Vulnerabilities (CVE)

Filtered by CWE-79
Total 36952 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-7405 1 Zohocorp 1 Manageengine Eventlog Analyzer 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) in Zoho ManageEngine EventLog Analyzer before 11.12 Build 11120 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-7355 1 Zte 4 Mf65, Mf65 Firmware, Mf65m1 and 1 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scripting vulnerability. Due to improper neutralization of input during web page generation, an attacker could exploit this vulnerability to conduct reflected XSS or HTML injection attacks on the devices.
CVE-2018-7303 1 Tiki 1 Tikiwiki Cms\/groupware 2024-11-21 3.5 LOW 5.4 MEDIUM
The Calendar component in Tiki 17.1 allows HTML injection.
CVE-2018-7302 1 Tiki 1 Tiki 2024-11-21 3.5 LOW 5.4 MEDIUM
Tiki 17.1 allows upload of a .PNG file that actually has SVG content, leading to XSS.
CVE-2018-7290 1 Tiki 1 Tikiwiki Cms\/groupware 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, and 18.1.
CVE-2018-7280 1 Ninjaforms 1 Ninja Forms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The Ninja Forms plugin before 3.2.14 for WordPress has XSS.
CVE-2018-7278 1 Rletech 4 Fds-pc, Fds-pc-dp, Fds-pc-dp Firmware and 1 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered on RLE Protocol Converter FDS-PC / FDS-PC-DP 2.1 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP.
CVE-2018-7277 1 Rletech 4 Fds-wi, Fds-wi Firmware, Wi-mgr and 1 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered on RLE Wi-MGR/FDS-Wi 6.2 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP.
CVE-2018-7274 1 Quarx Cms Project 1 Quarx Cms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Yab Quarx through 2.4.3 is prone to multiple persistent cross-site scripting vulnerabilities: Blog (Title), FAQ (Question), Pages (Title), Widgets (Name), and Menus (Name).
CVE-2018-7265 1 Shimmie2 Project 1 Shimmie2 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Shimmie 2 2.6.0 allows an attacker to upload a crafted SVG file that enables stored XSS.
CVE-2018-7261 1 Radiantcms 1 Radiant Cms 2024-11-21 3.5 LOW 5.4 MEDIUM
There are multiple Persistent XSS vulnerabilities in Radiant CMS 1.1.4. They affect Personal Preferences (Name and Username) and Configuration (Site Title, Dev Site Domain, Page Parts, and Page Fields).
CVE-2018-7260 1 Phpmyadmin 1 Phpmyadmin 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVE-2018-7205 1 Kentico 1 Kentico Cms 2024-11-21 3.5 LOW 4.8 MEDIUM
Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 through 11 allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link that is entered via the "Pages -> Edit template properties -> Device Layouts -> Create device layout (and edit created device layout) -> Design" screens. NOTE: the vendor has responded that there is intended functionality for authorized users to edit and update ascx code layout
CVE-2018-7203 1 Lynxtechnology 1 Twonky Server 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/set_all.
CVE-2018-7202 1 Projectsend 1 Projectsend 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in ProjectSend before r1053. XSS exists in the "Name" field on the My Account page.
CVE-2018-7198 1 Octobercms 1 October 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page.
CVE-2018-7197 1 Pluck-cms 1 Pluck 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Pluck through 4.7.4. A stored cross-site scripting (XSS) vulnerability allows remote unauthenticated users to inject arbitrary web script or HTML into admin/blog Reaction Comments via a crafted URL.
CVE-2018-7196 1 Osticket 1 Osticket 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "sort" parameter.
CVE-2018-7193 1 Osticket 1 Osticket 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "order" parameter.
CVE-2018-7192 1 Osticket 1 Osticket 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "message" parameter.