Total
37600 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-17113 | 1 Easycms | 1 Easycms | 2024-11-21 | N/A |
| App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf in EasyCMS 1.5 has XSS via the uploadifyID or movieName parameter, a related issue to CVE-2018-9173. | ||||
| CVE-2018-17090 | 1 I4a | 1 Donlinkage | 2024-11-21 | N/A |
| An issue was discovered in DonLinkage 6.6.8. The modules /pages/bazy/bazy_adresow.php and /pages/proxy/add.php are vulnerable to stored XSS that can be triggered by closing <textarea> followed by <script></script> tags. | ||||
| CVE-2018-17086 | 1 Otcms | 1 Otcms | 2024-11-21 | N/A |
| An issue was discovered in OTCMS 3.61. XSS exists in admin/share_switch.php via these parameters: fieldName fieldName2 tabName. | ||||
| CVE-2018-17085 | 1 Otcms | 1 Otcms | 2024-11-21 | N/A |
| An issue was discovered in OTCMS 3.61. XSS exists in admin/users.php via these parameters: dataTypeCN dataMode dataModeStr. | ||||
| CVE-2018-17082 | 4 Debian, Netapp, Php and 1 more | 4 Debian Linux, Storage Automation Store, Php and 1 more | 2024-11-21 | N/A |
| The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c. | ||||
| CVE-2018-17079 | 1 Zrlog | 1 Zrlog | 2024-11-21 | N/A |
| An issue was discovered in ZRLOG 2.0.1. There is a Stored XSS vulnerability in the nickname field of the comment area. | ||||
| CVE-2018-17077 | 1 Yiqicms Project | 1 Yiqicms | 2024-11-21 | N/A |
| An issue was discovered in yiqicms through 2016-11-20. There is stored XSS in comment.php because a length limit can be bypassed. | ||||
| CVE-2018-17062 | 1 Seacms | 1 Seacms | 2024-11-21 | N/A |
| An issue was discovered in SeaCMS 6.64. XSS exists in admin_video.php via the action, area, type, yuyan, jqtype, v_isunion, v_recycled, v_ismoney, or v_ispsd parameter. | ||||
| CVE-2018-17061 | 1 Bullguard | 1 Safe Browsing | 2024-11-21 | N/A |
| BullGuard Safe Browsing before 18.1.355.9 allows XSS on Google, Bing, and Yahoo! pages via domains indexed in search results. | ||||
| CVE-2018-17056 | 1 Progress | 1 Sitefinity Cms | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in ServiceStack in Progress Sitefinity CMS versions 10.2 through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2018-17054 | 1 Progress | 1 Sitefinity Cms | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2018-17053. | ||||
| CVE-2018-17053 | 1 Progress | 1 Sitefinity Cms | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Identity Server in Progress Sitefinity CMS versions 10.0 through 11.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to login request parameters, a different vulnerability than CVE-2018-17054. | ||||
| CVE-2018-17051 | 1 Knet | 1 Cisco Configuration Manager | 2024-11-21 | N/A |
| K-Net Cisco Configuration Manager through 2014-11-19 has XSS via devices.php. | ||||
| CVE-2018-17049 | 1 Cqu Lankers Project | 1 Cqu Lankers | 2024-11-21 | N/A |
| CQU-LANKERS through 2017-11-02 has XSS via the public/api.php callback parameter in an uploadpic action. | ||||
| CVE-2018-17046 | 1 Translate Man Project | 1 Translate Man | 2024-11-21 | N/A |
| translate man before 2018-08-21 has XSS via containers/outputBox/outputBox.vue and store/index.js. | ||||
| CVE-2018-17044 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | N/A |
| In YzmCMS 5.1, stored XSS exists via the admin/system_manage/user_config_add.html title parameter. | ||||
| CVE-2018-17039 | 2 1234n, Microsoft | 2 Minicms, Internet Explorer | 2024-11-21 | N/A |
| MiniCMS 1.10, when Internet Explorer is used, allows XSS via a crafted URI because $_SERVER['REQUEST_URI'] is mishandled. | ||||
| CVE-2018-17034 | 1 Ucms Project | 1 Ucms | 2024-11-21 | N/A |
| UCMS 1.4.6 has XSS via the install/index.php mysql_dbname parameter. | ||||
| CVE-2018-17031 | 1 Gogs | 1 Gogs | 2024-11-21 | N/A |
| In Gogs 0.11.53, an attacker can use a crafted .eml file to trigger MIME type sniffing, which leads to XSS, as demonstrated by Internet Explorer, because an "X-Content-Type-Options: nosniff" header is not sent. | ||||
| CVE-2018-17026 | 1 Monstra | 1 Monstra | 2024-11-21 | N/A |
| admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an edit_page&name=error404 action, a different vulnerability than CVE-2018-10121. | ||||