Total
37603 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-18622 | 1 Bijiadao | 1 Waimai Super Cms | 2024-11-21 | N/A |
| An issue was discovered in Waimai Super Cms 20150505. There is XSS via the index.php?m=public&a=doregister username parameter. | ||||
| CVE-2018-18621 | 1 Communigate | 1 Communigate Pro | 2024-11-21 | N/A |
| CommuniGate Pro 6.2 allows stored XSS via a message body in Pronto! Mail Composer, which is mishandled in /MIME/INBOX-MM-1/ if the raw email link (in .txt format) is modified and then renamed with a .html or .wssp extension. | ||||
| CVE-2018-18608 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
| DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php, /member/content_list.php, or /plus/feedback.php. | ||||
| CVE-2018-18579 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
| Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter. | ||||
| CVE-2018-18578 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
| DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter. | ||||
| CVE-2018-18570 | 1 Planonsoftware | 1 Planon | 2024-11-21 | N/A |
| Planon before Live Build 41 has XSS. | ||||
| CVE-2018-18553 | 1 Leanote | 1 Leanote | 2024-11-21 | N/A |
| Leanote 2.6.1 has XSS via the Blog Basic Setting title field, which is mishandled during rendering of the "likes" page. | ||||
| CVE-2018-18551 | 1 Serverscheck | 1 Monitoring Software | 2024-11-21 | N/A |
| ServersCheck Monitoring Software through 14.3.3 has Persistent and Reflected XSS via the sensors.html status parameter, sensors.html type parameter, sensors.html device parameter, report.html location parameter, group_delete.html group parameter, report_save.html query parameter, sensors.html location parameter, or group_delete.html group parameter. | ||||
| CVE-2018-18548 | 1 Ajenti | 1 Ajenticp | 2024-11-21 | N/A |
| ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager. | ||||
| CVE-2018-18547 | 1 Vestacp | 1 Control Panel | 2024-11-21 | N/A |
| Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dir_a parameter, or the filename to the list/directory/ URI. | ||||
| CVE-2018-18545 | 1 Fiyo | 1 Fiyo Cms | 2024-11-21 | 6.1 Medium |
| Fiyo CMS 2.0.7 has XSS via the dapur\apps\app_user\edit_user.php name parameter. | ||||
| CVE-2018-18540 | 1 Teakki | 1 Teakki | 2024-11-21 | N/A |
| TeaKKi 2.7 allows XSS via a crafted onerror attribute for a picture's URL. | ||||
| CVE-2018-18524 | 1 Evernote | 1 Evernote | 2024-11-21 | N/A |
| Evernote 6.15 on Windows has an incorrectly repaired stored XSS vulnerability. An attacker can use this XSS issue to inject Node.js code under Present mode. After a victim opens an affected note under Present mode, the attacker can read the victim's files and achieve remote execution command on the victim's computer. | ||||
| CVE-2018-18517 | 1 Citrix | 1 Netscaler Gateway Firmware | 2024-11-21 | N/A |
| Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1.59.004, 12.0.x before 12.0.58.7, and 12.1.x before 12.1.49.1 has XSS. | ||||
| CVE-2018-18478 | 1 Librenms | 1 Librenms | 2024-11-21 | N/A |
| Persistent Cross-Site Scripting (XSS) issues in LibreNMS before 1.44 allow remote attackers to inject arbitrary web script or HTML via the dashboard_name parameter in the /ajax_form.php resource, related to html/includes/forms/add-dashboard.inc.php, html/includes/forms/delete-dashboard.inc.php, and html/includes/forms/edit-dashboard.inc.php. | ||||
| CVE-2018-18460 | 1 3cx | 1 Live Chat | 2024-11-21 | N/A |
| XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.php wplivechat-menu-gdpr-page request. | ||||
| CVE-2018-18437 | 1 Axiositalia | 1 Registro Elettronico | 2024-11-21 | N/A |
| In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0, secret/relogoff.aspx has XSS via the Error_Desc parameter. | ||||
| CVE-2018-18433 | 1 Destoon | 1 Destoon B2b | 2024-11-21 | N/A |
| An issue was discovered in DESTOON B2B 7.0. admin/category.inc.php has XSS via the category[catname] parameter to the admin.php URI. | ||||
| CVE-2018-18431 | 1 Destoon | 1 Destoon B2b | 2024-11-21 | N/A |
| An issue was discovered in DESTOON B2B 7.0. XSS exists via certain text boxes to the admin.php?moduleid=2&action=add URI. | ||||
| CVE-2018-18430 | 1 Destoon | 1 Destoon B2b | 2024-11-21 | N/A |
| An issue was discovered in DESTOON B2B 7.0. admin\setting.inc.php has XSS via the first text box to the admin.php URI. | ||||