Total
36870 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16342 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| ShowDoc v1.8.0 has XSS via a new page. | |||||
| CVE-2018-16330 | 1 Ipandao | 1 Editor.md | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pandao Editor.md 1.5.0 allows XSS via crafted attributes of an invalid IMG element. | |||||
| CVE-2018-16327 | 1 Intelliants | 1 Subrion | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration. | |||||
| CVE-2018-16326 | 1 Phpscriptsmall | 1 Olx Clone | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Olx Clone 3.4.2 has XSS. | |||||
| CVE-2018-16325 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field. | |||||
| CVE-2018-16324 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field. | |||||
| CVE-2018-16316 | 1 Portainer | 1 Portainer | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored Cross-site scripting (XSS) vulnerability in Portainer through 1.19.1 allows remote authenticated users to inject arbitrary JavaScript and/or HTML via the Team Name field. | |||||
| CVE-2018-16313 | 1 Bludit | 1 Bludit | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Bludit 2.3.4 allows XSS via a user name. | |||||
| CVE-2018-16298 | 1 1234n | 1 Minicms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in MiniCMS 1.10. There is an mc-admin/post.php?tag= XSS vulnerability for a state=delete, state=draft, or state=publish request. | |||||
| CVE-2018-16285 | 1 Userproplugin | 1 Userpro | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userpro_shortcode_template action to wp-admin/admin-ajax.php. | |||||
| CVE-2018-16277 | 1 Xwiki | 1 Xwiki | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Image Import function in XWiki through 10.7 has XSS. | |||||
| CVE-2018-16259 | 1 Soflyy | 1 Wp All Import | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-settings large_feed_limit. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator | |||||
| CVE-2018-16258 | 1 Soflyy | 1 Wp All Import | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-import custom_type. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator | |||||
| CVE-2018-16257 | 1 Soflyy | 1 Wp All Import | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| There are multiple XSS vulnerabilities in WP All Import plugin 3.4.9 for WordPress via action=template. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator | |||||
| CVE-2018-16256 | 1 Soflyy | 1 Wp All Import | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via Add Filtering Options(Add Rule). NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator | |||||
| CVE-2018-16255 | 1 Soflyy | 1 Wp All Import | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=evaluate. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator | |||||
| CVE-2018-16254 | 1 Soflyy | 1 Wp All Import | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=options. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator | |||||
| CVE-2018-16250 | 1 Creatiwity | 1 Witycms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The "utilisateur" menu in Creatiwity wityCMS 0.6.2 modifies the presence of XSS at two input points for user information, with the "first name" and "last name" parameters. | |||||
| CVE-2018-16249 | 1 B3log | 1 Symphony | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| In Symphony before 3.3.0, there is XSS in the Title under Post. The ID "articleTitle" of this is stored in the "articleTitle" JSON field, and executes a payload when accessing the /member/test/points URI, allowing remote attacks. Any Web script or HTML can be inserted by an admin-authenticated user via a crafted web site name. | |||||
| CVE-2018-16248 | 1 B3log | 1 Solo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| b3log Solo 2.9.3 has XSS in the Input page under the "Publish Articles" menu with an ID of "articleTags" stored in the "tag" JSON field, which allows remote attackers to inject arbitrary Web scripts or HTML via a carefully crafted site name in an admin-authenticated HTTP request. | |||||