Total
37913 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-7035 | 1 Gleezcms | 1 Gleez Cms | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers (users) to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode in an Add Blog action. | ||||
| CVE-2018-6958 | 1 Vmware | 1 Vrealize Automation | 2024-11-21 | N/A |
| VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerability that may allow for a DOM-based cross-site scripting (XSS) attack. Exploitation of this issue may lead to the compromise of the vRA user's workstation. | ||||
| CVE-2018-6944 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | N/A |
| core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable. | ||||
| CVE-2018-6943 | 1 Ultimatemember | 1 Ultimatemember | 2024-11-21 | N/A |
| core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable. | ||||
| CVE-2018-6940 | 1 Nat32 | 1 Nat32 | 2024-11-21 | N/A |
| A /shell?cmd= XSS issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with CSRF. | ||||
| CVE-2018-6936 | 2 D-link, Dlink | 2 Dir-600m C1 Firmware, Dir-600m C1 | 2024-11-21 | N/A |
| Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via the SSID or the name of a user account. | ||||
| CVE-2018-6935 | 1 Student Profile Management System Script Project | 1 Student Profile Management System Script | 2024-11-21 | N/A |
| PHP Scripts Mall Student Profile Management System Script v2.0.6 has XSS via the Name field to list_student.php. | ||||
| CVE-2018-6906 | 1 Rainmachine | 1 Rainmachine Web Application | 2024-11-21 | N/A |
| A persistent Cross Site Scripting (XSS) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API. | ||||
| CVE-2018-6905 | 1 Typo3 | 1 Typo3 | 2024-11-21 | N/A |
| The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process. | ||||
| CVE-2018-6904 | 1 Car Rental Script Project | 1 Car Rental Script | 2024-11-21 | N/A |
| PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name field in an Edit Profile action. | ||||
| CVE-2018-6902 | 1 Image Sharing Script Project | 1 Image Sharing Script | 2024-11-21 | N/A |
| PHP Scripts Mall Image Sharing Script 1.3.3 has XSS via the Full Name field in an Edit Profile action. | ||||
| CVE-2018-6900 | 1 Website Broker Script Project | 1 Website Broker Script | 2024-11-21 | N/A |
| PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the Last Name field on the My Profile page. | ||||
| CVE-2018-6891 | 1 Booking-wp-plugin | 1 Bookly | 2024-11-21 | 6.1 Medium |
| Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via a jQuery.ajax request to ng-payment_details_dialog.js. | ||||
| CVE-2018-6890 | 1 Wolfcms | 1 Wolf Cms | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Wolf CMS 0.8.3.1 via the page editing feature, as demonstrated by /?/admin/page/edit/3. | ||||
| CVE-2018-6878 | 1 Hot Scripts Clone Project | 1 Hot Scripts Clone | 2024-11-21 | N/A |
| Cross Site Scripting (XSS) exists in the review section in PHP Scripts Mall Hot Scripts Clone Script Classified 3.1 via the title or description field. | ||||
| CVE-2018-6870 | 1 Website Seller Script Project | 1 Website Seller Script | 2024-11-21 | N/A |
| Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.0.3 via the Listings Search feature. | ||||
| CVE-2018-6868 | 1 Groupon Clone Script Project | 1 Groupon Clone Script | 2024-11-21 | N/A |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / DealNews / Groupon Clone Script 3.0.2 via a User Profile Field parameter. | ||||
| CVE-2018-6866 | 1 Learning And Examination Management System Script Project | 1 Learning And Examination Management System Script | 2024-11-21 | N/A |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Learning and Examination Management System Script 2.3.1 via a crafted message. | ||||
| CVE-2018-6864 | 1 Multireligion Responsive Matrimonial Project | 1 Multireligion Responsive Matrimonial | 2024-11-21 | N/A |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Multi religion Responsive Matrimonial 4.7.2 via a user profile update parameter. | ||||
| CVE-2018-6862 | 1 Bitcoin Mlm Project | 1 Bitcoin Mlm | 2024-11-21 | N/A |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Bitcoin MLM Software 1.0.2 via a profile field. | ||||