CVE-2018-18087

The Bixie Portfolio plugin 1.2.0 for Pagekit has XSS: a logged-in user who has the "Manage portfolio" privilege can inject arbitrary web script or HTML via the Image URL field in the portfolio editor. The vulnerability is triggered by visiting /portfolio/$projecttitle...

CVE-2018-16622

Multiple cross-site scripting XSS vulnerabilities in /api/content/addOne in DoraCMS v2.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 discription or 2 comments field, related to users/userAddContent...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in /api/content/addOne in DoraCMS v2.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 discription or 2 comments field, related to users/userAddContent...

Matera Banco Cross-Site Scripting Vulnerability

Matera Banco is a financial management system. A cross-site scripting vulnerability exists in Matera Banco version 1.0.0. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

QCMS Cross-Site Scripting Vulnerability (CNVD-2019-10281)

QCMS is an open source content management system CMS for creating responsive websites. A cross-site scripting vulnerability exists in upload/System/Controller/backend/news.php in QCMS 3.0.1, which can be exploited by remote attackers to inject arbitrary web script or HTML...

QCMS Cross-Site Scripting Vulnerability (CNVD-2019-10280)

QCMS is an open source content management system CMS for creating responsive websites. A cross-site scripting vulnerability exists in upload/System/Controller/backend/album.php in QCMS 3.0.1, which can be exploited by remote attackers to inject arbitrary web script or HTML...

MODX Revolution Cross-Site Scripting Vulnerability (CNVD-2018-13269)

MODX Revolution is a PHP-based open source content management system CMS from the U.S. company MODX. The system supports online collaboration, search engine optimization SEO, add-ons and more. A cross-site scripting vulnerability exists in MODX Revolution version 2.6.3. A remote attacker can...

IceWarp Mail Server Cross-Site Script Injection Vulnerability

IceWarp Mail Server is a mail server product from IceWarp USA. The product supports email archiving, SmartAttach attachments, automatic migration and more. A cross-site scripting vulnerability exists in webdav/ticket/ URIs in IceWarp Mail Server version 12.0.3. A remote attacker can exploit this...

mao10cms Cross-site Script Injection Vulnerability

mao10cms is an open source content management system CMS developed using the PHP language. A cross-site scripting vulnerability exists in mao10cms version 6. Attackers can use the article page to inject arbitrary Web script or HTML...

connect cross-site scripting vulnerability

connect is an extended HTTP server framework for use in Node.js. A cross-site scripting vulnerability exists in versions of connect prior to 2.14.0, which stems from the program's lack of validation of files in the directory js middleware. This vulnerability can be exploited to inject arbitrary w...

Hue Cross-Site Scripting Vulnerability

Hue is an open source web interface for Apache Hadoop data analysis. A cross-site scripting vulnerability exists in Hue version 3.12. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

Severalnines ClusterControl Cross-Site Scripting Vulnerability

Severalnines ClusterControl is an open source database management system. The system can be used to deploy , manage , monitor and scale the database . A cross-site scripting vulnerability exists in versions prior to Severalnines ClusterControl 1.6.0-4699. A remote attacker can exploit this...

CVE-2018-10165

Stored Cross-site scripting XSS vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows allows authenticated attackers to inject arbitrary web script or HTML via the userName parameter in the local user creation functionality. This is fixed in version...

Mediawiki cross-site scripting vulnerability (CNVD-2018-08932)

MediaWiki is a free and free web-based Wiki engine developed and maintained by the Wikimedia Foundation and MediaWiki volunteers, which can be used to deploy in-house knowledge management and content management systems. A cross-site scripting vulnerability exists in the...

CVE-2018-10571

Multiple reflected cross-site scripting XSS vulnerabilities in OpenEMR before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the 1 patient parameter to interface/main/finder/findernavigation.php; 2 key parameter to interface/billing/getclaimfile.php; 3 formid or 4 formseq...

PT-2018-9818 · Wuzhi · Wuzhi Cms

Name of the Vulnerable Software and Affected Versions: WUZHI CMS version 4.1.0 Description: A persistent XSS issue allows remote attackers to inject arbitrary web script or HTML via the tagpinyin parameter to the "/index.php?m=tags&f=index&v=add" API endpoint. Recommendations: For WUZHI CMS versi...

CVE-2017-3964

Reflective Cross-Site Scripting XSS vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows attackers to inject arbitrary web script or HTML via a URL parameter...

Crea8Social cross-site scripting vulnerability (CNVD-2018-07588)

Crea8social is a PHP-based social networking platform developed by Nigerian software developer Tiamiyu Waliu Kola. A cross-site scripting vulnerability exists in Crea8social version 2018.2. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

CVE-2018-0511

Cross-site scripting vulnerability in WP Retina 2x prior to version 5.2.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS in WBCE CMS 1.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the Modify Page screen, a different issue than CVE-2017-2118...