CWE:
 

Topic
Date
Author
Low
Tenda Router W300D Multiple Vulnerability
21.09.2018
Work LearninG
Low
RICOH SP 4510SF Printer Cross Site Scripting
20.09.2018
Ismail Tasdelen
Low
LimeSurvey 3.14.7 Cross Site Scripting
19.09.2018
Ismail Tasdelen
Low
Roundcube rcfilters 2.1.6 Cross Site Scripting
19.09.2018
Fahimeh Rezaei
Low
Netis ADSL Router DL4322D RTK 2.1.1 Cross Site Scripting
18.09.2018
Cakes
Low
Wispi messenger website Multiple XSS
17.09.2018
Ali Abdollahi
Low
TSN-Ranksystem < 1.2.7 - Cross-site scripting (XSS)
10.09.2018
kodak
Low
Jorani Leave Management System 0.6.5 Cross Site Scripting
06.09.2018
Javier Olmedo
Low
D-Link Dir-600M N150 Cross-Site Scripting
06.09.2018
PUNIT DARJI
Low
Tenda ADSL Router D152 Cross-Site Scripting
06.09.2018
Sandip Dey
High
Opsview Monitor 5.x Command Execution
05.09.2018
Core Security Technolo...
Low
eVorticity xss vulnerability
05.09.2018
nothing404.team
Low
Glenn Loney xss vulnerability
04.09.2018
nothing404.team
Low
AdultJoy Reflected XSS
03.09.2018
da74
Low
PornZebra Search Engine Ref. XSS
03.09.2018
da74
Low
Cybrotech CyBroHttpServer 1.0.3 Cross Site Scripting
31.08.2018
Emre OVUNC
Low
WordPress Jibu Pro 1.7 Cross Site Scripting
31.08.2018
Renos Nikolaou
Low
JobClass 4.2 - Geolocalized Job Board Script - Cross-Site Scripting
29.08.2018
Ali Alipour
Low
Gigs v2.0 - Cross-Site Scripting
29.08.2018
Ali Alipour
Low
Sitenizolsun thema XSS Cross site request forgery
28.08.2018
Furkan Özer
Low
Agm 7.x Xss sql injection Vulnerability
28.08.2018
indoushka
Low
Dojo Toolkit 1.13 Cross Site Scripting
27.08.2018
Moritz Bechler
Low
Java System Solutions SSO Plugin For BMC MyIT 4.0.13.1 Cross Site Scripting
23.08.2018
Marco Murch
Low
Countly Cross Site Scripting
21.08.2018
Sleepy
Low
BMC MyIT Java System Solutions SSO Plugin 4.0.13.1 Cross Site Scripting
21.08.2018
Marco Murch
Low
WordPress Tagregator 0.6 Cross Site Scripting
21.08.2018
ManhNho
Low
Geutebruck re_porter 16 Cross Site Scripting
20.08.2018
Kamil Suska
Low
Atmosphere 1.x / 2.x Cross Site Scripting
16.08.2018
Lukasz D.
Low
IBM Sterling B2B Integrator 5.2.0.1 / 5.2.6.3 Cross Site Scripting
14.08.2018
Vikas Khanna
Low
IceWarp WebMail 12.0.3.1 Cross Site Scripting
14.08.2018
Mostafa Gharzi
Low
Zimbra 8.6.0_GA_1153 Cross Site Scripting
11.08.2018
Dino Barlattani
Low
CMS BUZZ 2.9 Cross Site Scripting
09.08.2018
Thiago Sena
Low
Entrepreneur Job Portal Script 3.0.1 Cross-Site Scripting
07.08.2018
Vikas Chaudhary
Low
PHP Template Store Script 3.0.6 Cross Site Scripting
07.08.2018
Sarafraz Khan
Low
Open-AudIT Community 2.2.6 Cross Site Scripting
07.08.2018
Ranjeet Jaiswal
Low
LAMS Cross Site Scripting
07.08.2018
Nikola Kojic
Low
Monstra-Dev 3.0.4 Cross Site Scripting
07.08.2018
Nainsi Gupta
Low
Basic B2B Script 2.0.0 Cross-Site Scripting
03.08.2018
Vikas Chaudhary
Low
Chartered Accountant : Auditor Website 2.0.1 Cross Site Scripting
03.08.2018
Vikas Chaudhary
Low
DataLife Engine 13.0 Cross Site Scripting
02.08.2018
Mostafa Gharzi
Low
Website by TheGoodWebCompany.com xss
30.07.2018
Bl4ck M4n
Low
Super Cms Blog Pro PHP Script v1.0 - XSS
28.07.2018
GUIA Brahim Fouad
Low
WordPress Gwolle Guestbook 2.5.3 Cross Site Scripting
27.07.2018
DefenseCode
Low
WordPress Strong Testimonials 2.31.4 Cross Site Scripting
27.07.2018
DefenseCode
Low
WordPress Snazzy Maps 1.1.3 Cross Site Scripting
27.07.2018
DefenseCode
Med.
Zoho ManageEngine 13 (13790 build) XSS / File Read / File Deletion
23.07.2018
Xiaotian Wang
Low
MyBB New Threads 1.1 Cross Site Scripting
20.07.2018
0xB9
Low
Barracuda Cloud Control 7.1.1.003 Cross Site Scripting
19.07.2018
Vulnerability Lab
Low
Barracuda Cloud Control 3.020 Cross Site Scripting
19.07.2018
Vulnerability Lab
Low
GhostMail Filename To Link Script Insertion
19.07.2018
Vulnerability Lab
Low
Open-AudIT Community 2.1.1 Cross Site Scripting
19.07.2018
Ranjeet Jaiswal
Low
PHP Whois Script Cross Site Scripting Vulnerability
18.07.2018
IRANIAN ETHICAL HACKER...
Low
Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway XSS
17.07.2018
LiquidWorm
Low
TSMTS XSS Vulnerability
15.07.2018
Rafin Rahman Chy
Low
OpenConext-EngineBlock 5.7.3 Cross Site Scripting
14.07.2018
Andrew Klaus
Low
AT&T Bizcircle Cross Site Scripting
12.07.2018
Benjamin Kunz Mejri
High
WAGO e!DISPLAY 7300T XSS / File Upload / Code Execution
12.07.2018
T. Weber
Low
ASUS WRT-AC66U 3.x Cross Site Scripting
12.07.2018
Vulnerability Lab
Low
Barracuda ADC 5.x - Filter Bypass & Persistent Validation Vulnerability
12.07.2018
Vulnerability Lab
Low
İtalia Mediasky Xss Vulnerability
10.07.2018
indoushka
Low
Instagram-clone script 2.0 - Persistent cross site scripting
08.07.2018
L0RD
Low
SeoChecker 1.9.2 Cross Site Scripting
08.07.2018
Ahmed Elhady Mohamed
Low
Subrion CMS 4.2.1 Cross Site Scripting
08.07.2018
Ismail Tasdelen
Low
BD Schools xss Vulnerability
06.07.2018
indoushka
Low
Nextpost 4.1 - Cross-Site Scripting
02.07.2018
UltraSecurityTeam
Med.
OX App Suite 7.8.4 XSS / XML Injection / Information Disclosure
02.07.2018
Secator
Low
extjs getTip() Cross Site Scripting
02.07.2018
Daniel Fritsch
Low
Eden Design Xss Vulnerability
01.07.2018
indoushka
Low
ERPnext 11.x.x XSS via file uploads upload Vulnerability
28.06.2018
indoushka
Low
Digisol DG-BR4000NG Cross Site Scripting
26.06.2018
Adipta Basu
Low
bbPress 2.5.14 - Cross Site Scripting Vulnerability
25.06.2018
Iran Cyber Security Gr...
Low
CheckSec Canopy Cross Site Scripting
20.06.2018
ryantzj
Low
Samsung Web Viewer For Samsung DVR Cross Site Scripting
14.06.2018
Yavuz Atlas
Low
Canon PrintMe EFI Cross Site Scripting
13.06.2018
Huy Kha
Low
WordPress Tooltipy 5.0 Cross Site Scripting
13.06.2018
Tom Adams
Low
userSpice 4.3.24 X-Forwarded-For Cross Site Scripting
12.06.2018
Dolev Farhi
Med.
OX App Suite 7.8.4 XSS / Privilege Management / SSRF / Traversal
12.06.2018
Martin Heiland
High
ClassLink OneClick Browser Extension / Agent Universal XSS / Remote Code Execution
12.06.2018
EdTech Secure
Low
ESPN Cross Site Scripting
12.06.2018
Ismail Doe
Low
Ignite Realtime Openfire 3.7.1 Cross Site Scripting
06.06.2018
Yavuz Atlas
Low
MyBB Recent Threads 1.0 Cross Site Scripting
05.06.2018
0xB9
Low
EMS Master Calendar Cross Site Scripting
05.06.2018
Chris Barretto
Low
AXON PBX 2.02 Cross Site Scripting
01.06.2018
Himanshu Mehta
Low
PageKit CMS 1.0.13 Cross Site Scripting
01.06.2018
Jason Perry
Low
Brother HL-L2340D / HL-L2380DW Cross Site Scripting
01.06.2018
Huy Kha
Med.
CSV Import And Export 1.1.0 Cross Site Scripting / SQL Injection
01.06.2018
Kagan Capar
Med.
New STAR 2.1 Cross Site Scripting / SQL Injection
01.06.2018
Kagan Capar
Low
Software Advice 1.0 Cross Site Scripting
31.05.2018
Ismail Tasdelen
Low
Designed by ATOM STUDIO XSS Vulnerability
30.05.2018
Bl4ck M4n
Low
Ruckus (Brocade) ICX7450-48 Reflected Cross Site Scripting
28.05.2018
Yavuz Atlas
Med.
SAP Internet Transaction Server 6200.x Session Fixation / Cross Site Scripting
28.05.2018
J. Carillo Lencina
Low
EasyService Billing 1.0 Cross-Site Scripting
28.05.2018
Divya Jain
Low
MyBB Moderator Log Notes 1.1 Cross Site Scripting
27.05.2018
0xB9
Med.
MySQL Smart Reports 1.0 Cross Site Scripting / SQL Injection
24.05.2018
AkkuS
Low
Monstra CMS 3.0.4 Reflected XSS
21.05.2018
Ismail Tasdelen
Low
Monstra CMS 3.0.4 Stored XSS
21.05.2018
Ismail Tasdelen
Med.
Joomla EkRishta 2.10 Cross Site Scripting / SQL Injection
21.05.2018
Sina Kheirkhah
Low
Healwire Online Pharmacy 3.0 Cross Site Request Forgery / Cross Site Scripting
19.05.2018
Borna Nematzadeh
Low
Siemens SIMATIC Panels Cross Site Request Forgery / Cross Site Scripting
19.05.2018
t4rkd3vilz
Low
Rockwell Scada System 27.011 Cross Site Scripting
18.05.2018
t4rkd3vilz


CVEMAP Search Results

CVE
Details
Description
2018-09-07
Low
CVE-2018-0654

Vendor: Weseek
Software: Growi
 

 
Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the modal for creating Wiki page.

 
Low
CVE-2018-0653

Vendor: Weseek
Software: Growi
 

 
Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via Wiki page view.

 
Low
CVE-2018-0652

Vendor: Weseek
Software: Growi
 

 
Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the UserGroup Management section of admin page.

 
Low
CVE-2017-1114

Vendor: IBM
Software: Campaign
 

 
IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 121152.

 
Low
CVE-2018-0655

Vendor: Weseek
Software: Growi
 

 
Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the app settings section of admin page.

 
2018-07-27
Low
CVE-2017-7463

Vendor: Redhat
Software: Jboss bpm suite
 

 
JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML code verbatim without filtering out scripts. Successful exploitation would allow execution of script code within the context of the affected user.

 
Low
CVE-2017-2674

Vendor: Redhat
Software: Jboss bpm suite
 

 
JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a stored XSS via several lists in Business Central. The flaw is due to lack of sanitation of user input when creating new lists. Remote, authenticated attackers that have privileges to create lists can store scripts in them, which are not properly sanitized before showing to other users, including admins.

 
2018-07-26
Low
CVE-2017-7535

Vendor: Theforeman
Software: Foreman
 

 
foreman before version 1.16.0 is vulnerable to a stored XSS in organizations/locations assignment to hosts. Exploiting this requires a user to actively assign hosts to an organization that contains html in its name which is visible to the user prior to taking action.

 
Low
CVE-2018-14606

Vendor: Gitlab
Software: Gitlab
 

 
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur via a Milestone name during a promotion.

 
Low
CVE-2017-7538

Vendor: Redhat
Software: Satellite
 

 
A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite 5, before 5.8. A user able to change an organization's name could exploit this flaw to perform XSS attacks against other Satellite users.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top