• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2018-7476

February 26, 2023 by

controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site Scripting (XSS) via the id or lid parameter in a c=linkage,m=import request to admin.php, because the xss_clean protection mechanism is defeated by crafted input that lacks a ” character.

CVE-2018-7405

February 26, 2023 by

Cross-site scripting (XSS) in Zoho ManageEngine EventLog Analyzer before 11.12 Build 11120 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2018-7427

February 26, 2023 by

Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2018-7447

February 26, 2023 by

** DISPUTED ** mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. The ‘Title’ and ‘Subtitle’ fields of the ‘Blog’ page are vulnerable. NOTE: The software maintainer disputes this as a vulnerability because the fields claimed to be vulnerable to XSS are only available to administrators who are supposed to have access to add scripts.

CVE-2018-7302

February 26, 2023 by

Tiki 17.1 allows upload of a .PNG file that actually has SVG content, leading to XSS.

CVE-2018-7303

February 26, 2023 by

The Calendar component in Tiki 17.1 allows HTML injection.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 257
  • Go to page 258
  • Go to page 259
  • Go to page 260
  • Go to page 261
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE