CVE-2018-14922

Multiple cross-site scripting XSS vulnerabilities in Monstra CMS 3.0.4 allow remote attackers to inject arbitrary web script or HTML via the 1 first name or 2 last name field in the edit profile page...

CVE-2018-14503

Cross-site scripting XSS vulnerability in intervalCheck.jsp in Coremail XT 3.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter...

CVE-2018-14503

Cross-site scripting XSS vulnerability in intervalCheck.jsp in Coremail XT 3.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter...

CVE-2018-15169

A reflected Cross-site scripting XSS vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter...

Samsung Syncthru Web Service Multiple Vulnerabilities (Jul 2018)

Samsung Syncthru Web Service is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2018-12944

Persistent Cross-Site Scripting XSS vulnerability in the "Categories" feature in SeedDMS formerly LetoDMS and MyDMS before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the name field...

GHSA-G8Q2-24JH-5HPC High severity vulnerability that affects jquery-ui

Withdrawn, accidental duplicate publish. Cross-site scripting XSS vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function...

CVE-2018-0618

Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2018-0618

Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2018-0618

Removed by vendor...

CVE-2018-0618

Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name...

CVE-2018-14493

Cross-site scripting XSS vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name...

CVE-2018-14493

Cross-site scripting XSS vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name...

CVE-2018-14493

Cross-site scripting XSS vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name...

feedparser Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via an unexpected URI scheme, as demonstrated by a javascript: URI...

CVE-2018-1999021

Gleezcms Gleez Cms version 1.3.0 contains a Cross Site Scripting XSS vulnerability in Profile page that can result in Inject arbitrary web script or HTML via the profile page editor. This attack appear to be exploitable via The victim must navigate to the attacker's profile page...

Cross site scripting

An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the formnickname parameter to the index.php?m=core&f=set&v=sendmail URI. When the administrator accesses the "system settings - mail server"...

Cross-site scripting in django

Cross-site scripting XSS vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload...

Cross site scripting

Multiple Persistent cross-site scripting XSS issues in the Techotronic all-in-one-favicon aka All In One Favicon plugin 4.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via Apple-Text, GIF-Text, ICO-Text, PNG-Text, or JPG-Text...