CWE:
 

Topic
Date
Author
Low
Seagate Media Server SRN21C Cross Site Scripting
20.04.2018
Yorick Koster
Low
Geist WatchDog Console 3.2.2 XSS / XML Injection / Insecure Permissions
19.04.2018
bzyo
Med.
MySQL Squid Access Report 2.1.4 Cross Site Scripting / SQL Injection
19.04.2018
Keerati T.
Low
D-Link DIR-615 Persistent Cross Site Scripting
17.04.2018
Sayan Chatterjee
Low
Joomla! Component jDownloads 3.2.58 Cross Site Scripting
17.04.2018
Sureshbabu Narvaneni
Low
Nielsen Wordpress Theme Xss Stored Exploit
14.04.2018
GIST
Low
WordPress Plugin WordPress File Upload 4.3.3 Stored XSS
11.04.2018
ManhNho
Low
OCS Inventory NG ocsreports 2.4 Cross Site Scripting
11.04.2018
Simon Bieber
Low
WordPress Activity Logs 2.4.0 Cross Site Scripting
11.04.2018
Stefan Broeder
Low
MyBB Recent Threads On Index 17.0 Cross Site Scripting
10.04.2018
Perileos
Low
Yahei PHP Prober 0.4.7 Cross Site Scripting
10.04.2018
ManhNho
Low
KYOCERA Net Admin 3.4 Multiple XSS Vulnerabilities
09.04.2018
Gjoko 'LiquidWorm' Krs...
Low
Gap Messenger Cross Site Scripting Vulnerability
09.04.2018
Milad Ahmadi
Low
Web services and hosting by ArkansasWeb.com Cross Site Scripting
09.04.2018
Mehdi Razmjoo
Low
Video Downloader Universal Cross Site Scripting
07.04.2018
Tavis Ormandy
Low
GetSimple CMS 3.3.13 Cross Site Scripting
06.04.2018
Sureshbabu Narvaneni
Low
Z-Blog 1.5.1.1740 Cross Site Scripting
06.04.2018
zzw
Low
YzmCMS 3.6 Cross Site Scripting
06.04.2018
zzw
Low
Joomla JS Jobs 1.2.0 Cross Site Scripting
06.04.2018
Sureshbabu Narvaneni
Low
MyBB Downloads 2.0.3 Cross Site Scripting
06.04.2018
0xB9
Low
Rockwell LOGIX 5324 ER Cross Site Scripting
04.04.2018
Sezai Ali HOROZOGLU
Low
EBSCO University Library System Reflected XSS
02.04.2018
Ismail Tasdelen
Low
Pwnie Express Reflected XSS
31.03.2018
Ismail Tasdelen
Low
MyBB Plugin Last Users Threads in Profile Plugin 1.2 Persistent Cross-Site Scripting
28.03.2018
0xB9
Low
AEF CMS 1.0.9 Cross Site Scripting
27.03.2018
Benjamin Kunz Mejri
Low
Weblication CMS Core And Grid 12.6.24 Cross Site Scripting
27.03.2018
Benjamin Kunz Mejri
Low
WordPress Event Manager 5.8.1.1 Cross Site Scripting
27.03.2018
Luigi Gubello
Low
Zimbra Collaboration Suite 8.7.11_GA_1854 Cross Site Scripting
27.03.2018
Securify B.V.
Low
LDAP Account Manager 6.2 Cross Site Scripting
23.03.2018
Michal Kedzior
Low
Domaintrader 2.5.3 Cross Site Scripting
23.03.2018
Uladzislau Murashka
Low
pookmail v1 Xss Vulnerability
22.03.2018
indoushka
Low
Grav CMS 1.2.4 Cross Site Scripting
21.03.2018
Kevin Locati
Low
UVA-SOM Genesis Child Framework Based on BIMS 0.0.1 || Cross Site Scripting ( XSS ) Vulnerability
20.03.2018
Elsfa7-110
Low
Cross Site Scripting ( XSS ) Vulnerability in Cognolabs CMS
18.03.2018
Mehdi Razmjoo
Med.
SecurEnvoy SecurMail 9.1.501 XSS / CSRF / Traversal
13.03.2018
Wolfgang Ettlinger
Low
Photo Sharing Script Xss Vulnerability
09.03.2018
indoushka
Low
Bravo Tejari Web Portal Cross Site Scripting
07.03.2018
Arvind V.
Low
Magento User Info Cross Site Scripting
07.03.2018
DefenseCode
Low
Magento Downloadable Products Cross Site Scripting
07.03.2018
DefenseCode
Low
Magento Product Attributes Cross Site Scripting
07.03.2018
DefenseCode
Low
Routers2 2.24 Cross Site Scripting
28.02.2018
Lorenzo Di Fuccia
Low
Doorkeeper 4.2.5 Cross Site Scripting
26.02.2018
Justin Bull
Low
Yab Quarx 2.4.3 Cross Site Scripting
21.02.2018
Preethi Koroth
Low
Kentico CMS 11 Cross Site Scripting
19.02.2018
Keerati T.
Low
F-Secure Radar Cross Site Scripting
17.02.2018
Oscar Hjelm
Med.
Dell EMC Isilon OneFS XSS / Code Execution / CSRF
16.02.2018
CORE
Low
WordPress UltimateMember 2.0 Cross Site Scripting
16.02.2018
Aloyce J. Makalanga
Low
userSpice 4.3 Cross-Site Scripting
15.02.2018
Dolev Farhi
Low
LogicalDOC Enterprise 7.7.4 Reflected Cross-Site Scripting Vulnerabilities
12.02.2018
Gjoko 'LiquidWorm' Krs...
Low
Sonatype Nexus Repository Manager OSS/Pro 2.14.5 / 3.7.1 XSS
09.02.2018
SEC Consult
Low
Doctor Search Script 1.0.2 Persistent Cross-Site Scripting
08.02.2018
Prasenjit Kanti Paul
Low
Multilanguage Real Estate MLM Script Persistent Cross-Site Scripting
08.02.2018
Prasenjit Kanti Paul
Low
PHP Scripts Mall Doctor Search Script 1.0.2 Cross Site Scripting
08.02.2018
Prasenjit Kanti Paul
Low
Hot Script Clone Script Classified 3.1 Cross Site Scripting
08.02.2018
Prasenjit Kanti Paul
Low
Multilanguage Real Estate MLM Script 3.0 Cross Site Scripting
08.02.2018
Prasenjit Kanti Paul
High
Kaspersky Secure Mail Gateway 1.1.0.379 CSRF / Code Execution
07.02.2018
CORE
Low
Online food ordering platform 3.18 xss Vulnerability
05.02.2018
indoushka
Low
Streamo - Online Radio And Tv Streaming CMS XSS vulnerability
03.02.2018
indoushka
Low
Voodoo Chat 2.1.0 xss Vulnerability
02.02.2018
indoushka
Low
WordPress Propertyhive 1.4.14 Cross Site Scripting
31.01.2018
Ricardo Sanchez
Low
Persian Link cms Stored xss vulnerability
30.01.2018
IRANIAN ETHICAL HACKER...
Med.
WordPress Splashing Images 2.1 Cross Site Scripting / PHP Object Injection
30.01.2018
Nicolas Buzy-Debat
Low
Automatic Link Box CMS cross site scripting (stored) vulnerability
29.01.2018
IRANIAN ETHICAL HACKER...
Low
Flexible Poll version 1.2 XSS Vulnerability
26.01.2018
indoushka
Low
LiveCRM SaaS Cloud version 1.0 XSS Vulnerability
26.01.2018
indoushka
High
Oracle Financial Services Analytical Applications 7.3.5.x / 8.0.x XXE Injection / XSS
24.01.2018
SEC Consult
Low
CMS Made Simple 2.2.5 moduleinterface.php m1_errors Cross Site Scripting
24.01.2018
Kyaw Min Thein
Low
Acadmic Microsoft - API Query Filter Cross Site Scripting Vulnerability
22.01.2018
Vulnerability Lab
Low
CentOS Web Panel 0.9.8.12 Cross Site Scripting
22.01.2018
Vulnerability Lab
Low
Vodafone DE Multiple Vulns.
21.01.2018
Ismail Tasdelen
Low
video whisper conference XSS Vulnerability
21.01.2018
indoushka
Low
pinger XSS Vulnerability
21.01.2018
indoushka
Low
ADOdb < 4.71 Cross Site Scripting
20.01.2018
GulfTech
Low
Reservo Image Hosting Script 1.5 Cross Site Scripting
18.01.2018
Dennis Veninga
Low
SugarCRM 3.5.1 Cross Site Scripting
18.01.2018
Guilherme Assmann
Low
Doma all version xss Vulnerability
16.01.2018
indoushka
Low
ImgHosting 1.5 Cross Site Scripting
16.01.2018
Dennis Veninga
Low
Bonza Digital Cart Script version 1 XSS Vulnerability
15.01.2018
indoushka
Low
Piwigo 2.8.2 / 2.9.2 Cross Site Scripting
13.01.2018
Vulnerability Lab
Low
Joomla! Easydiscuss Cross Site Scripting
11.01.2018
Mattia Furlani
Low
WordPress MQ ReLinks 1.8 XSS / Open Redirection
11.01.2018
Ricardo Sanchez
Low
Office Tracker 11.2.5 Cross Site Scripting
09.01.2018
Nassim Asrir
Med.
AvantFAX 3.3.3 Cross Site Scripting
09.01.2018
Nassim Asrir
Low
SonicWall SonicOS NSA Web Firewall Cross Site Scripting
07.01.2018
Vulnerability Lab
Low
Gespage 7.4.8 Cross Site Scripting
07.01.2018
sysdream
Low
Grawlix 1.1.1 xss Vulnerability
05.01.2018
indoushka
Low
Your Doctor Medical And Doctor Website CMS 1.0 Cross Site Scripting
03.01.2018
ShanoWeb
Low
Ebook CMS 1.0 Cross Site Scripting
03.01.2018
ShanoWeb
Low
Career Portal 1.0 Cross Site Scripting
03.01.2018
ShanoWeb
Low
Lara Overflow 1.0 Cross Site Scripting
03.01.2018
ShanoWeb
Low
Eventsys Events Management System 1.0 Cross Site Scripting
03.01.2018
ShanoWeb
Low
Wikipedia Search Engine 1.0 Cross Site Scripting
31.12.2017
ShanoWeb
Low
Photo Fusion 1.0 Cross Site Scripting
31.12.2017
ShanoWeb
Med.
Chatting System PHP Ajax MySQL JavaScript 1.0 Cross Site Scripting
31.12.2017
ShanoWeb
Low
GoodTravel Travel And Locations 1.0 Cross Site Scripting
31.12.2017
ShanoWeb
Low
Bitcoin Cash Receive Payments 1.0 Cross Site Scripting
30.12.2017
ShanoWeb
Low
WBiz Desk 1.0 Cross Site Scripting
30.12.2017
ShanoWeb
Low
Class-Scheduling-System CMS - XSS Vulnerability
28.12.2017
9aylas
Low
Easy!Appointments v1.2.1 Multiple Stored XSS Vulnerabilities
28.12.2017
Gjoko 'LiquidWorm' Krs...
Low
XLAgenda 4.4 Xss vulnerability
27.12.2017
indoushka


CVEMAP Search Results

CVE
Details
Description
2018-04-12
Low
CVE-2018-10059

Vendor: Cacti
Software: Cacti
 

 
Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name.

 
Low
CVE-2018-10060

Vendor: Cacti
Software: Cacti
 

 
Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.

 
Low
CVE-2018-10061

Vendor: Cacti
Software: Cacti
 

 
Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used).

 
2018-04-11
Low
CVE-2018-10029

Vendor: Cmsmadesimple
Software: Cms made simple
 

 
CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_name parameter, related to moduledepends, a different vulnerability than CVE-2017-16799.

 
Low
CVE-2018-10032

Vendor: Cmsmadesimple
Software: Cms made simple
 

 
CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_version parameter.

 
Low
CVE-2018-10033

Vendor: Cmsmadesimple
Software: Cms made simple
 

 
CMS Made Simple (aka CMSMS) 2.2.7 has Stored XSS in admin/siteprefs.php via the metadata parameter.

 
2018-04-10
Low
CVE-2018-9925

Vendor: Icmsdev
Software: ICMS
 

 
An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists via the nickname field in an admincp.php?app=user&do=save&frame=iPHP request.

 
2018-04-04
Low
CVE-2018-9307

Vendor: Dsmall project
Software: Dsmall
 

 
dsmall v20180320 allows XSS via the pdr_sn parameter to public/index.php/home/predeposit/index.html.

 
2018-03-30
Low
CVE-2018-9130

Vendor: IBOS
Software: IBOS
 

 
IBOS 4.4.3 has XSS via a company full name.

 
Low
CVE-2018-9140

Vendor: Samsung
Software: Samsung mobile
 

 
On Samsung mobile devices with M(6.0) software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top