Total
40736 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-19574 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.4 Medium |
| GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page. | ||||
| CVE-2018-19573 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.4 Medium |
| GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid. | ||||
| CVE-2018-19570 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.4 Medium |
| GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags. | ||||
| CVE-2018-19564 | 1 Goldplugins | 1 Easy Testimonials | 2024-11-21 | N/A |
| Stored XSS was discovered in the Easy Testimonials plugin 3.2 for WordPress. Three wp-admin/post.php parameters (_ikcf_client and _ikcf_position and _ikcf_other) have Cross-Site Scripting. | ||||
| CVE-2018-19554 | 1 Dotcms | 1 Dotcms | 2024-11-21 | N/A |
| An issue was discovered in Dotcms through 5.0.3. Attackers may perform XSS attacks via the inode, identifier, or fieldName parameter in html/js/dotcms/dijit/image/image_tool.jsp. | ||||
| CVE-2018-19547 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | N/A |
| JTBC(PHP) 3.0.1.7 has XSS via the console/xml/manage.php?type=action&action=edit content parameter. | ||||
| CVE-2018-19546 | 1 Jtbc | 1 Jtbc Php | 2024-11-21 | N/A |
| JTBC(PHP) 3.0.1.7 has CSRF via the console/xml/manage.php?type=action&action=edit URI, as demonstrated by an XSS payload in the content parameter. | ||||
| CVE-2018-19527 | 1 I4 | 1 Ai Si Assistant | 2024-11-21 | N/A |
| i4 assistant 7.85 allows XSS via a crafted machine name field within iOS settings. | ||||
| CVE-2018-19525 | 1 Systrome | 6 Cumilon Isg-600c, Cumilon Isg-600c Firmware, Cumilon Isg-600h and 3 more | 2024-11-21 | N/A |
| An issue was discovered on Systrome ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. There is CSRF via /ui/?g=obj_keywords_add and /ui/?g=obj_keywords_addsave with resultant XSS because of a lack of csrf token validation. | ||||
| CVE-2018-19509 | 1 Ens | 1 Webgalamb | 2024-11-21 | N/A |
| wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars() instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to XSS. | ||||
| CVE-2018-19508 | 1 Cmsimple | 1 Cmsimple | 2024-11-21 | N/A |
| CMSimple 4.7.5 has XSS via an admin's upload of an SVG file at a ?userfiles&subdir=userfiles/images/flags/ URI. | ||||
| CVE-2018-19507 | 1 Cmsimple | 1 Cmsimple | 2024-11-21 | N/A |
| CMSimple 4.7.5 has XSS via an admin's use of a ?file=config&action=array URI. | ||||
| CVE-2018-19506 | 1 Zurmo | 1 Zurmo | 2024-11-21 | N/A |
| Zurmo 3.2.4 has XSS via an admin's use of the name parameter in the reports section, aka the app/index.php/reports/default/details?id=1 URI. | ||||
| CVE-2018-19498 | 1 Simplenia | 1 Pages | 2024-11-21 | N/A |
| The Simplenia Pages plugin 2.6.0 for Atlassian Bitbucket Server has XSS. | ||||
| CVE-2018-19493 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is a persistent XSS vulnerability in the environment pages due to a lack of input validation and output encoding. | ||||
| CVE-2018-19469 | 1 Articlecms Project | 1 Articlecms | 2024-11-21 | N/A |
| ArticleCMS through 2017-02-19 has XSS via the /update_personal_infomation realname or email parameter. | ||||
| CVE-2018-19465 | 1 Maccms | 1 Maccms | 2024-11-21 | N/A |
| Maccms through 8.0 allows XSS via the site_keywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/system_config.html, related to template/paody/html/vod_index.html. | ||||
| CVE-2018-19464 | 1 Dismall | 1 Discuz\! | 2024-11-21 | 4.8 Medium |
| Discuz! X3.4 allows XSS via admin.php because admincp/admincp_setting.php and template\default\common\footer.htm mishandles statcode field from third-party stats code. | ||||
| CVE-2018-19461 | 1 Phome | 1 Empirecms | 2024-11-21 | N/A |
| admin\db\DoSql.php in EmpireCMS through 7.5 allows XSS via crafted SQL syntax to admin/admin.php. | ||||
| CVE-2018-19439 | 1 Oracle | 1 Secure Global Desktop | 2024-11-21 | N/A |
| XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). helpwindow.jsp has reflected XSS via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter. | ||||