CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (Cross Site Scripting (XSS))

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-5715 XSS 2018-01-16 2018-01-16
0.0
None ??? ??? ??? ??? ??? ???
phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable).
2 CVE-2018-5712 XSS 2018-01-16 2018-01-16
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.
3 CVE-2018-5704 Exec Code XSS 2018-01-16 2018-01-16
0.0
None ??? ??? ??? ??? ??? ???
Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site.
4 CVE-2018-5692 XSS 2018-01-13 2018-01-13
0.0
None ??? ??? ??? ??? ??? ???
Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, `installstatus`, and `display` parameters of the `admin.php` file.
5 CVE-2018-5691 XSS 2018-01-13 2018-01-13
0.0
None ??? ??? ??? ??? ??? ???
SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module.
6 CVE-2018-5690 XSS 2018-01-13 2018-01-13
0.0
None ??? ??? ??? ??? ??? ???
Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter (aka the page limit number).
7 CVE-2018-5689 XSS 2018-01-13 2018-01-13
0.0
None ??? ??? ??? ??? ??? ???
Cross-site scripting (XSS) vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user's email.
8 CVE-2018-5688 XSS 2018-01-14 2018-01-14
0.0
None ??? ??? ??? ??? ??? ???
ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader function in setup/classes/class.ilSetupGUI.php in the Setup component.
9 CVE-2018-5687 XSS 2018-01-13 2018-01-13
0.0
None ??? ??? ??? ??? ??? ???
NewsBee allows XSS via the Company Name field in the Settings under admin/admin.php.
10 CVE-2018-5681 XSS 2018-01-13 2018-01-13
0.0
None ??? ??? ??? ??? ??? ???
PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages > Edit page" screen.
11 CVE-2018-5672 XSS 2018-01-12 2018-01-12
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php form_field5[label] parameter.
12 CVE-2018-5671 XSS 2018-01-12 2018-01-12
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php extra_field1[items][field_item1][price_percent] parameter.
13 CVE-2018-5670 XSS 2018-01-12 2018-01-12
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php sale_conditions[count][] parameter.
14 CVE-2018-5668 XSS 2018-01-12 2018-01-12
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-admin/options-general.php rnu_username_validation_title parameter.
15 CVE-2018-5667 XSS 2018-01-12 2018-01-12
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-admin/options-general.php rnu_username_validation_pattern parameter.
16 CVE-2018-5666 XSS 2018-01-12 2018-01-12
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php bg_color parameter.
17 CVE-2018-5665 XSS 2018-01-12 2018-01-12
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php logo_height parameter.
18 CVE-2018-5664 XSS 2018-01-12 2018-01-12
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php social_icon_1 parameter.
19 CVE-2018-5663 XSS 2018-01-12 2018-01-12
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php button_text_link parameter.
20 CVE-2018-5662 XSS 2018-01-12 2018-01-12
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php counter_title parameter.
21 CVE-2018-5661 XSS 2018-01-12 2018-01-12
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php logo_width parameter.
22 CVE-2018-5660 XSS 2018-01-12 2018-01-12
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php coming-soon_sub_title parameter.
23 CVE-2018-5659 XSS 2018-01-12 2018-01-12
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php coming-soon_title parameter.
24 CVE-2018-5657 XSS 2018-01-12 2018-01-12
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php counter_title_icon parameter.
25 CVE-2018-5655 XSS 2018-01-12 2018-01-12
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php security parameter.
26 CVE-2018-5654 XSS 2018-01-12 2018-01-12
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php PFFREE_Access_Token parameter.
27 CVE-2018-5653 XSS 2018-01-12 2018-01-12
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php weblizar_pffree_settings_save_get-users parameter.
28 CVE-2018-5652 XSS 2018-01-12 2018-01-12
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_end parameter.
29 CVE-2018-5651 XSS 2018-01-12 2018-01-12
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_start parameter.
30 CVE-2018-5479 Exec Code XSS 2018-01-15 2018-01-15
0.0
None ??? ??? ??? ??? ??? ???
FoxSash ImgHosting 1.5 (according to footer information) is vulnerable to XSS attacks. The affected function is its search engine via the search parameter to the default URI. Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admin(s). By sending users an infected URL, code will be executed.
31 CVE-2018-5376 XSS 2018-01-12 2018-01-12
0.0
None ??? ??? ??? ??? ??? ???
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php op parameter.
32 CVE-2018-5375 XSS 2018-01-12 2018-01-12
0.0
None ??? ??? ??? ??? ??? ???
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php appid parameter in a delete action.
33 CVE-2018-5370 XSS 2018-01-16 2018-01-16
0.0
None ??? ??? ??? ??? ??? ???
BizLogic xnami 1.0 has XSS via the comment parameter in an addComment action to the /media/ajax URI.
34 CVE-2018-5369 XSS 2018-01-12 2018-01-13
0.0
None ??? ??? ??? ??? ??? ???
The SrbTransLatin plugin 1.46 for WordPress has XSS via an srbtranslatoptions action to wp-admin/options-general.php with a lang_identificator parameter.
35 CVE-2018-5367 XSS 2018-01-12 2018-01-13
0.0
None ??? ??? ??? ??? ??? ???
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post_type][post] parameter to wp-admin/options.php.
36 CVE-2018-5366 XSS 2018-01-12 2018-01-13
0.0
None ??? ??? ??? ??? ??? ???
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[more_languages] parameter to wp-admin/options.php.
37 CVE-2018-5365 XSS 2018-01-12 2018-01-13
0.0
None ??? ??? ??? ??? ??? ???
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[selector_wp_list_pages][show_selector] parameter to wp-admin/options.php.
38 CVE-2018-5364 XSS 2018-01-12 2018-01-13
0.0
None ??? ??? ??? ??? ??? ???
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[browser_redirect][redirect_by_language] parameter to wp-admin/options.php.
39 CVE-2018-5363 XSS 2018-01-12 2018-01-13
0.0
None ??? ??? ??? ??? ??? ???
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[enabled_languages][en] or wpglobus_option[enabled_languages][fr] (or any other language) parameter to wp-admin/options.php.
40 CVE-2018-5362 XSS 2018-01-12 2018-01-13
0.0
None ??? ??? ??? ??? ??? ???
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post_type][page] parameter to wp-admin/options.php.
41 CVE-2018-5331 XSS 2018-01-10 2018-01-10
0.0
None ??? ??? ??? ??? ??? ???
Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php.
42 CVE-2018-5316 XSS 2018-01-09 2018-01-09
0.0
None ??? ??? ??? ??? ??? ???
The "SagePay Server Gateway for WooCommerce" plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter.
43 CVE-2018-5312 XSS 2018-01-09 2018-01-09
0.0
None ??? ??? ??? ??? ??? ???
The tabs-responsive plugin 1.8.0 for WordPress has XSS via the post_title parameter to wp-admin/post.php.
44 CVE-2018-5311 XSS 2018-01-09 2018-01-09
0.0
None ??? ??? ??? ??? ??? ???
The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS via the tonjoo_ecae_options[custom_css] parameter to the wp-admin/admin.php?page=tonjoo_excerpt URI.
45 CVE-2018-5293 XSS 2018-01-08 2018-01-10
0.0
None ??? ??? ??? ??? ??? ???
The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-tools page.
46 CVE-2018-5292 XSS 2018-01-08 2018-01-10
0.0
None ??? ??? ??? ??? ??? ???
The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-information page.
47 CVE-2018-5288 XSS 2018-01-08 2018-01-10
0.0
None ??? ??? ??? ??? ??? ???
The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page.
48 CVE-2018-5286 XSS 2018-01-08 2018-01-10
0.0
None ??? ??? ??? ??? ??? ???
The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-about page.
49 CVE-2018-5284 XSS 2018-01-08 2018-01-10
0.0
None ??? ??? ??? ??? ??? ???
The ImageInject plugin 1.15 for WordPress has XSS via the flickr_appid parameter to wp-admin/options-general.php.
50 CVE-2018-5281 XSS 2018-01-08 2018-01-09
0.0
None ??? ??? ??? ??? ??? ???
SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.