Vulnerabilities (CVE)

CWE filter

CWE-79

Filter

9915 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-18733 1 Catfish-cms 1 Catfish Cms 2018-12-07 3.5
An XSS issue was discovered in Catfish CMS 4.8.30, related to "write source code," a similar issue to CVE-2018-13999.
CVE-2018-18736 1 Catfish-cms 1 Catfish Blog 2018-12-07 3.5
An XSS issue was discovered in catfish blog 2.0.33, related to "write source code."
CVE-2018-19051 1 Metinfo 1 Metinfo 2018-12-07 4.3
MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword abt_type parameter.
CVE-2018-19050 1 Metinfo 1 Metinfo 2018-12-07 4.3
MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter.
CVE-2018-19835 1 Metinfo 1 Metinfo 2018-12-07 4.3
Metinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_columnerr4 parameter.
CVE-2018-17782 1 Mantisbt 1 Mantisbt 2018-12-07 3.5
A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a...
CVE-2018-17783 1 Mantisbt 1 Mantisbt 2018-12-07 3.5
A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a...
CVE-2018-18694 1 Monstra 1 Monstra 2018-12-06 3.5
admin/index.php?id=filesmanager in Monstra CMS 3.0.4 allows remote authenticated administrators to trigger stored XSS via JavaScript content in a file whose name lacks an extension. Such a file is interpreted as text/html in certain cases.
CVE-2018-15712 1 Nagios 1 Nagios Xi 2018-12-06 4.3
Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php.
CVE-2018-15713 1 Nagios 1 Nagios Xi 2018-12-06 3.5
Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php.
CVE-2018-15714 1 Nagios 1 Nagios Xi 2018-12-06 4.3
Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters.
CVE-2013-2033 2 Cloudbees, Jenkins 2 Jenkins, Jenkins 2018-12-06 2.1
Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or...
CVE-2018-12246 2018-12-06 4.3
Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker can target end users protected by WI with social engineering attacks using crafted URLs for legitimate web...
CVE-2018-18548 1 Ajenti 1 Ajenticp 2018-12-06 4.3
ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager.
CVE-2018-18551 1 Serverscheck 1 Monitoring Software 2018-12-06 4.3
ServersCheck Monitoring Software through 14.3.3 has Persistent and Reflected XSS via the sensors.html status parameter, sensors.html type parameter, sensors.html device parameter, report.html location parameter, group_delete.html group parameter,...
CVE-2018-18840 1 Sem-cms 1 Semcms 2018-12-06 3.5
XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexmetatit parameter.
CVE-2018-18783 1 Sem-cms 1 Semcms 2018-12-06 4.3
XSS was discovered in SEMCMS V3.4 via the semcms_remail.php?type=ok umail parameter.
CVE-2018-18841 1 Sem-cms 1 Semcms 2018-12-06 3.5
XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexkey parameter.
CVE-2013-2149 1 Owncloud 1 Owncloud 2018-12-06 3.5
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to shared files.
CVE-2018-18660 1 Arcserve 1 Udp 2018-12-06 4.3
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-21 Reflected Cross-site Scripting via /authenticationendpoint/domain.jsp issue.