Total
40736 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-18373 | 1 Schiocco | 1 Support Board - Chat And Help Desk | 2024-11-21 | N/A |
| In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for WordPress, a Stored XSS vulnerability has been discovered in file upload areas in the Chat and Help Desk sections via the msg parameter in a /wp-admin/admin-ajax.php sb_ajax_add_message action. | ||||
| CVE-2018-18372 | 1 Kaasoft | 1 Library Cms | 2024-11-21 | N/A |
| A Stored XSS vulnerability has been discovered in KAASoft Library CMS - Powerful Book Management System 2.1.1 via the /admin/book/create/ title parameter. | ||||
| CVE-2018-18370 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2024-11-21 | N/A |
| The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2. | ||||
| CVE-2018-18362 | 1 Symantec | 1 Norton Password Manager | 2024-11-21 | N/A |
| Norton Password Manager for Android (formerly Norton Identity Safe) may be susceptible to a cross site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. | ||||
| CVE-2018-18361 | 1 Nconsulting | 1 Nc-cms | 2024-11-21 | N/A |
| An issue was discovered in nc-cms through 2017-03-10. index.php?action=edit_html allows XSS via the name parameter, as demonstrated by a value beginning with home_content and containing a crafted SRC attribute of an IMG element. | ||||
| CVE-2018-18324 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | N/A |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has XSS via the admin/fileManager2.php fm_current_dir parameter, or the admin/index.php module, service_start, service_fullstatus, service_restart, service_stop, or file (within the file_editor) parameter. | ||||
| CVE-2018-18308 | 1 Bigtreecms | 1 Bigtree Cms | 2024-11-21 | N/A |
| In the 4.2.23 version of BigTree, a Stored XSS vulnerability has been discovered in /admin/ajax/file-browser/upload/ (aka the image upload area). | ||||
| CVE-2018-18296 | 1 Metinfo | 1 Metinfo | 2024-11-21 | N/A |
| MetInfo 6.1.2 has XSS via the /admin/index.php bigclass parameter in an n=column&a=doadd action. | ||||
| CVE-2018-18291 | 1 Asus | 2 Rt-ac58u, Rt-ac58u Firmware | 2024-11-21 | N/A |
| A cross site scripting (XSS) vulnerability on ASUS RT-AC58U 3.0.0.4.380_6516 devices allows remote attackers to inject arbitrary web script or HTML via Advanced_ASUSDDNS_Content.asp, Advanced_WSecurity_Content.asp, Advanced_Wireless_Content.asp, Logout.asp, Main_Login.asp, MobileQIS_Login.asp, QIS_wizard.htma, YandexDNS.asp, ajax_status.xml, apply.cgi, clients.asp, disk.asp, disk_utility.asp, or internet.asp. | ||||
| CVE-2018-18290 | 1 Nconsulting | 1 Nc-cms | 2024-11-21 | N/A |
| An issue was discovered in nc-cms through 2017-03-10. index.php?action=edit_html&name=home_content allows XSS via the HTML Source Editor. NOTE: the vendor disputes this because the form requires administrator privileges, and entering JavaScript is supported functionality | ||||
| CVE-2018-18282 | 1 Zeit | 1 Next.js | 2024-11-21 | N/A |
| Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page. | ||||
| CVE-2018-18276 | 1 Profiles Project | 1 Profiles | 2024-11-21 | N/A |
| XSS exists in the ProFiles 1.5 component for Joomla! via the name or path parameter when creating a new folder in the administrative panel. | ||||
| CVE-2018-18271 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A |
| XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action. | ||||
| CVE-2018-18270 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A |
| XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parameter in an admin/moduleinterface.php "Content-->News-->Add Article" action. | ||||
| CVE-2018-18262 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| Zoho ManageEngine OpManager 12.3 before build 123214 has XSS. | ||||
| CVE-2018-18261 | 1 Bijiadao | 1 Waimai Super Cms | 2024-11-21 | N/A |
| In waimai Super Cms 20150505, there is an XSS vulnerability via the /admin.php/Foodcat/addsave fcname parameter. | ||||
| CVE-2018-18260 | 1 Tuzitio | 1 Camaleon Cms | 2024-11-21 | N/A |
| In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. The profile image in the User settings section can be run in the update / upload area via /admin/media/upload?actions=false. NOTE: the vendor reports that they are "unable to reproduce the reported issue on any version." | ||||
| CVE-2018-18259 | 1 Luya | 1 Luya Cms | 2024-11-21 | N/A |
| Stored XSS has been discovered in version 1.0.12 of the LUYA CMS software via /admin/api-cms-nav/create-page. | ||||
| CVE-2018-18248 | 1 Icinga | 1 Icinga Web 2 | 2024-11-21 | N/A |
| Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir parameter, the /icingaweb2/user/list query string, the /icingaweb2/monitoring/timeline query string, or the /icingaweb2/setup query string. | ||||
| CVE-2018-18247 | 1 Icinga | 1 Icinga Web 2 | 2024-11-21 | N/A |
| Icinga Web 2 before 2.6.2 has XSS via the /icingaweb2/navigation/add icon parameter. | ||||