Total
36832 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10029 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_name parameter, related to moduledepends, a different vulnerability than CVE-2017-16799. | |||||
| CVE-2018-10026 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The WeChat module in YzmCMS 3.7.1 has reflected XSS via the admin/module/init.html echostr parameter, related to the valid function in application/wechat/controller/index.class.php. | |||||
| CVE-2018-10023 | 1 Catfish-cms | 1 Catfish Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Catfish CMS V4.7.21 allows XSS via the pinglun parameter to cat/index/index/pinglun (aka an authenticated comment). | |||||
| CVE-2018-10000 | 1 Videodownloaderultimate | 1 Video Downloader | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Video Downloader professional extension before 2018-04-05 for Chrome has Universal XSS (UXSS) via vectors related to a link64_msgAddLinks event. | |||||
| CVE-2018-1002009 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable. | |||||
| CVE-2018-1002008 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable. | |||||
| CVE-2018-1002007 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id. | |||||
| CVE-2018-1002006 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes | |||||
| CVE-2018-1002005 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter. | |||||
| CVE-2018-1002004 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. | |||||
| CVE-2018-1002003 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. | |||||
| CVE-2018-1002002 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. | |||||
| CVE-2018-1002001 | 1 Kibokolabs | 1 Arigato Autoresponder And Newsletter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. | |||||
| CVE-2018-1000998 | 1 Freebsd | 1 Cvsweb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| FreeBSD CVSweb version 2.x contains a Cross Site Scripting (XSS) vulnerability in all pages that can result in limited impact--CVSweb is anonymous & read-only. It might impact other sites on same domain. This attack appears to be exploitable via victim must load specially crafted url. This vulnerability appears to have been fixed in 3.x. | |||||
| CVE-2018-1000887 | 1 Peel | 1 Peel Shopping | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Peel shopping peel-shopping_9_1_0 version contains a Cross Site Scripting (XSS) vulnerability that can result in an authenticated user injecting java script code in the "Site Name EN" parameter. This attack appears to be exploitable if the malicious user has access to the administration account. | |||||
| CVE-2018-1000870 | 1 Phpipam | 1 Phpipam | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in /app/admin/users/print-user.php that can result in Execute code in the victims browser. This attack appear to be exploitable via Attacker change theme parameter in user settings. Admin(Victim) views user in admin-panel and gets exploited.. This vulnerability appears to have been fixed in 1.4. | |||||
| CVE-2018-1000868 | 1 Webidsupport | 1 Webid | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WeBid version up to current version 1.2.2 contains a Cross Site Scripting (XSS) vulnerability in user_login.php, register.php that can result in Javascript execution in the user's browser, injection of malicious markup into the page. This attack appear to be exploitable via The victim user must click a malicous link. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f. | |||||
| CVE-2018-1000860 | 1 Phpipam | 1 Phpipam | 2024-11-21 | 2.6 LOW | 4.7 MEDIUM |
| phpipam version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in The value of the phpipamredirect cookie is copied into an HTML tag on the login page encapsulated in single quotes. Editing the value of the cookie to r5zkh'><script>alert(1)</script>quqtl exploits an XSS vulnerability. that can result in Arbitrary code executes in victims browser.. This attack appear to be exploitable via Needs to be chained with another exploit that allows an attacker to set or modify a cookie for the phpIPAM instance's domain.. | |||||
| CVE-2018-1000856 | 1 Domainmod | 1 Domainmod | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| DomainMOD version 4.09.03 and above. Also verified in the latest version 4.11.01 contains a Cross Site Scripting (XSS) vulnerability in Segment Name field in the segments page that can result in Arbitrary script can be executed on all users browsers who visit the affected page. This attack appear to be exploitable via Victim must visit the vulnerable page. This vulnerability appears to have been fixed in No fix yet. | |||||
| CVE-2018-1000855 | 1 Basecamp | 1 Easymon | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| easymon version 1.4 and earlier contains a Cross Site Scripting (XSS) vulnerability in Endpoint where monitoring is mounted that can result in Reflected XSS that affects Firefox. Can be used to steal cookies, depending on the cookie settings.. This attack appear to be exploitable via The victim must click on a crafted URL that contains the XSS payload. This vulnerability appears to have been fixed in 1.4.1 and later. | |||||