• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2018-20141

February 26, 2023 by

AbanteCart 1.2.12 has reflected cross-site scripting (XSS) via the sort parameter, as demonstrated by a /apparel–accessories?sort= substring.

CVE-2018-20149

February 26, 2023 by

In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data.

CVE-2018-20150

February 26, 2023 by

In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins.

CVE-2018-20153

February 26, 2023 by

In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS.

CVE-2018-20071

February 26, 2023 by

Insufficiently strict origin checks during JIT payment app installation in Payments in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to install a service worker for a domain that can host attacker controled files via a crafted HTML page.

CVE-2018-20101

February 26, 2023 by

The codection “Import users from CSV with meta” plugin before 1.12.1 for WordPress allows XSS via the value of a cell.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 333
  • Go to page 334
  • Go to page 335
  • Go to page 336
  • Go to page 337
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE