• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2018-1999008

February 26, 2023 by

October CMS version prior to build 437 contains a Cross Site Scripting (XSS) vulnerability in the Media module and create folder functionality that can result in an Authenticated user with media module permission creating arbitrary folder name with XSS content. This attack appear to be exploitable via an Authenticated user with media module permission who can create arbitrary folder name (XSS). This vulnerability appears to have been fixed in build 437.

CVE-2018-1999016

February 26, 2023 by

Pydio version 8.2.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in ./core/vendor/meenie/javascript-packer/example-inline.php line 48; ./core/vendor/dapphp/securimage/examples/test.mysql.static.php lines: 114,118 that can result in an unauthenticated remote attacker manipulating the web client via XSS code injection. This attack appear to be exploitable via the victim openning a specially crafted URL. This vulnerability appears to have been fixed in version 8.2.1.

CVE-2018-1999021

February 26, 2023 by

Gleezcms Gleez Cms version 1.3.0 contains a Cross Site Scripting (XSS) vulnerability in Profile page that can result in Inject arbitrary web script or HTML via the profile page editor. This attack appear to be exploitable via The victim must navigate to the attacker’s profile page.

CVE-2018-1999024

February 26, 2023 by

MathJax version prior to version 2.7.4 contains a Cross Site Scripting (XSS) vulnerability in the unicode{} macro that can result in Potentially untrusted Javascript running within a web browser. This attack appear to be exploitable via The victim must view a page where untrusted content is processed using Mathjax. This vulnerability appears to have been fixed in 2.7.4 and later.

CVE-2018-1999029

February 26, 2023 by

A cross-site scripting vulnerability exists in Jenkins Shelve Project Plugin 1.5 and earlier in ShelveProjectAction/index.jelly, ShelvedProjectsAction/index.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user’s browser when that other user performs some UI actions.

CVE-2018-19970

February 26, 2023 by

In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 336
  • Go to page 337
  • Go to page 338
  • Go to page 339
  • Go to page 340
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE