• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2018-5306

February 26, 2023 by

Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/…/index.html; (3) the filename in the “File Upload” functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality.

CVE-2018-5307

February 26, 2023 by

Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/…/index.html; (3) the filename in the “File Upload” functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality.

CVE-2018-5311

February 26, 2023 by

The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS via the tonjoo_ecae_options[custom_css] parameter to the wp-admin/admin.php?page=tonjoo_excerpt URI.

CVE-2018-5312

February 26, 2023 by

The tabs-responsive plugin 1.8.0 for WordPress has XSS via the post_title parameter to wp-admin/post.php.

CVE-2018-5316

February 26, 2023 by

The “SagePay Server Gateway for WooCommerce” plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter.

CVE-2018-5249

February 26, 2023 by

Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 and 0.9.x before 0.9.3 allows remote attackers to inject arbitrary code via the login form’s username field (aka the login parameter to the ban_canLogin function in index.php).

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 288
  • Go to page 289
  • Go to page 290
  • Go to page 291
  • Go to page 292
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE