ReportizFlow
Filtered by vendor
Subscriptions
Total
42798 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-17046 | 1 Translate Man Project | 1 Translate Man | 2024-11-21 | N/A |
| translate man before 2018-08-21 has XSS via containers/outputBox/outputBox.vue and store/index.js. | ||||
| CVE-2018-17044 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | N/A |
| In YzmCMS 5.1, stored XSS exists via the admin/system_manage/user_config_add.html title parameter. | ||||
| CVE-2018-17039 | 2 1234n, Microsoft | 2 Minicms, Internet Explorer | 2024-11-21 | N/A |
| MiniCMS 1.10, when Internet Explorer is used, allows XSS via a crafted URI because $_SERVER['REQUEST_URI'] is mishandled. | ||||
| CVE-2018-17034 | 1 Ucms Project | 1 Ucms | 2024-11-21 | N/A |
| UCMS 1.4.6 has XSS via the install/index.php mysql_dbname parameter. | ||||
| CVE-2018-17031 | 1 Gogs | 1 Gogs | 2024-11-21 | N/A |
| In Gogs 0.11.53, an attacker can use a crafted .eml file to trigger MIME type sniffing, which leads to XSS, as demonstrated by Internet Explorer, because an "X-Content-Type-Options: nosniff" header is not sent. | ||||
| CVE-2018-17026 | 1 Monstra | 1 Monstra | 2024-11-21 | N/A |
| admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an edit_page&name=error404 action, a different vulnerability than CVE-2018-10121. | ||||
| CVE-2018-17025 | 1 Monstra | 1 Monstra | 2024-11-21 | N/A |
| admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an edit_page action for a page with no special role. | ||||
| CVE-2018-17024 | 1 Monstra | 1 Monstra | 2024-11-21 | N/A |
| admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an add_page action. | ||||
| CVE-2018-17021 | 1 Asus | 2 Gt-ac5300, Gt-ac5300 Firmware | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability on ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allows remote attackers to inject arbitrary web script or HTML via the appGet.cgi hook parameter. | ||||
| CVE-2018-17003 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | N/A |
| In LimeSurvey 3.14.7, HTML Injection and Stored XSS have been discovered in the appendix via the surveyls_title parameter to /index.php?r=admin/survey/sa/insert. | ||||
| CVE-2018-17002 | 1 Ricoh | 2 Mp 2001sp, Mp 2001sp Firmware | 2024-11-21 | N/A |
| On the RICOH MP 2001 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | ||||
| CVE-2018-17001 | 1 Ricoh | 2 Sp 4510sf, Sp 4510sf Firmware | 2024-11-21 | N/A |
| On the RICOH SP 4510SF printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | ||||
| CVE-2018-16980 | 1 Dotcms | 1 Dotcms | 2024-11-21 | N/A |
| dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/image_tools/index.jsp fieldName and inode parameters. | ||||
| CVE-2018-16978 | 1 Monstra | 1 Monstra | 2024-11-21 | N/A |
| Monstra CMS V3.0.4 has XSS when ones tries to register an account with a crafted password parameter to users/registration, a different vulnerability than CVE-2018-11473. | ||||
| CVE-2018-16967 | 1 Filemanagerpro | 1 File Manager | 2024-11-21 | N/A |
| There is an XSS vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter. | ||||
| CVE-2018-16965 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2024-11-21 | N/A |
| In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter. | ||||
| CVE-2018-16960 | 1 Buffalo | 1 Open Xdmod | 2024-11-21 | N/A |
| An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/login.php has Reflected XSS via the xd_user_formal_name parameter. | ||||
| CVE-2018-16955 | 1 Oracle | 1 Webcenter Interaction | 2024-11-21 | N/A |
| The login function of Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS). The content of the in_hi_redirect parameter, when prefixed with the https:// scheme, is unsafely reflected in a HTML META tag in the HTTP response. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support. | ||||
| CVE-2018-16953 | 1 Oracle | 1 Webcenter Interaction | 2024-11-21 | N/A |
| The AjaxView::DisplayResponse() function of the portalpages.dll assembly in Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS). User input from the name parameter is unsafely reflected in the server response. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support. | ||||
| CVE-2018-16887 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Katello | 2024-11-21 | N/A |
| A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Versions before 3.9.0 are vulnerable. | ||||