CWE:
 

Topic
Date
Author
Low
Acadmic Microsoft - API Query Filter Cross Site Scripting Vulnerability
22.01.2018
Vulnerability Lab
Low
CentOS Web Panel 0.9.8.12 Cross Site Scripting
22.01.2018
Vulnerability Lab
Low
Vodafone DE Cross Site Scripting
21.01.2018
Ismail Tasdelen
Low
video whisper conference XSS Vulnerability
21.01.2018
indoushka
Low
pinger XSS Vulnerability
21.01.2018
indoushka
Low
ADOdb < 4.71 Cross Site Scripting
20.01.2018
GulfTech
Low
Reservo Image Hosting Script 1.5 Cross Site Scripting
18.01.2018
Dennis Veninga
Low
SugarCRM 3.5.1 Cross Site Scripting
18.01.2018
Guilherme Assmann
Low
Doma all version xss Vulnerability
16.01.2018
indoushka
Low
ImgHosting 1.5 Cross Site Scripting
16.01.2018
Dennis Veninga
Low
Bonza Digital Cart Script version 1 XSS Vulnerability
15.01.2018
indoushka
Low
Piwigo 2.8.2 / 2.9.2 Cross Site Scripting
13.01.2018
Vulnerability Lab
Low
Joomla! Easydiscuss Cross Site Scripting
11.01.2018
Mattia Furlani
Low
WordPress MQ ReLinks 1.8 XSS / Open Redirection
11.01.2018
Ricardo Sanchez
Low
Office Tracker 11.2.5 Cross Site Scripting
09.01.2018
Nassim Asrir
Med.
AvantFAX 3.3.3 Cross Site Scripting
09.01.2018
Nassim Asrir
Low
SonicWall SonicOS NSA Web Firewall Cross Site Scripting
07.01.2018
Vulnerability Lab
Low
Gespage 7.4.8 Cross Site Scripting
07.01.2018
sysdream
Low
Grawlix 1.1.1 xss Vulnerability
05.01.2018
indoushka
Low
Your Doctor Medical And Doctor Website CMS 1.0 Cross Site Scripting
03.01.2018
ShanoWeb
Low
Ebook CMS 1.0 Cross Site Scripting
03.01.2018
ShanoWeb
Low
Career Portal 1.0 Cross Site Scripting
03.01.2018
ShanoWeb
Low
Lara Overflow 1.0 Cross Site Scripting
03.01.2018
ShanoWeb
Low
Eventsys Events Management System 1.0 Cross Site Scripting
03.01.2018
ShanoWeb
Low
Wikipedia Search Engine 1.0 Cross Site Scripting
31.12.2017
ShanoWeb
Low
Photo Fusion 1.0 Cross Site Scripting
31.12.2017
ShanoWeb
Med.
Chatting System PHP Ajax MySQL JavaScript 1.0 Cross Site Scripting
31.12.2017
ShanoWeb
Low
GoodTravel Travel And Locations 1.0 Cross Site Scripting
31.12.2017
ShanoWeb
Low
Bitcoin Cash Receive Payments 1.0 Cross Site Scripting
30.12.2017
ShanoWeb
Low
WBiz Desk 1.0 Cross Site Scripting
30.12.2017
ShanoWeb
Low
Class-Scheduling-System CMS - XSS Vulnerability
28.12.2017
9aylas
Low
Easy!Appointments v1.2.1 Multiple Stored XSS Vulnerabilities
28.12.2017
Gjoko 'LiquidWorm' Krs...
Low
XLAgenda 4.4 Xss vulnerability
27.12.2017
indoushka
Low
MyITCRM 1 0.2.9.3 XSS vulnerability
25.12.2017
indoushka
Low
mylittleforum-2.3.7 beta "mix_entry.php" XSS vulnerability
25.12.2017
indoushka
Low
codecanyon smmpanel XSS vulnerability
25.12.2017
indoushka
Low
Openupload 0.4.2 Xss vulnerability
25.12.2017
indoushka
Low
Zenbership Membership Software 107 XSS vulnerability
25.12.2017
indoushka
Low
Streamo - Online Radio And Tv Streaming CMS XSS vulnerability
24.12.2017
indoushka
Low
silverstripe v3.1.0 beta2 XSS vulnerability
24.12.2017
indoushka
Low
Seditio CMS version 1.7.5 HTML Injection vulnerability
24.12.2017
indoushka
Low
Dubai Iconcept LLC xss vulnerability
24.12.2017
indoushka
Low
ServersCheck Monitoring Software Cross Site Scripting
22.12.2017
Aloyce J. Makalanga
Low
Roommate And Real Estate Listing Classified Response 1.0 XSS
22.12.2017
ShanoWeb
Low
Trend Micro Smart Protection Server 3.2 XSS / Access Control / Disclosure
22.12.2017
CORE
Low
Online Hotel Booking System Pro 1.3 Cross Site Scripting
22.12.2017
ShanoWeb
Low
phpMars 1.0.9 Cross Site Scripting
22.12.2017
ShanoWeb
Low
WordPress Grifus 4.0.1 Cross Site Scripting
22.12.2017
Sajibe Kanti
Low
Ability Mail Server 3.3.2 Cross Site Scripting
21.12.2017
Aloyce J. Makalanga
Low
WordPress WebConnex Form Management 1.6.3 Cross Site Scripting
21.12.2017
Ricardo Sanchez
Low
WordPress Itinerary 1.0.0 Cross Site Scripting
21.12.2017
Ricardo Sanchez
Med.
TP-Link TL-SG108E XSS / Weak Access Control
20.12.2017
James McLean
Low
WordPress Concours 1.1 Cross Site Scripting
20.12.2017
Nicolas Buzy-Debat
Low
WordPress Custom Map 1.1 Cross Site Scripting
20.12.2017
Nicolas Buzy-Debat
Low
WordPress CSV Import-Export 1.1 Cross Site Scripting
20.12.2017
Nicolas Buzy-Debat
Low
Clockwork SMS Cross Site Scripting
19.12.2017
Elias Dimopoulos
Low
WordPress Yakadanda Google+ Hangout Events 0.3.7 XSS
19.12.2017
Ricardo Sanchez
Low
WordPress Sagepay Server Gateway For WooCommerce 1.0.7 XSS
18.12.2017
Ricardo Sanchez
Low
WordPress Wunderbar Basic 1.1.3 Cross Site Scripting
15.12.2017
Ricardo Sanchez
Low
WordPress Pinterest Badge 1.8.0 Cross Site Scripting
15.12.2017
Ricardo Sanchez
Low
WordPress WooPay Inicis 1.1.3 Cross Site Scripting
14.12.2017
Ricardo Sanchez
Low
WordPress Qiniu Cloudtuchuang 1.8 Cross Site Scripting
14.12.2017
Ricardo Sanchez
Low
WordPress WordApp Mobile 2.0.3 Cross Site Scripting
14.12.2017
Ricardo Sanchez
Low
WordPress Smart Marketing SMS And Newsletters Forms 1.1.1 XSS
06.12.2017
Ricardo Sanchez
Low
WordPress WP Mailster 1.5.4.0 Cross Site Scripting
06.12.2017
Ricardo Sanchez
Low
WordPress Z-URL Preview 1.6.1 Cross Site Scripting
06.12.2017
Ricardo Sanchez
Low
WordPress 3rd-Party Inject Results 0.2 Cross Site Scripting
06.12.2017
Ricardo Sanchez
Low
Jenkins stored cross-site scripting vulnerability
05.12.2017
Daniel Beck
Low
FortiGate SSL VPN Portal 5.x Cross Site Scripting
04.12.2017
Stefan Viehböck
High
OpenEMR 5.0.0 Command Injection / Cross Site Scripting
04.12.2017
Jasveer
Low
Mist Server v2.12 Unauthenticated Persistent XSS
01.12.2017
hyp3rlinx
Low
ZKTeco ZKTime Web 2.0.1.12280 Cross Site Scripting
01.12.2017
Himanshu Mehta
Low
CMS Made Simple 2.1.6 Cross Site Scripting / Template Injection
29.11.2017
Ziyahan Albeniz
Low
CommuniGatePro 6.1.16 Cross Site Scripting
26.11.2017
Boumediene KADDOUR
Low
earth.google.com cross site scripting
25.11.2017
Hosein)root
Low
WordPress Breezing Forms 1.2.7.42 Cross Site Scripting
22.11.2017
Ricardo Sanchez
Low
MyTy 5.1.7 Cross Site Scripting
22.11.2017
Nicolas Heiniger
Low
WordPress Emag Marketplace Connector 1.0 Cross Site Scripting
21.11.2017
Ricardo Sanchez
Low
WordPress Advanced Post Type Ratings 1.1 Cross Site Scripting
21.11.2017
Ricardo Sanchez
Low
MyBB 1.8.13 Cross-Site Scripting
21.11.2017
Pablo Sacristan
Low
wp-sms "page" Parameter Cross Site Scripting
21.11.2017
Ali Alizadeh Asl
Med.
Siemens SICAM RTUs SM-2556 COM Modules XSS / Bypass / Code Execution
17.11.2017
SEC Consult
Low
TP-Link TL-WR740N Cross-Site Scripting
17.11.2017
bl00dy
Low
LanSweeper 6.0.100.75 Cross-Site Scripting
17.11.2017
Miguel Mendez Z
Low
Vonage VDV23 Cross-Site Scripting
17.11.2017
Nu11By73
Low
CA Identity Governance 12.6 Cross Site Scripting
16.11.2017
Kevin Kotas
Low
WordPress DFD Reddcoin Tips 1.1.1 Cross Site Scripting
15.11.2017
Ricardo Sanchez
Low
Allworx Server Manager 6x / 6x12 / 48x Cross Site Scripting
15.11.2017
Gjoko 'LiquidWorm' Krs...
Low
Kirby CMS < 2.5.7 Cross-Site Scripting
15.11.2017
Ishaq Mohammed
Low
WordPress Affiliate Ads For Clickbank Products 1.3 XSS
15.11.2017
Ricardo Sanchez
Low
WordPress AMP Toolbox 1.9.4 Cross Site Scripting
15.11.2017
Ricardo Sanchez
Low
WordPress Boozang 1.0.0 Cross Site Scripting
14.11.2017
Ricardo Sanchez
Low
KirbyCMS Cross Site Scripting
14.11.2017
Ishaq Mohammed
Low
Monstra CMS 3.0.4 Cross Site Scripting
14.11.2017
Ashiyane Digital secur...
Low
WordPress Cartogiraffe Map 1.0 Cross Site Scripting
14.11.2017
icardo Sanchez
Low
WordPress Appointments 2.2.2.2 Cross Site Scripting
14.11.2017
Ricardo Sanchez
Low
Vtwo cms Cross Site Scripting(Reflected) vulnerability
13.11.2017
IRANIAN ETHICAL HACKER...
Low
HindSoft Technology Cross Site Scripting
11.11.2017
SonnySpooks
Low
WordPress Secure HTML5 Video Player 3.14 Cross Site Scripting
10.11.2017
Ricardo Sanchez
Low
WordPress Ultimate Instagram Feed 1.2 Cross Site Scripting
09.11.2017
OmarK


CVEMAP Search Results

CVE
Details
Description
2018-01-08
Low
CVE-2018-5286

Vendor: Gd rating system project
Software: Gd rating system
 

 
The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-about page.

 
Low
CVE-2018-5288

Vendor: Gd rating system project
Software: Gd rating system
 

 
The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page.

 
Low
CVE-2018-5292

Vendor: Gd rating system project
Software: Gd rating system
 

 
The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-information page.

 
Low
CVE-2018-5293

Vendor: Gd rating system project
Software: Gd rating system
 

 
The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-tools page.

 
2018-01-05
Low
CVE-2018-5249

Vendor: Shaarli project
Software: Shaarli
 

 
Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 and 0.9.x before 0.9.3 allows remote attackers to inject arbitrary code via the login form's username field (aka the login parameter to the ban_canLogin function in index.php).

 
2018-01-04
Low
CVE-2018-1190

Vendor: Pivotal
Software: Cf-release
 

 
An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0. A cross-site scripting (XSS) attack is possible in the clientId parameter of a request to the UAA OpenID Connect check session iframe endpoint used for single logout session management.

 
Low
CVE-2017-17837

Vendor: Apache
Software: Deltaspike
 

 
The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The default size of the windowId get's cut off after 10 characters (by default), so the impact might be limited. A fix got applied and released in Apache deltaspike-1.8.1.

 
Low
CVE-2017-1673

Vendor: IBM
Software: Security key...
 

 
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133640.

 
Low
CVE-2018-5212

Vendor: Simple download monitor project
Software: Simple downl...
 

 
The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload_thumbnail (aka File Thumbnail) parameter in an edit action to wp-admin/post.php.

 
Low
CVE-2018-5213

Vendor: Simple download monitor project
Software: Simple downl...
 

 
The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload (aka Downloadable File) parameter in an edit action to wp-admin/post.php.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top