ReportizFlow
Filtered by vendor
Subscriptions
Total
42798 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-16861 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Foreman | 2024-11-21 | N/A |
| A cross-site scripting (XSS) flaw was found in the foreman component of satellite. An attacker with privilege to create entries using the Hosts, Monitor, Infrastructure, or Administer Menus is able to execute a XSS attacks against other users, possibly leading to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Foreman before 1.18.3, 1.19.1, and 1.20.0 are vulnerable. | ||||
| CVE-2018-16833 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | N/A |
| Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI. | ||||
| CVE-2018-16808 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | N/A |
| An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note. | ||||
| CVE-2018-16805 | 1 B3log | 1 Solo | 2024-11-21 | N/A |
| In b3log Solo 2.9.3, XSS in the Input page under the Publish Articles menu, with an ID of linkAddress stored in the link JSON field, allows remote attackers to inject arbitrary Web scripts or HTML via a crafted site name provided by an administrator. | ||||
| CVE-2018-16804 | 1 Ucms Project | 1 Ucms | 2024-11-21 | N/A |
| An issue was discovered in UCMS 1.4.6. There is XSS in the title bar, as demonstrated by a do=list request. | ||||
| CVE-2018-16786 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
| DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax.php. | ||||
| CVE-2018-16780 | 1 Complete Responsive Cms Blog Project | 1 Complete Responsive Cms Blog | 2024-11-21 | N/A |
| Complete Responsive CMS Blog through 2018-05-20 has XSS via a comment. | ||||
| CVE-2018-16779 | 1 Blogcms Project | 1 Blogcms | 2024-11-21 | N/A |
| BlogCMS through 2016-10-25 has XSS via a comment. | ||||
| CVE-2018-16778 | 1 Jenzabar | 1 Jenzabar | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Jenzabar v8.2.1 through 9.2.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter (aka the Search Field). | ||||
| CVE-2018-16776 | 1 Creatiwity | 1 Witycms | 2024-11-21 | N/A |
| wityCMS 0.6.2 has XSS via the "Site Name" field found in the "Contact" "Configuration" page. | ||||
| CVE-2018-16775 | 1 Victor Cms Project | 1 Victor Cms | 2024-11-21 | N/A |
| An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the site name in the "Categories" menu. | ||||
| CVE-2018-16773 | 1 Easycms | 1 Easycms | 2024-11-21 | N/A |
| EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field. | ||||
| CVE-2018-16772 | 1 Hoosk | 1 Hoosk | 2024-11-21 | N/A |
| Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new. | ||||
| CVE-2018-16759 | 1 Easycms | 1 Easycms | 2024-11-21 | N/A |
| The removeXSS function in App/Common/common.php (called from App/Modules/Index/Action/SearchAction.class.php) in EasyCMS v1.4 allows XSS via an onhashchange event. | ||||
| CVE-2018-16736 | 1 Rcfilters Project | 1 Rcfilters | 2024-11-21 | N/A |
| In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the _whatfilter and _messages parameters (in the Filters section of the settings). | ||||
| CVE-2018-16730 | 1 Chshcms | 1 Cscms | 2024-11-21 | N/A |
| \upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name. | ||||
| CVE-2018-16729 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | N/A |
| Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages->manage under admin.php?action=files. | ||||
| CVE-2018-16728 | 1 Feindura | 1 Feindura | 2024-11-21 | N/A |
| feindura 2.0.7 allows XSS via the tags field of a new page created at index.php?category=0&page=new. | ||||
| CVE-2018-16727 | 1 Razorcms | 1 Razorcms | 2024-11-21 | N/A |
| razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component. | ||||
| CVE-2018-16726 | 1 Razorcms | 1 Razorcms | 2024-11-21 | N/A |
| razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings component. | ||||