The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2018-18209 | XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_type parameter. | MEDIUM | Oct 10, 2018 |
CVE-2018-18210 | XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_url parameter. | MEDIUM | Oct 10, 2018 |
CVE-2018-10097 | XSS exists in Domain Trader 2.5.3 via the recoverlogin.php email_address parameter. | MEDIUM | Apr 16, 2018 |
CVE-2017-7723 | XSS exists in Easy WP SMTP (before 1.2.5), a WordPress Plugin, via the e-mail subject or body. | MEDIUM | Apr 24, 2017 |
CVE-2019-7677 | XSS exists in Enphase Envoy R3.*.* via the profileName parameter to the /home URI on TCP port 8888. | Medium | Feb 11, 2019 |
CVE-2019-7417 | XSS exists in Ericsson Active Library Explorer (ALEX) 14.3 in multiple parameters in the \"/cgi-bin/alexserv\" servlet, as demonstrated by the DB, FN, fn, or id parameter. | MEDIUM | Mar 26, 2019 |
CVE-2018-10564 | XSS exists in Flexense DiskPulse Enterprise from v10.4 to v10.7. | MEDIUM | May 2, 2018 |
CVE-2018-10565 | XSS exists in Flexense DiskSavvy Enterprise from v10.4 to v10.7. | MEDIUM | May 2, 2018 |
CVE-2018-10568 | XSS exists in Flexense DiskSorter Enterprise from v9.5.12 to v10.7. | MEDIUM | May 2, 2018 |
CVE-2018-10566 | XSS exists in Flexense DupScout Enterprise from v10.0.18 to v10.7. | MEDIUM | May 2, 2018 |
CVE-2018-10567 | XSS exists in Flexense VX Search Enterprise from v10.1.12 to v10.7. | MEDIUM | May 2, 2018 |
CVE-2018-20136 | XSS exists in FUEL CMS 1.4.3 via the Header or Body in the Layout Variables during new-page creation, as demonstrated by the pages/edit/1?lang=english URI. | LOW | Dec 13, 2018 |
CVE-2018-20137 | XSS exists in FUEL CMS 1.4.3 via the Page title, Meta description, or Meta keywords during page data management, as demonstrated by the pages/edit/1?lang=english URI. | LOW | Dec 13, 2018 |
CVE-2018-19649 | XSS exists in InfoVista VistaPortal SE Version 5.1 (build 51029). VPortal/mgtconsole/RolePermissions.jsp has reflected XSS via the ConnPoolName parameter. | MEDIUM | Dec 17, 2018 |
CVE-2020-23644 | XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php. | MEDIUM | Jan 13, 2021 |
CVE-2020-23643 | XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/WechatController.php. | MEDIUM | Jan 13, 2021 |
CVE-2019-6278 | XSS exists in JPress v1.0.4 via Markdown input, or Markdown input with the code input option. | LOW | Jan 14, 2019 |
CVE-2019-18883 | XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field. | MEDIUM | Nov 14, 2019 |
CVE-2017-12648 | XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL. | Medium | Aug 9, 2017 |
CVE-2016-10404 | XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect field to modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp. | Medium | Aug 9, 2017 |
CVE-2017-12649 | XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted title or summary that is mishandled in the Web Content Display. | Medium | Aug 9, 2017 |
CVE-2017-12647 | XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base article title. | Medium | Aug 9, 2017 |
CVE-2017-12646 | XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, password, or e-mail address. | Medium | Aug 9, 2017 |
CVE-2017-12645 | XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid portletId. | Medium | Aug 9, 2017 |
CVE-2023-46287 | XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php. | -- | Oct 20, 2023 |
CVE-2017-15305 | XSS exists in NexusPHP 1.5 via the keyword parameter to messages.php. | MEDIUM | Oct 14, 2017 |
CVE-2019-13564 | XSS exists in Ping Identity Agentless Integration Kit before 1.5. | MEDIUM | Jul 12, 2019 |
CVE-2020-14073 | XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScript code. This can be exploited against any user with View Maps or Edit Maps access. | LOW | Jun 26, 2020 |
CVE-2019-7420 | XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in \"/sws.application/information/networkinformationView.sws\" in the tabName parameter. | MEDIUM | Mar 26, 2019 |
CVE-2019-7421 | XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in \"/sws.login/gnb/loginView.sws\" in multiple parameters: contextpath and basedURL. | MEDIUM | Mar 26, 2019 |
CVE-2019-7419 | XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in \"/sws/leftmenu.sws\" in multiple parameters: ruiFw_id, ruiFw_pid, ruiFw_title. | MEDIUM | Mar 26, 2019 |
CVE-2019-7418 | XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in \"/sws/swsAlert.sws\" in multiple parameters: flag, frame, func, and Nfunc. | MEDIUM | Mar 26, 2019 |
CVE-2019-12313 | XSS exists in Shave before 2.5.3 because output encoding is mishandled during the overwrite of an HTML element. | MEDIUM | May 28, 2019 |
CVE-2018-19614 | XSS exists in the /cmdexec/cmdexe?cmd= function in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers. | MEDIUM | May 24, 2019 |
CVE-2019-11543 | XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1. | MEDIUM | Apr 29, 2019 |
CVE-2018-19439 | XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). helpwindow.jsp has reflected XSS via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter. | MEDIUM | Dec 13, 2018 |
CVE-2017-17059 | XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts or wp-thumb-post) plugin 8.1.3 for WordPress via the query string to amtyThumbPostsAdminPg.php. | MEDIUM | Nov 29, 2017 |
CVE-2017-7257 | XSS exists in the CMS Made Simple (CMSMS) 2.1.6 Content-->News-->Add Article feature via the m1_content parameter. Someone must login to conduct the attack. | LOW | Mar 24, 2017 |
CVE-2017-7256 | XSS exists in the CMS Made Simple (CMSMS) 2.1.6 Content-->News-->Add Article feature via the m1_summary parameter. Someone must login to conduct the attack. | LOW | Mar 24, 2017 |
CVE-2017-7255 | XSS exists in the CMS Made Simple (CMSMS) 2.1.6 Content-->News-->Add Article feature via the m1_title parameter. Someone must login to conduct the attack. | LOW | Mar 24, 2017 |
CVE-2017-15380 | XSS exists in the E-Sic 1.0 /cadastro/index.php URI (aka the requester's registration area) via the nome parameter. | MEDIUM | Oct 23, 2017 |
CVE-2019-12741 | XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library before 3.8.0. The attack involves unsanitized HTTP parameters being output in a form page, allowing attackers to leak cookies and other sensitive information from ca/uhn/fhir/to/BaseController.java via a specially crafted URL. (This module is not generally used in production systems so the attack surface is expected to be low, but affected systems are recommended to upgrade immediately.) | MEDIUM | Jun 6, 2019 |
CVE-2019-12345 | XSS exists in the Kiboko Hostel plugin before 1.1.4 for WordPress. | MEDIUM | May 28, 2019 |
CVE-2017-0378 | XSS exists in the login_form function in views/helpers.php in Phamm before 0.6.7, exploitable via the PATH_INFO to main.php. | MEDIUM | Jul 20, 2017 |
CVE-2018-18374 | XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter. | LOW | Oct 15, 2018 |
CVE-2020-26120 | XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery\'s parseHTML method, which can cause image callbacks to fire even without the element being appended to the DOM. | MEDIUM | Oct 5, 2020 |
CVE-2018-18276 | XSS exists in the ProFiles 1.5 component for Joomla! via the name or path parameter when creating a new folder in the administrative panel. | LOW | Apr 27, 2019 |
CVE-2020-8498 | XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privileges of other users (e.g., ones who have the publish_posts capability). | LOW | Feb 3, 2020 |
CVE-2015-9270 | XSS exists in the the-holiday-calendar plugin before 1.11.3 for WordPress via the thc-month parameter. | MEDIUM | Oct 1, 2018 |
CVE-2018-18017 | XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter. | MEDIUM | Apr 15, 2019 |