• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2018-7196

February 26, 2023 by

Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the “sort” parameter.

CVE-2018-7197

February 26, 2023 by

An issue was discovered in Pluck through 4.7.4. A stored cross-site scripting (XSS) vulnerability allows remote unauthenticated users to inject arbitrary web script or HTML into admin/blog Reaction Comments via a crafted URL.

CVE-2018-7198

February 26, 2023 by

October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page.

CVE-2018-7202

February 26, 2023 by

An issue was discovered in ProjectSend before r1053. XSS exists in the “Name” field on the My Account page.

CVE-2018-7203

February 26, 2023 by

Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/set_all.

CVE-2018-7205

February 26, 2023 by

** DISPUTED ** Reflected Cross-Site Scripting vulnerability in “Design” on “Edit device layout” in Kentico 9 through 11 allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link that is entered via the “Pages -> Edit template properties -> Device Layouts -> Create device layout (and edit created device layout) -> Design” screens. NOTE: the vendor has responded that there is intended functionality for authorized users to edit and update ascx code layout.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 260
  • Go to page 261
  • Go to page 262
  • Go to page 263
  • Go to page 264
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE