The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2018-20136 | XSS exists in FUEL CMS 1.4.3 via the Header or Body in the Layout Variables during new-page creation, as demonstrated by the pages/edit/1?lang=english URI. | LOW | Dec 13, 2018 | n/a |
| CVE-2018-20137 | XSS exists in FUEL CMS 1.4.3 via the Page title, Meta description, or Meta keywords during page data management, as demonstrated by the pages/edit/1?lang=english URI. | LOW | Dec 13, 2018 | n/a |
| CVE-2018-19649 | XSS exists in InfoVista VistaPortal SE Version 5.1 (build 51029). VPortal/mgtconsole/RolePermissions.jsp has reflected XSS via the ConnPoolName parameter. | MEDIUM | Dec 17, 2018 | n/a |
| CVE-2020-23644 | XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php. | MEDIUM | Jan 13, 2021 | n/a |
| CVE-2020-23643 | XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/WechatController.php. | MEDIUM | Jan 13, 2021 | n/a |
| CVE-2019-6278 | XSS exists in JPress v1.0.4 via Markdown input, or Markdown input with the code input option. | LOW | Jan 14, 2019 | n/a |
| CVE-2019-18883 | XSS exists in Lavalite CMS 5.7 via the admin/profile name or designation field. | MEDIUM | Nov 14, 2019 | n/a |
| CVE-2017-12648 | XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL. | Medium | Aug 9, 2017 | n/a |
| CVE-2016-10404 | XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect field to modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp. | Medium | Aug 9, 2017 | n/a |
| CVE-2017-12649 | XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted title or summary that is mishandled in the Web Content Display. | Medium | Aug 9, 2017 | n/a |
| CVE-2017-12647 | XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base article title. | Medium | Aug 9, 2017 | n/a |
| CVE-2017-12646 | XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, password, or e-mail address. | Medium | Aug 9, 2017 | n/a |
| CVE-2017-12645 | XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid portletId. | Medium | Aug 9, 2017 | n/a |
| CVE-2023-46287 | XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php. | -- | Oct 20, 2023 | n/a |
| CVE-2017-15305 | XSS exists in NexusPHP 1.5 via the keyword parameter to messages.php. | MEDIUM | Oct 14, 2017 | n/a |
| CVE-2019-13564 | XSS exists in Ping Identity Agentless Integration Kit before 1.5. | MEDIUM | Jul 12, 2019 | n/a |
| CVE-2020-14073 | XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScript code. This can be exploited against any user with View Maps or Edit Maps access. | LOW | Jun 26, 2020 | n/a |
| CVE-2019-7420 | XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in \"/sws.application/information/networkinformationView.sws\" in the tabName parameter. | MEDIUM | Mar 26, 2019 | n/a |
| CVE-2019-7421 | XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in \"/sws.login/gnb/loginView.sws\" in multiple parameters: contextpath and basedURL. | MEDIUM | Mar 26, 2019 | n/a |
| CVE-2019-7419 | XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in \"/sws/leftmenu.sws\" in multiple parameters: ruiFw_id, ruiFw_pid, ruiFw_title. | MEDIUM | Mar 26, 2019 | n/a |
| CVE-2019-7418 | XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in \"/sws/swsAlert.sws\" in multiple parameters: flag, frame, func, and Nfunc. | MEDIUM | Mar 26, 2019 | n/a |
| CVE-2019-12313 | XSS exists in Shave before 2.5.3 because output encoding is mishandled during the overwrite of an HTML element. | MEDIUM | May 28, 2019 | n/a |
| CVE-2018-19614 | XSS exists in the /cmdexec/cmdexe?cmd= function in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers. | MEDIUM | May 24, 2019 | n/a |
| CVE-2019-11543 | XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1. | MEDIUM | Apr 29, 2019 | n/a |
| CVE-2018-19439 | XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). helpwindow.jsp has reflected XSS via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter. | MEDIUM | Dec 13, 2018 | n/a |
| CVE-2017-17059 | XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts or wp-thumb-post) plugin 8.1.3 for WordPress via the query string to amtyThumbPostsAdminPg.php. | MEDIUM | Nov 29, 2017 | n/a |
| CVE-2017-7257 | XSS exists in the CMS Made Simple (CMSMS) 2.1.6 Content-->News-->Add Article feature via the m1_content parameter. Someone must login to conduct the attack. | LOW | Mar 24, 2017 | n/a |
| CVE-2017-7256 | XSS exists in the CMS Made Simple (CMSMS) 2.1.6 Content-->News-->Add Article feature via the m1_summary parameter. Someone must login to conduct the attack. | LOW | Mar 24, 2017 | n/a |
| CVE-2017-7255 | XSS exists in the CMS Made Simple (CMSMS) 2.1.6 Content-->News-->Add Article feature via the m1_title parameter. Someone must login to conduct the attack. | LOW | Mar 24, 2017 | n/a |
| CVE-2017-15380 | XSS exists in the E-Sic 1.0 /cadastro/index.php URI (aka the requester's registration area) via the nome parameter. | MEDIUM | Oct 23, 2017 | n/a |
| CVE-2019-12741 | XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library before 3.8.0. The attack involves unsanitized HTTP parameters being output in a form page, allowing attackers to leak cookies and other sensitive information from ca/uhn/fhir/to/BaseController.java via a specially crafted URL. (This module is not generally used in production systems so the attack surface is expected to be low, but affected systems are recommended to upgrade immediately.) | MEDIUM | Jun 6, 2019 | n/a |
| CVE-2019-12345 | XSS exists in the Kiboko Hostel plugin before 1.1.4 for WordPress. | MEDIUM | May 28, 2019 | n/a |
| CVE-2017-0378 | XSS exists in the login_form function in views/helpers.php in Phamm before 0.6.7, exploitable via the PATH_INFO to main.php. | MEDIUM | Jul 20, 2017 | n/a |
| CVE-2018-18374 | XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter. | LOW | Oct 15, 2018 | n/a |
| CVE-2020-26120 | XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery\'s parseHTML method, which can cause image callbacks to fire even without the element being appended to the DOM. | MEDIUM | Oct 5, 2020 | n/a |
| CVE-2018-18276 | XSS exists in the ProFiles 1.5 component for Joomla! via the name or path parameter when creating a new folder in the administrative panel. | LOW | Apr 27, 2019 | n/a |
| CVE-2020-8498 | XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privileges of other users (e.g., ones who have the publish_posts capability). | LOW | Feb 3, 2020 | n/a |
| CVE-2015-9270 | XSS exists in the the-holiday-calendar plugin before 1.11.3 for WordPress via the thc-month parameter. | MEDIUM | Oct 1, 2018 | n/a |
| CVE-2018-18017 | XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter. | MEDIUM | Apr 15, 2019 | n/a |
| CVE-2018-18019 | XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-slides&method=save Slide[title], Slide[media_file], or Slide[image_url] parameter. | MEDIUM | Oct 6, 2018 | n/a |
| CVE-2020-12635 | XSS exists in the WebForms Pro M2 extension before 2.9.17 for Magento 2 via the textarea field. | MEDIUM | Jul 6, 2020 | n/a |
| CVE-2018-18460 | XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.php wplivechat-menu-gdpr-page request. | MEDIUM | Oct 18, 2018 | n/a |
| CVE-2018-18082 | XSS exists in Waimai Super Cms 20150505 via the fname parameter to the admin.php?m=Food&a=addsave or admin.php?m=Food&a=editsave URI. | MEDIUM | Oct 9, 2018 | n/a |
| CVE-2019-14427 | XSS exists in WEB STUDIO Ultimate Loan Manager 2.0 by adding a branch under the Branches button that sets the notes parameter with crafted JavaScript code. | MEDIUM | Aug 26, 2019 | n/a |
| CVE-2020-12670 | XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A malicious user can send any JavaScript payload into the message body and execute it if the user decides to save that email. | MEDIUM | Oct 16, 2020 | n/a |
| CVE-2018-17832 | XSS exists in WUZHI CMS 2.0 via the index.php v or f parameter. | MEDIUM | Oct 3, 2018 | n/a |
| CVE-2019-9107 | XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecut&v=init&imgurl=[XSS] to coreframe/app/attachment/imagecut.php. | MEDIUM | Mar 20, 2019 | n/a |
| CVE-2019-9110 | XSS exists in WUZHI CMS 4.1.0 via index.php?m=content&f=postinfo&v=listing&set_iframe=[XSS] to coreframe/app/content/postinfo.php. | MEDIUM | Mar 20, 2019 | n/a |
| CVE-2019-9108 | XSS exists in WUZHI CMS 4.1.0 via index.php?m=core&f=map&v=baidumap&x=[XSS]&y=[XSS] to coreframe/app/core/map.php. | MEDIUM | Mar 20, 2019 | n/a |
| CVE-2019-9109 | XSS exists in WUZHI CMS 4.1.0 via index.php?m=message&f=message&v=add&username=[XSS] to coreframe/app/message/message.php. | MEDIUM | Mar 20, 2019 | n/a |
