Total
37758 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-20600 | 1 Ucms Project | 1 Ucms | 2024-11-21 | N/A |
| sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit action. | ||||
| CVE-2018-20597 | 1 Ucms Project | 1 Ucms | 2024-11-21 | N/A |
| UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action. | ||||
| CVE-2018-20594 | 1 Hsweb | 1 Hsweb | 2024-11-21 | N/A |
| An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerability due to the absence of type parameter checking in FlowableModelManagerController.java. | ||||
| CVE-2018-20590 | 1 Generic Content Management System Project | 1 Generic Content Management System | 2024-11-21 | 4.8 Medium |
| Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/users.php user ID. | ||||
| CVE-2018-20589 | 1 Generic Content Management System Project | 1 Generic Content Management System | 2024-11-21 | N/A |
| Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/add_pictures.php article ID. | ||||
| CVE-2018-20583 | 1 Thephpleague | 1 Commonmark | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library versions 0.15.6 through 0.18.x before 0.18.1 allows remote attackers to insert unsafe URLs into HTML (even if allow_unsafe_links is false) via a newline character (e.g., writing javascript as javascri%0apt). | ||||
| CVE-2018-20565 | 1 Douco | 1 Douphp | 2024-11-21 | N/A |
| An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?rec=update has XSS via the nav_name parameter. | ||||
| CVE-2018-20564 | 1 Douco | 1 Douphp | 2024-11-21 | N/A |
| An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product_category.php?rec=update has XSS via the cat_name parameter. | ||||
| CVE-2018-20563 | 1 Douco | 1 Douphp | 2024-11-21 | N/A |
| An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS via the mobile_name parameter. | ||||
| CVE-2018-20562 | 1 Douco | 1 Douphp | 2024-11-21 | N/A |
| An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article_category.php?rec=update has XSS via the cat_name parameter. | ||||
| CVE-2018-20561 | 1 Douco | 1 Douphp | 2024-11-21 | N/A |
| An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the title parameter. | ||||
| CVE-2018-20560 | 1 Douco | 1 Douphp | 2024-11-21 | N/A |
| An issue was discovered in DouCo DouPHP 1.5 20181221. admin/show.php?rec=update has XSS via the show_name parameter. | ||||
| CVE-2018-20559 | 1 Douco | 1 Douphp | 2024-11-21 | N/A |
| An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product.php?rec=update has XSS via the name parameter. | ||||
| CVE-2018-20558 | 1 Douco | 1 Douphp | 2024-11-21 | N/A |
| An issue was discovered in DouCo DouPHP 1.5 20181221. admin/system.php?rec=update has XSS via the site_name parameter. | ||||
| CVE-2018-20557 | 1 Douco | 1 Douphp | 2024-11-21 | N/A |
| An issue was discovered in DouCo DouPHP 1.5 20181221. admin/page.php?rec=edit has XSS via the page_name parameter. | ||||
| CVE-2018-20530 | 1 Website Seller Script Project | 1 Website Seller Script | 2024-11-21 | N/A |
| PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a Profile field such as Company Address, a related issue to CVE-2018-15896. | ||||
| CVE-2018-20524 | 1 Urlchatbox | 1 Chat Anywhere | 2024-11-21 | N/A |
| The Chat Anywhere extension 2.4.0 for Chrome allows XSS via crafted use of <<a> in a message, because a danmuWrapper DIV element in chatbox-only\danmu.js is outside the scope of a Content Security Policy (CSP). | ||||
| CVE-2018-20520 | 1 1234n | 1 Minicms | 2024-11-21 | N/A |
| MiniCMS V1.10 has XSS via the mc-admin/post-edit.php query string, a related issue to CVE-2018-10296 and CVE-2018-16233. | ||||
| CVE-2018-20503 | 1 Alliedtelesis | 2 8100l\/8, 8100l\/8 Firmware | 2024-11-21 | N/A |
| Allied Telesis 8100L/8 devices allow XSS via the edit-ipv4_interface.php vlanid or subnet_mask parameter. | ||||
| CVE-2018-20496 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.4 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS. | ||||