.js in Rocket.Chat before 0.65. The real name of a username is displayed unescaped when the user is mentioned (using the @ symbol) in a channel or private chat. Consequently, it is possible to exfiltrate the secret token of every user and also admins in the channel. | ||||
| CVE-2018-13865 | 1 Idreamsoft | 1 Icms | 2024-11-21 | N/A |
| An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the callback parameter in a public/api.php uploadpic request, bypassing the iWAF protection mechanism. | ||||
| CVE-2018-13849 | 1 Instagram-clone Project | 1 Instagram-clone | 2024-11-21 | N/A |
| edit_requests.php in yTakkar Instagram-clone through 2018-04-23 has XSS via an onmouseover payload because of an inadequate XSS protection mechanism based on preg_replace. | ||||
| CVE-2018-13832 | 1 Techotronic | 1 All In One Favicon | 2024-11-21 | N/A |
| Multiple Persistent cross-site scripting (XSS) issues in the Techotronic all-in-one-favicon (aka All In One Favicon) plugin 4.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via Apple-Text, GIF-Text, ICO-Text, PNG-Text, or JPG-Text. | ||||
| CVE-2018-13825 | 2 Broadcom, Ca | 2 Project Portfolio Management, Project Portfolio Management | 2024-11-21 | N/A |
| Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks. | ||||
| CVE-2018-13809 | 1 Siemens | 4 Cp 1604, Cp 1604 Firmware, Cp 1616 and 1 more | 2024-11-21 | N/A |
| A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). The integrated web server of the affected CP devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into following a malicious link. User interaction is required for a successful exploitation. At the time of advisory publication no public exploitation of this vulnerability was known. | ||||
| CVE-2018-13433 | 1 Boostnote | 1 Boostnote | 2024-11-21 | N/A |
| Boostnote v0.11.7 allows XSS during highlighting of Markdown text, as demonstrated by an onerror attribute of an IMG element. | ||||
| CVE-2018-13423 | 1 Omeka | 1 Omeka | 2024-11-21 | N/A |
| admin/themes/default/items/tag-form.php in Omeka before 2.6.1 allows XSS by adding or editing a tag. | ||||
| CVE-2018-13422 | 1 Tecnick | 1 Tcexam | 2024-11-21 | N/A |
| TCExam before 14.1.2 has XSS via an ff_ or xl_ field. | ||||
| CVE-2018-13409 | 1 Jirafeau | 1 Jirafeau | 2024-11-21 | N/A |
| An issue was discovered in Jirafeau before 3.4.1. The "search file by hash" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges. | ||||
| CVE-2018-13408 | 1 Jirafeau | 1 Jirafeau | 2024-11-21 | N/A |
| An issue was discovered in Jirafeau before 3.4.1. The "search file by link" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges. | ||||
| CVE-2018-13403 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | N/A |
| The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from version 7.13.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a saved filter when displayed on a Jira dashboard. | ||||
| CVE-2018-13395 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | N/A |
| Various resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and before version 7.11.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the epic colour field of an issue while an issue is being moved. | ||||
| CVE-2018-13392 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | N/A |
| Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in linked issue keys. | ||||
| CVE-2018-13388 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | N/A |
| The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in attached files. | ||||
| CVE-2018-13387 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | N/A |
| The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter as the fix for CVE-2017-18039 was incomplete. | ||||
| CVE-2018-13380 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 4.7 Medium |
| A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters. | ||||