ReportizFlow
Filtered by vendor
Subscriptions
Total
40489 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-11366 | 1 Loginizer | 1 Loginizer | 2024-11-21 | N/A |
| init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has Unauthenticated Stored Cross-Site Scripting (XSS) because logging is mishandled. This is fixed in 1.4.0. | ||||
| CVE-2018-11352 | 1 Wallabag | 1 Wallabag | 2024-11-21 | N/A |
| The Wallabag application 2.2.3 to 2.3.2 is affected by one cross-site scripting (XSS) vulnerability that is stored within the configuration page. This vulnerability enables the execution of a JavaScript payload each time an administrator visits the configuration page. The vulnerability can be exploited with authentication and used to target administrators and steal their sessions. | ||||
| CVE-2018-11351 | 1 Jirafeau | 1 Jirafeau | 2024-11-21 | N/A |
| script.php in Jirafeau before 3.4.1 is affected by two stored Cross-Site Scripting (XSS) vulnerabilities. These are stored within the shared files description file and allow the execution of a JavaScript payload each time an administrator searches or lists uploaded files. These two injections could be triggered without authentication, and target the administrator. The attack vectors are the Content-Type field and the filename parameter. | ||||
| CVE-2018-11350 | 1 Jirafeau | 1 Jirafeau | 2024-11-21 | N/A |
| An issue was discovered in Jirafeau before 3.4.1. The file "search by name" form is affected by one Cross-Site Scripting vulnerability via the name parameter. | ||||
| CVE-2018-11348 | 1 Yunohost | 1 Yunohost | 2024-11-21 | N/A |
| Two XSS vulnerabilities are located in the profile edition page of the user panel of the YunoHost 2.7.2 through 2.7.14 web application. By injecting a JavaScript payload, these flaws could be used to manipulate a user's session. | ||||
| CVE-2018-11343 | 1 Asustor | 1 Soundsgood | 2024-11-21 | N/A |
| A persistent cross site scripting vulnerability in playlistmanger.cgi in the ASUSTOR SoundsGood application allows attackers to store cross site scripting payloads via the 'playlist' POST parameter. | ||||
| CVE-2018-11339 | 1 Frappe | 1 Erpnext | 2024-11-21 | N/A |
| An XSS issue was discovered in Frappe ERPNext v11.x.x-develop b1036e5 via a comment. | ||||
| CVE-2018-11332 | 1 Clippercms | 1 Clippercms | 2024-11-21 | N/A |
| Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted site name to the manager/processors/save_settings.processor.php file. | ||||
| CVE-2018-11330 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | N/A |
| An issue was discovered in Pluck before 4.7.6. There is authenticated stored XSS because the character set for filenames is not properly restricted. | ||||
| CVE-2018-11328 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could result in an XSS vulnerability. | ||||
| CVE-2018-11326 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A |
| An issue was discovered in Joomla! Core before 3.8.8. Inadequate input filtering leads to a multiple XSS vulnerabilities. Additionally, the default filtering settings could potentially allow users of the default Administrator user group to perform a XSS attack. | ||||
| CVE-2018-11317 | 1 Intelliants | 1 Subrion | 2024-11-21 | N/A |
| Subrion CMS before 4.1.4 has XSS. | ||||
| CVE-2018-11245 | 1 Misp-project | 1 Misp | 2024-11-21 | N/A |
| app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with cortex type attributes. | ||||
| CVE-2018-11227 | 1 Monstra | 1 Monstra Cms | 2024-11-21 | N/A |
| Monstra CMS 3.0.4 and earlier has XSS via index.php. | ||||
| CVE-2018-11223 | 1 Pandorafms | 1 Artica Pandora Fms | 2024-11-21 | N/A |
| XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to execute arbitrary code via a crafted "refr" parameter in a "/pandora_console/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=" call. | ||||
| CVE-2018-11208 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | N/A |
| An issue was discovered in Z-BlogPHP 2.0.0. There is a persistent XSS that allows remote attackers to inject arbitrary web script or HTML into background web site settings via the "copyright information office" field. NOTE: the vendor indicates that the product was not intended to block this type of XSS by a user with the admin privilege | ||||
| CVE-2018-11200 | 1 Acquia | 1 Mautic | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Mautic 2.13.1. It has Stored XSS via the company name field. | ||||
| CVE-2018-11198 | 1 Acquia | 1 Mautic | 2024-11-21 | N/A |
| An issue was discovered in Mautic 2.13.1. There is Stored XSS via the authorUrl field in config.json. | ||||
| CVE-2018-11133 | 1 Quest | 1 Kace System Management Appliance | 2024-11-21 | N/A |
| The 'fmt' parameter of the '/common/run_cross_report.php' script in the the Quest KACE System Management Appliance 8.0.318 is vulnerable to cross-site scripting. | ||||
| CVE-2018-11124 | 1 Opmantek | 1 Open-audit | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute. | ||||