Total
43127 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-9238 | 1 Yahei | 1 Yahei Php Prober | 2024-11-21 | N/A |
| proberv.php in Yahei-PHP Proberv 0.4.7 has XSS via the funName parameter. | ||||
| CVE-2018-9237 | 1 Iscripts | 1 Easycreate | 2024-11-21 | N/A |
| iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site Description" field. | ||||
| CVE-2018-9236 | 1 Iscripts | 1 Easycreate | 2024-11-21 | N/A |
| iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site title" field. | ||||
| CVE-2018-9235 | 1 Iscripts | 1 Sonicbb | 2024-11-21 | N/A |
| iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php. | ||||
| CVE-2018-9186 | 1 Fortinet | 1 Fortiauthenticator | 2024-11-21 | N/A |
| A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header. | ||||
| CVE-2018-9183 | 1 Joomsky | 1 Js Jobs | 2024-11-21 | N/A |
| The Joom Sky JS Jobs extension before 1.2.1 for Joomla! has XSS. | ||||
| CVE-2018-9182 | 1 Lynxtechnology | 1 Twonky Server | 2024-11-21 | N/A |
| Twonky Server before 8.5.1 has XSS via a modified "language" parameter in the Language section. | ||||
| CVE-2018-9177 | 1 Lynxtechnology | 1 Twonky Server | 2024-11-21 | N/A |
| Twonky Server before 8.5.1 has XSS via a folder name on the Shared Folders screen. | ||||
| CVE-2018-9173 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter. | ||||
| CVE-2018-9172 | 1 Iptanus | 1 Wordpress File Upload | 2024-11-21 | N/A |
| The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes. | ||||
| CVE-2018-9169 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | N/A |
| Z-BlogPHP 1.5.1 has XSS via the zb_users/plugin/AppCentre/plugin_edit.php app_id parameter. The component must be accessed directly by an administrator, or through CSRF. | ||||
| CVE-2018-9163 | 1 Zohocorp | 1 Manageengine Recovery Manager Plus | 2024-11-21 | N/A |
| A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do. | ||||
| CVE-2018-9155 | 1 Open-audit | 1 Open-audit | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the Admin->Logs section (with a logs?logs.type= URI) and the Manage->Attributes section (via the "Name (display)" field to the attributes/create URI). | ||||
| CVE-2018-9147 | 1 Gespage | 1 Gespage | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerabilities in version 7.5.7 of Gespage software allow remote attackers to inject arbitrary web script or HTML via the email, passwd, and repasswd parameters to webapp/users/user_reg.jsp. | ||||
| CVE-2018-9140 | 1 Samsung | 1 Samsung Mobile | 2024-11-21 | N/A |
| On Samsung mobile devices with M(6.0) software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747. | ||||
| CVE-2018-9130 | 1 Ibos | 1 Ibos | 2024-11-21 | N/A |
| IBOS 4.4.3 has XSS via a company full name. | ||||
| CVE-2018-9123 | 1 Crea8social | 1 Crea8social | 2024-11-21 | N/A |
| In Crea8social 2018.2, there is Stored Cross-Site Scripting via a User Profile. | ||||
| CVE-2018-9122 | 1 Crea8social | 1 Crea8social | 2024-11-21 | N/A |
| In Crea8social 2018.2, there is Reflected Cross-Site Scripting via the term parameter to the /search URI. | ||||
| CVE-2018-9121 | 1 Crea8social | 1 Crea8social | 2024-11-21 | N/A |
| In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post comment. | ||||
| CVE-2018-9120 | 1 Crea8social | 1 Crea8social | 2024-11-21 | N/A |
| In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post. | ||||