Vulnerabilities (CVE)

Filtered by CWE-79
Total 36824 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-11443 1 Easyservice Billing Project 1 Easyservice Billing 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The parameter q is affected by Cross-site Scripting in jobcard-ongoing.php in EasyService Billing 1.0.
CVE-2018-11430 1 Moderator Log Notes Project 1 Moderator Log Notes 2024-11-21 3.5 LOW 5.4 MEDIUM
An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. The XSS is located in the mod notes textarea.
CVE-2018-11415 1 Sap 1 Internet Transaction Server 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases of this product.
CVE-2018-11404 1 Domainmod 1 Domainmod 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter.
CVE-2018-11403 1 Domainmod 1 Domainmod 2024-11-21 3.5 LOW 5.4 MEDIUM
DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter.
CVE-2018-11366 1 Loginizer 1 Loginizer 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has Unauthenticated Stored Cross-Site Scripting (XSS) because logging is mishandled. This is fixed in 1.4.0.
CVE-2018-11352 1 Wallabag 1 Wallabag 2024-11-21 2.1 LOW 4.0 MEDIUM
The Wallabag application 2.2.3 to 2.3.2 is affected by one cross-site scripting (XSS) vulnerability that is stored within the configuration page. This vulnerability enables the execution of a JavaScript payload each time an administrator visits the configuration page. The vulnerability can be exploited with authentication and used to target administrators and steal their sessions.
CVE-2018-11351 1 Jirafeau 1 Jirafeau 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
script.php in Jirafeau before 3.4.1 is affected by two stored Cross-Site Scripting (XSS) vulnerabilities. These are stored within the shared files description file and allow the execution of a JavaScript payload each time an administrator searches or lists uploaded files. These two injections could be triggered without authentication, and target the administrator. The attack vectors are the Content-Type field and the filename parameter.
CVE-2018-11350 1 Jirafeau 1 Jirafeau 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Jirafeau before 3.4.1. The file "search by name" form is affected by one Cross-Site Scripting vulnerability via the name parameter.
CVE-2018-11348 1 Yunohost 1 Yunohost 2024-11-21 3.5 LOW 5.4 MEDIUM
Two XSS vulnerabilities are located in the profile edition page of the user panel of the YunoHost 2.7.2 through 2.7.14 web application. By injecting a JavaScript payload, these flaws could be used to manipulate a user's session.
CVE-2018-11343 1 Asustor 1 Soundsgood 2024-11-21 3.5 LOW 5.4 MEDIUM
A persistent cross site scripting vulnerability in playlistmanger.cgi in the ASUSTOR SoundsGood application allows attackers to store cross site scripting payloads via the 'playlist' POST parameter.
CVE-2018-11339 1 Frappe 1 Erpnext 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An XSS issue was discovered in Frappe ERPNext v11.x.x-develop b1036e5 via a comment.
CVE-2018-11332 1 Clippercms 1 Clippercms 2024-11-21 3.5 LOW 4.8 MEDIUM
Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted site name to the manager/processors/save_settings.processor.php file.
CVE-2018-11330 1 Pluck-cms 1 Pluck 2024-11-21 3.5 LOW 4.8 MEDIUM
An issue was discovered in Pluck before 4.7.6. There is authenticated stored XSS because the character set for filenames is not properly restricted.
CVE-2018-11328 1 Joomla 1 Joomla\! 2024-11-21 2.6 LOW 4.7 MEDIUM
An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could result in an XSS vulnerability.
CVE-2018-11326 1 Joomla 1 Joomla\! 2024-11-21 3.5 LOW 4.8 MEDIUM
An issue was discovered in Joomla! Core before 3.8.8. Inadequate input filtering leads to a multiple XSS vulnerabilities. Additionally, the default filtering settings could potentially allow users of the default Administrator user group to perform a XSS attack.
CVE-2018-11317 1 Intelliants 1 Subrion 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Subrion CMS before 4.1.4 has XSS.
CVE-2018-11245 1 Misp-project 1 Misp 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with cortex type attributes.
CVE-2018-11227 1 Monstra 1 Monstra Cms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Monstra CMS 3.0.4 and earlier has XSS via index.php.
CVE-2018-11223 1 Pandorafms 1 Artica Pandora Fms 2024-11-21 3.5 LOW 5.4 MEDIUM
XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to execute arbitrary code via a crafted "refr" parameter in a "/pandora_console/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=" call.