ReportizFlow
Filtered by vendor
Subscriptions
Total
42710 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-14382 | 1 Instantcms | 1 Instantcms | 2024-11-21 | N/A |
| InstantCMS 2.10.1 has /redirect?url= XSS. | ||||
| CVE-2018-14380 | 1 Graylog | 1 Graylog | 2024-11-21 | N/A |
| In Graylog before 2.4.6, XSS was possible in typeahead components, related to components/common/TypeAheadInput.jsx and components/search/QueryInput.ts. | ||||
| CVE-2018-14082 | 1 Freelancewebdesignerchennai | 1 Job Portal | 2024-11-21 | N/A |
| PHP Scripts Mall JOB SITE (aka Job Portal) 3.0.1 has Cross-site Scripting (XSS) via the search bar. | ||||
| CVE-2018-14059 | 1 Pimcore | 1 Pimcore | 2024-11-21 | N/A |
| Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions. | ||||
| CVE-2018-14042 | 2 Getbootstrap, Redhat | 6 Bootstrap, Enterprise Linux, Jboss Enterprise Application Platform and 3 more | 2024-11-21 | N/A |
| In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. | ||||
| CVE-2018-14041 | 2 Getbootstrap, Redhat | 4 Bootstrap, Ceph Storage, Jboss Enterprise Application Platform and 1 more | 2024-11-21 | N/A |
| In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy. | ||||
| CVE-2018-14040 | 3 Debian, Getbootstrap, Redhat | 6 Debian Linux, Bootstrap, Enterprise Linux and 3 more | 2024-11-21 | N/A |
| In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. | ||||
| CVE-2018-14037 | 1 Progress | 1 Kendo Ui | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Serializer toEditableHtml function in kendo.all.min.js. If the victim accesses the editor, the payload gets executed. Furthermore, if the payload is reflected at any other resource that does rely on the sanitisation of the editor itself, the JavaScript payload will be executed in the context of the application. This allows attackers (in the worst case) to take over user sessions. | ||||
| CVE-2018-14027 | 1 Digisol | 2 Dg-hr-3300, Dg-hr-3300 Firmware | 2024-11-21 | N/A |
| Digisol Wireless Wifi Home Router HR-3300 allows XSS via the userid or password parameter to the admin login page. | ||||
| CVE-2018-14013 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | N/A |
| Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clients. | ||||
| CVE-2018-13999 | 1 Catfish-cms | 1 Catfish Cms | 2024-11-21 | N/A |
| Catfish CMS v4.7.9 allows XSS via the admin/Index/write.html editorValue parameter (aka an article posted by an administrator). | ||||
| CVE-2018-13998 | 1 Clippercms | 1 Clippercms | 2024-11-21 | N/A |
| ClipperCMS 1.3.3 has stored XSS via the Full Name field of (1) Security -> Manager Users or (2) Security -> Web Users. | ||||
| CVE-2018-13983 | 1 Impresscms | 1 Impresscms | 2024-11-21 | N/A |
| ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/index.php, htdocs/install/page_langselect.php, or htdocs/install/page_modcheck.php. | ||||
| CVE-2018-13879 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | N/A |
| A reflected XSS issue was discovered in the registration form in Rocket.Chat before 0.66. When one creates an account, the next step will ask for a username. This field will not save HTML control characters but an error will be displayed that shows the attempted username unescaped via packages/rocketchat-ui-login/client/username/username.js in packages/rocketchat-ui-login/client/username/username.html. | ||||
| CVE-2018-13878 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | N/A |
| An XSS issue was discovered in packages/rocketchat-mentions/Mentions.js in Rocket.Chat before 0.65. The real name of a username is displayed unescaped when the user is mentioned (using the @ symbol) in a channel or private chat. Consequently, it is possible to exfiltrate the secret token of every user and also admins in the channel. | ||||
| CVE-2018-13865 | 1 Idreamsoft | 1 Icms | 2024-11-21 | N/A |
| An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the callback parameter in a public/api.php uploadpic request, bypassing the iWAF protection mechanism. | ||||
| CVE-2018-13849 | 1 Instagram-clone Project | 1 Instagram-clone | 2024-11-21 | N/A |
| edit_requests.php in yTakkar Instagram-clone through 2018-04-23 has XSS via an onmouseover payload because of an inadequate XSS protection mechanism based on preg_replace. | ||||
| CVE-2018-13832 | 1 Techotronic | 1 All In One Favicon | 2024-11-21 | N/A |
| Multiple Persistent cross-site scripting (XSS) issues in the Techotronic all-in-one-favicon (aka All In One Favicon) plugin 4.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via Apple-Text, GIF-Text, ICO-Text, PNG-Text, or JPG-Text. | ||||
| CVE-2018-13825 | 2 Broadcom, Ca | 2 Project Portfolio Management, Project Portfolio Management | 2024-11-21 | N/A |
| Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks. | ||||
| CVE-2018-13809 | 1 Siemens | 4 Cp 1604, Cp 1604 Firmware, Cp 1616 and 1 more | 2024-11-21 | N/A |
| A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). The integrated web server of the affected CP devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into following a malicious link. User interaction is required for a successful exploitation. At the time of advisory publication no public exploitation of this vulnerability was known. | ||||