CWE:
 

Topic
Date
Author
Low
Yab Quarx 2.4.3 Cross Site Scripting
21.02.2018
Preethi Koroth
Low
Kentico CMS 11 Cross Site Scripting
19.02.2018
Keerati T.
Low
F-Secure Radar Cross Site Scripting
17.02.2018
Oscar Hjelm
Med.
Dell EMC Isilon OneFS XSS / Code Execution / CSRF
16.02.2018
CORE
Low
WordPress UltimateMember 2.0 Cross Site Scripting
16.02.2018
Aloyce J. Makalanga
Low
userSpice 4.3 Cross-Site Scripting
15.02.2018
Dolev Farhi
Low
LogicalDOC Enterprise 7.7.4 Reflected Cross-Site Scripting Vulnerabilities
12.02.2018
Gjoko 'LiquidWorm' Krs...
Low
Sonatype Nexus Repository Manager OSS/Pro 2.14.5 / 3.7.1 XSS
09.02.2018
SEC Consult
Low
Doctor Search Script 1.0.2 Persistent Cross-Site Scripting
08.02.2018
Prasenjit Kanti Paul
Low
Multilanguage Real Estate MLM Script Persistent Cross-Site Scripting
08.02.2018
Prasenjit Kanti Paul
Low
PHP Scripts Mall Doctor Search Script 1.0.2 Cross Site Scripting
08.02.2018
Prasenjit Kanti Paul
Low
Hot Script Clone Script Classified 3.1 Cross Site Scripting
08.02.2018
Prasenjit Kanti Paul
Low
Multilanguage Real Estate MLM Script 3.0 Cross Site Scripting
08.02.2018
Prasenjit Kanti Paul
High
Kaspersky Secure Mail Gateway 1.1.0.379 CSRF / Code Execution
07.02.2018
CORE
Low
Online food ordering platform 3.18 xss Vulnerability
05.02.2018
indoushka
Low
Streamo - Online Radio And Tv Streaming CMS XSS vulnerability
03.02.2018
indoushka
Low
Voodoo Chat 2.1.0 xss Vulnerability
02.02.2018
indoushka
Low
WordPress Propertyhive 1.4.14 Cross Site Scripting
31.01.2018
Ricardo Sanchez
Low
Persian Link cms Stored xss vulnerability
30.01.2018
IRANIAN ETHICAL HACKER...
Med.
WordPress Splashing Images 2.1 Cross Site Scripting / PHP Object Injection
30.01.2018
Nicolas Buzy-Debat
Low
Automatic Link Box CMS cross site scripting (stored) vulnerability
29.01.2018
IRANIAN ETHICAL HACKER...
Low
Flexible Poll version 1.2 XSS Vulnerability
26.01.2018
indoushka
Low
LiveCRM SaaS Cloud version 1.0 XSS Vulnerability
26.01.2018
indoushka
High
Oracle Financial Services Analytical Applications 7.3.5.x / 8.0.x XXE Injection / XSS
24.01.2018
SEC Consult
Low
CMS Made Simple 2.2.5 moduleinterface.php m1_errors Cross Site Scripting
24.01.2018
Kyaw Min Thein
Low
Acadmic Microsoft - API Query Filter Cross Site Scripting Vulnerability
22.01.2018
Vulnerability Lab
Low
CentOS Web Panel 0.9.8.12 Cross Site Scripting
22.01.2018
Vulnerability Lab
Low
Vodafone DE Cross Site Scripting
21.01.2018
Ismail Tasdelen
Low
video whisper conference XSS Vulnerability
21.01.2018
indoushka
Low
pinger XSS Vulnerability
21.01.2018
indoushka
Low
ADOdb < 4.71 Cross Site Scripting
20.01.2018
GulfTech
Low
Reservo Image Hosting Script 1.5 Cross Site Scripting
18.01.2018
Dennis Veninga
Low
SugarCRM 3.5.1 Cross Site Scripting
18.01.2018
Guilherme Assmann
Low
Doma all version xss Vulnerability
16.01.2018
indoushka
Low
ImgHosting 1.5 Cross Site Scripting
16.01.2018
Dennis Veninga
Low
Bonza Digital Cart Script version 1 XSS Vulnerability
15.01.2018
indoushka
Low
Piwigo 2.8.2 / 2.9.2 Cross Site Scripting
13.01.2018
Vulnerability Lab
Low
Joomla! Easydiscuss Cross Site Scripting
11.01.2018
Mattia Furlani
Low
WordPress MQ ReLinks 1.8 XSS / Open Redirection
11.01.2018
Ricardo Sanchez
Low
Office Tracker 11.2.5 Cross Site Scripting
09.01.2018
Nassim Asrir
Med.
AvantFAX 3.3.3 Cross Site Scripting
09.01.2018
Nassim Asrir
Low
SonicWall SonicOS NSA Web Firewall Cross Site Scripting
07.01.2018
Vulnerability Lab
Low
Gespage 7.4.8 Cross Site Scripting
07.01.2018
sysdream
Low
Grawlix 1.1.1 xss Vulnerability
05.01.2018
indoushka
Low
Your Doctor Medical And Doctor Website CMS 1.0 Cross Site Scripting
03.01.2018
ShanoWeb
Low
Ebook CMS 1.0 Cross Site Scripting
03.01.2018
ShanoWeb
Low
Career Portal 1.0 Cross Site Scripting
03.01.2018
ShanoWeb
Low
Lara Overflow 1.0 Cross Site Scripting
03.01.2018
ShanoWeb
Low
Eventsys Events Management System 1.0 Cross Site Scripting
03.01.2018
ShanoWeb
Low
Wikipedia Search Engine 1.0 Cross Site Scripting
31.12.2017
ShanoWeb
Low
Photo Fusion 1.0 Cross Site Scripting
31.12.2017
ShanoWeb
Med.
Chatting System PHP Ajax MySQL JavaScript 1.0 Cross Site Scripting
31.12.2017
ShanoWeb
Low
GoodTravel Travel And Locations 1.0 Cross Site Scripting
31.12.2017
ShanoWeb
Low
Bitcoin Cash Receive Payments 1.0 Cross Site Scripting
30.12.2017
ShanoWeb
Low
WBiz Desk 1.0 Cross Site Scripting
30.12.2017
ShanoWeb
Low
Class-Scheduling-System CMS - XSS Vulnerability
28.12.2017
9aylas
Low
Easy!Appointments v1.2.1 Multiple Stored XSS Vulnerabilities
28.12.2017
Gjoko 'LiquidWorm' Krs...
Low
XLAgenda 4.4 Xss vulnerability
27.12.2017
indoushka
Low
MyITCRM 1 0.2.9.3 XSS vulnerability
25.12.2017
indoushka
Low
mylittleforum-2.3.7 beta "mix_entry.php" XSS vulnerability
25.12.2017
indoushka
Low
codecanyon smmpanel XSS vulnerability
25.12.2017
indoushka
Low
Openupload 0.4.2 Xss vulnerability
25.12.2017
indoushka
Low
Zenbership Membership Software 107 XSS vulnerability
25.12.2017
indoushka
Low
Streamo - Online Radio And Tv Streaming CMS XSS vulnerability
24.12.2017
indoushka
Low
silverstripe v3.1.0 beta2 XSS vulnerability
24.12.2017
indoushka
Low
Seditio CMS version 1.7.5 HTML Injection vulnerability
24.12.2017
indoushka
Low
Dubai Iconcept LLC xss vulnerability
24.12.2017
indoushka
Low
ServersCheck Monitoring Software Cross Site Scripting
22.12.2017
Aloyce J. Makalanga
Low
Roommate And Real Estate Listing Classified Response 1.0 XSS
22.12.2017
ShanoWeb
Low
Trend Micro Smart Protection Server 3.2 XSS / Access Control / Disclosure
22.12.2017
CORE
Low
Online Hotel Booking System Pro 1.3 Cross Site Scripting
22.12.2017
ShanoWeb
Low
phpMars 1.0.9 Cross Site Scripting
22.12.2017
ShanoWeb
Low
WordPress Grifus 4.0.1 Cross Site Scripting
22.12.2017
Sajibe Kanti
Low
Ability Mail Server 3.3.2 Cross Site Scripting
21.12.2017
Aloyce J. Makalanga
Low
WordPress WebConnex Form Management 1.6.3 Cross Site Scripting
21.12.2017
Ricardo Sanchez
Low
WordPress Itinerary 1.0.0 Cross Site Scripting
21.12.2017
Ricardo Sanchez
Med.
TP-Link TL-SG108E XSS / Weak Access Control
20.12.2017
James McLean
Low
WordPress Concours 1.1 Cross Site Scripting
20.12.2017
Nicolas Buzy-Debat
Low
WordPress Custom Map 1.1 Cross Site Scripting
20.12.2017
Nicolas Buzy-Debat
Low
WordPress CSV Import-Export 1.1 Cross Site Scripting
20.12.2017
Nicolas Buzy-Debat
Low
Clockwork SMS Cross Site Scripting
19.12.2017
Elias Dimopoulos
Low
WordPress Yakadanda Google+ Hangout Events 0.3.7 XSS
19.12.2017
Ricardo Sanchez
Low
WordPress Sagepay Server Gateway For WooCommerce 1.0.7 XSS
18.12.2017
Ricardo Sanchez
Low
WordPress Wunderbar Basic 1.1.3 Cross Site Scripting
15.12.2017
Ricardo Sanchez
Low
WordPress Pinterest Badge 1.8.0 Cross Site Scripting
15.12.2017
Ricardo Sanchez
Low
WordPress WooPay Inicis 1.1.3 Cross Site Scripting
14.12.2017
Ricardo Sanchez
Low
WordPress Qiniu Cloudtuchuang 1.8 Cross Site Scripting
14.12.2017
Ricardo Sanchez
Low
WordPress WordApp Mobile 2.0.3 Cross Site Scripting
14.12.2017
Ricardo Sanchez
Low
WordPress Smart Marketing SMS And Newsletters Forms 1.1.1 XSS
06.12.2017
Ricardo Sanchez
Low
WordPress WP Mailster 1.5.4.0 Cross Site Scripting
06.12.2017
Ricardo Sanchez
Low
WordPress Z-URL Preview 1.6.1 Cross Site Scripting
06.12.2017
Ricardo Sanchez
Low
WordPress 3rd-Party Inject Results 0.2 Cross Site Scripting
06.12.2017
Ricardo Sanchez
Low
Jenkins stored cross-site scripting vulnerability
05.12.2017
Daniel Beck
Low
FortiGate SSL VPN Portal 5.x Cross Site Scripting
04.12.2017
Stefan Viehböck
High
OpenEMR 5.0.0 Command Injection / Cross Site Scripting
04.12.2017
Jasveer
Low
Mist Server v2.12 Unauthenticated Persistent XSS
01.12.2017
hyp3rlinx
Low
ZKTeco ZKTime Web 2.0.1.12280 Cross Site Scripting
01.12.2017
Himanshu Mehta
Low
CMS Made Simple 2.1.6 Cross Site Scripting / Template Injection
29.11.2017
Ziyahan Albeniz
Low
CommuniGatePro 6.1.16 Cross Site Scripting
26.11.2017
Boumediene KADDOUR
Low
earth.google.com cross site scripting
25.11.2017
Hosein)root


CVEMAP Search Results

CVE
Details
Description
2018-02-07
Low
CVE-2017-5124

Vendor: Google
Software: Chrome
 

 
Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page.

 
2018-02-06
Low
CVE-2018-6291

Vendor: Kaspersky
Software: Secure mail ...
 

 
WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1.

 
2018-02-03
Low
CVE-2017-17703

Updating...
 

 
Synacor Zimbra Collaboration Suite (ZCS) before 8.8.3 has Persistent XSS.

 
Low
CVE-2017-8783

Updating...
 

 
Synacor Zimbra Collaboration Suite (ZCS) before 8.7.10 has Persistent XSS.

 
2018-02-02
Low
CVE-2018-6545

Vendor: Ipswitch
Software: Moveit
 

 
Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability, as demonstrated by human.aspx. Attackers can leverage this vulnerability to send malicious messages to other users in order to steal session cookies and launch client-side attacks.

 
Low
CVE-2018-6550

Vendor: Monstra
Software: Monstra
 

 
Monstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php.

 
Low
CVE-2017-18034

Vendor: Atlassian
Software: Crucible
 

 
The source browse resource in Atlassian FishEye and Crucible before version 4.5.1 and 4.6.0 allows allows remote attackers that have write access to an indexed repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in via a specially crafted repository branch name when trying to display deleted files of the branch.

 
Low
CVE-2017-18039

Vendor: Atlassian
Software: JIRA
 

 
The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter.

 
Low
CVE-2017-18040

Vendor: Atlassian
Software: Bamboo
 

 
The viewDeploymentVersionCommits resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.

 
Low
CVE-2017-18041

Vendor: Atlassian
Software: Bamboo
 

 
The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a release.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top