CWE:
 

Topic
Date
Author
Low
MyBB New Threads 1.1 Cross Site Scripting
20.07.2018
0xB9
Low
Barracuda Cloud Control 7.1.1.003 Cross Site Scripting
19.07.2018
Vulnerability Lab
Low
Barracuda Cloud Control 3.020 Cross Site Scripting
19.07.2018
Vulnerability Lab
Low
GhostMail Filename To Link Script Insertion
19.07.2018
Vulnerability Lab
Low
Open-AudIT Community 2.1.1 Cross Site Scripting
19.07.2018
Ranjeet Jaiswal
Low
PHP Whois Script Cross Site Scripting Vulnerability
18.07.2018
IRANIAN ETHICAL HACKER...
Low
Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway XSS
17.07.2018
LiquidWorm
Low
OpenConext-EngineBlock 5.7.3 Cross Site Scripting
14.07.2018
Andrew Klaus
Low
AT&T Bizcircle Cross Site Scripting
12.07.2018
Benjamin Kunz Mejri
High
WAGO e!DISPLAY 7300T XSS / File Upload / Code Execution
12.07.2018
T. Weber
Low
ASUS WRT-AC66U 3.x Cross Site Scripting
12.07.2018
Vulnerability Lab
Low
Barracuda ADC 5.x - Filter Bypass & Persistent Validation Vulnerability
12.07.2018
Vulnerability Lab
Low
─░talia Mediasky Xss Vulnerability
10.07.2018
indoushka
Low
Instagram-clone script 2.0 - Persistent cross site scripting
08.07.2018
L0RD
Low
SeoChecker 1.9.2 Cross Site Scripting
08.07.2018
Ahmed Elhady Mohamed
Low
Subrion CMS 4.2.1 Cross Site Scripting
08.07.2018
Ismail Tasdelen
Low
BD Schools xss Vulnerability
06.07.2018
indoushka
Low
Nextpost 4.1 - Cross-Site Scripting
02.07.2018
UltraSecurityTeam
Med.
OX App Suite 7.8.4 XSS / XML Injection / Information Disclosure
02.07.2018
Secator
Low
extjs getTip() Cross Site Scripting
02.07.2018
Daniel Fritsch
Low
Eden Design Xss Vulnerability
01.07.2018
indoushka
Low
ERPnext 11.x.x XSS via file uploads upload Vulnerability
28.06.2018
indoushka
Low
Digisol DG-BR4000NG Cross Site Scripting
26.06.2018
Adipta Basu
Low
bbPress 2.5.14 - Cross Site Scripting Vulnerability
25.06.2018
Iran Cyber Security Gr...
Low
CheckSec Canopy Cross Site Scripting
20.06.2018
ryantzj
Low
Samsung Web Viewer For Samsung DVR Cross Site Scripting
14.06.2018
Yavuz Atlas
Low
Canon PrintMe EFI Cross Site Scripting
13.06.2018
Huy Kha
Low
WordPress Tooltipy 5.0 Cross Site Scripting
13.06.2018
Tom Adams
Low
userSpice 4.3.24 X-Forwarded-For Cross Site Scripting
12.06.2018
Dolev Farhi
Med.
OX App Suite 7.8.4 XSS / Privilege Management / SSRF / Traversal
12.06.2018
Martin Heiland
High
ClassLink OneClick Browser Extension / Agent Universal XSS / Remote Code Execution
12.06.2018
EdTech Secure
Low
ESPN Cross Site Scripting
12.06.2018
Ismail Doe
Low
Ignite Realtime Openfire 3.7.1 Cross Site Scripting
06.06.2018
Yavuz Atlas
Low
MyBB Recent Threads 1.0 Cross Site Scripting
05.06.2018
0xB9
Low
EMS Master Calendar Cross Site Scripting
05.06.2018
Chris Barretto
Low
AXON PBX 2.02 Cross Site Scripting
01.06.2018
Himanshu Mehta
Low
PageKit CMS 1.0.13 Cross Site Scripting
01.06.2018
Jason Perry
Low
Brother HL-L2340D / HL-L2380DW Cross Site Scripting
01.06.2018
Huy Kha
Med.
CSV Import And Export 1.1.0 Cross Site Scripting / SQL Injection
01.06.2018
Kagan Capar
Med.
New STAR 2.1 Cross Site Scripting / SQL Injection
01.06.2018
Kagan Capar
Low
Software Advice 1.0 Cross Site Scripting
31.05.2018
Ismail Tasdelen
Low
Designed by ATOM STUDIO XSS Vulnerability
30.05.2018
Bl4ck M4n
Low
Ruckus (Brocade) ICX7450-48 Reflected Cross Site Scripting
28.05.2018
Yavuz Atlas
Med.
SAP Internet Transaction Server 6200.x Session Fixation / Cross Site Scripting
28.05.2018
J. Carillo Lencina
Low
EasyService Billing 1.0 Cross-Site Scripting
28.05.2018
Divya Jain
Low
MyBB Moderator Log Notes 1.1 Cross Site Scripting
27.05.2018
0xB9
Med.
MySQL Smart Reports 1.0 Cross Site Scripting / SQL Injection
24.05.2018
Ozkan Mustafa Akkus
Low
Monstra CMS 3.0.4 Reflected XSS
21.05.2018
Ismail Tasdelen
Low
Monstra CMS 3.0.4 Stored XSS
21.05.2018
Ismail Tasdelen
Med.
Joomla EkRishta 2.10 Cross Site Scripting / SQL Injection
21.05.2018
Sina Kheirkhah
Low
Healwire Online Pharmacy 3.0 Cross Site Request Forgery / Cross Site Scripting
19.05.2018
Borna Nematzadeh
Low
Siemens SIMATIC Panels Cross Site Request Forgery / Cross Site Scripting
19.05.2018
t4rkd3vilz
Low
Rockwell Scada System 27.011 Cross Site Scripting
18.05.2018
t4rkd3vilz
Low
Multiplayer BlackJack Online Casino Game 2.5 Cross Site Scripting
17.05.2018
L0RD
Low
VirtueMart 3.1.14 Cross Site Scripting
17.05.2018
Mattia Furlani
Low
GD bbPress 2.5 Cross Site Scripting
15.05.2018
Luigi Gubello
High
MyBiz MyProcureNet 5.0.0 File Upload / Cross Site Scripting
15.05.2018
Fikri Fadzil
Low
Open-AudIT Community 2.2.0 Cross Site Scripting
14.05.2018
Tejesh Kolisetty
Low
Open-AudIT Professional 2.1.1 Cross Site Scripting
14.05.2018
Tejesh Kolisetty
Low
Wuzhi CMS 4.1.0 Cross Site Scripting
14.05.2018
jiguang
Low
Developed By SM SOFT TECH CMS - Cross Site Scripting
12.05.2018
mr.Gh0st N@0b
Low
MyBB Latest Posts On Profile 1.1 Cross Site Scripting
10.05.2018
0xB9
Low
phpVirtualBox 5.2 Cross Site Request Forgery / Cross Site Scripting
10.05.2018
Codex Lynx
Low
Easy Hosting Control Panel 0.37.12.b Cross Site Scripting Cookie Theft
09.05.2018
hyp3rlinx
Low
Easy Hosting Control Panel 0.37.12.b Cross Site Scripting Add FTP Account
09.05.2018
hyp3rlinx
Low
Gap messenger market section Reflected-XSS
06.05.2018
Ali Abdollahi
Med.
TP-Link EAP Controller CSRF / Hard-Coded Key / XSS
04.05.2018
Core
Low
Flexense DiskBoss 9.1.16 Cross Site Scripting
03.05.2018
Francisco Javier Santi...
Low
marasem admin/login.asp XSS Vulnerability
30.04.2018
Bl4ck M4n
Low
Design by Chichen Cross Site Sripting
29.04.2018
Mehdi Razmjoo
Low
MyBB Threads To Link 1.3 Cross Site Scripting
28.04.2018
0xB9
Low
WordPress UK Cookie Consent 2.3.9 Cross Site Scripting
28.04.2018
B0UG
Low
October CMS User 1.4.5 Cross Site Scripting
27.04.2018
0xB9
Low
Quixplorer 2.4.1 Beta Cross Site Scripting
25.04.2018
Adriano Marcio Monteir...
Low
Monstra cms 3.0.4 Persitent Cross-Site Scripting
24.04.2018
Wenming Jiang
Low
Seagate Media Server SRN21C Cross Site Scripting
20.04.2018
Yorick Koster
Low
Geist WatchDog Console 3.2.2 XSS / XML Injection / Insecure Permissions
19.04.2018
bzyo
Med.
MySQL Squid Access Report 2.1.4 Cross Site Scripting / SQL Injection
19.04.2018
Keerati T.
Low
D-Link DIR-615 Persistent Cross Site Scripting
17.04.2018
Sayan Chatterjee
Low
Joomla! Component jDownloads 3.2.58 Cross Site Scripting
17.04.2018
Sureshbabu Narvaneni
Low
Nielsen Wordpress Theme Xss Stored Exploit
14.04.2018
GIST
Low
WordPress Plugin WordPress File Upload 4.3.3 Stored XSS
11.04.2018
ManhNho
Low
OCS Inventory NG ocsreports 2.4 Cross Site Scripting
11.04.2018
Simon Bieber
Low
WordPress Activity Logs 2.4.0 Cross Site Scripting
11.04.2018
Stefan Broeder
Low
MyBB Recent Threads On Index 17.0 Cross Site Scripting
10.04.2018
Perileos
Low
Yahei PHP Prober 0.4.7 Cross Site Scripting
10.04.2018
ManhNho
Low
KYOCERA Net Admin 3.4 Multiple XSS Vulnerabilities
09.04.2018
Gjoko 'LiquidWorm' Krs...
Low
Gap Messenger Cross Site Scripting Vulnerability
09.04.2018
Milad Ahmadi
Low
Web services and hosting by ArkansasWeb.com Cross Site Scripting
09.04.2018
Mehdi Razmjoo
Low
Video Downloader Universal Cross Site Scripting
07.04.2018
Tavis Ormandy
Low
GetSimple CMS 3.3.13 Cross Site Scripting
06.04.2018
Sureshbabu Narvaneni
Low
Z-Blog 1.5.1.1740 Cross Site Scripting
06.04.2018
zzw
Low
YzmCMS 3.6 Cross Site Scripting
06.04.2018
zzw
Low
Joomla JS Jobs 1.2.0 Cross Site Scripting
06.04.2018
Sureshbabu Narvaneni
Low
MyBB Downloads 2.0.3 Cross Site Scripting
06.04.2018
0xB9
Low
Rockwell LOGIX 5324 ER Cross Site Scripting
04.04.2018
Sezai Ali HOROZOGLU
Low
EBSCO University Library System Reflected XSS
02.04.2018
Ismail Tasdelen
Low
Pwnie Express Reflected XSS
31.03.2018
Ismail Tasdelen
Low
MyBB Plugin Last Users Threads in Profile Plugin 1.2 Persistent Cross-Site Scripting
28.03.2018
0xB9
Low
AEF CMS 1.0.9 Cross Site Scripting
27.03.2018
Benjamin Kunz Mejri


CVEMAP Search Results

CVE
Details
Description
2018-06-11
Low
CVE-2017-7839

Vendor: Mozilla
Software: Firefox
 

 
Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks where users are convinced to copy and paste text into the addressbar. This vulnerability affects Firefox < 57.

 
Low
CVE-2017-7834

Vendor: Mozilla
Software: Firefox
 

 
A "data:" URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when "data:" documents also inherited the context of the original page this would allow for potential cross-site scripting (XSS) attacks. This vulnerability affects Firefox < 57.

 
Low
CVE-2017-7840

Vendor: Mozilla
Software: Firefox
 

 
JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this JavaScript will be executed. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks if users were convinced to add malicious tags to bookmarks, export them, and then open the resulting file. This vulnerability affects Firefox < 57.

 
2018-06-07
Low
CVE-2018-0339

Vendor: Cisco
Software: Identity ser...
 

 
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some parameters passed to the web-based management interface. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf72309.

 
Low
CVE-2018-0149

Vendor: Cisco
Software: Integrated m...
 

 
A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to conduct a Document Object Model-based (DOM-based), stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or allow the attacker to access sensitive browser-based information on the affected device. Cisco Bug IDs: CSCvh12994.

 
Low
CVE-2018-0340

Vendor: Cisco
Software: Unified comm...
 

 
A vulnerability in the web framework of the Cisco Unified Communications Manager (Unified CM) software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of certain parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting certain malicious code. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvj00512.

 
Low
CVE-2018-12043

Vendor: Getsymphony
Software: Symphony
 

 
content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the pages content page.

 
Low
CVE-2018-12047

Vendor: Ximdex
Software: Ximdex
 

 
xfind/search in Ximdex 4.0 has XSS via the filter[n][value] parameters for non-negative values of n, as demonstrated by n equal to 0 through 12.

 
Low
CVE-2018-9177

Updating...
 

 
Twonky Server before 8.5.1 has XSS via a folder name on the Shared Folders screen.

 
2018-06-06
Low
CVE-2018-3716

Vendor: Simplehttpserver project
Software: Simplehttpserver
 

 
simplehttpserver node module suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top