• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2018-19835

February 26, 2023 by

Metinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_columnerr4 parameter.

CVE-2018-19836

February 26, 2023 by

In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers (including the Cookie header), and common.inc.php allows registering variables from the $_COOKIE value. This issue can, for example, be exploited in conjunction with CVE-2018-19835 to bypass many XSS filters such as the Chrome XSS filter.

CVE-2018-1984

February 26, 2023 by

IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 154137.

CVE-2018-19782

February 26, 2023 by

Multiple cross-site scripting (XSS) vulnerabilities in GET requests in FreshRSS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) c parameter or (2) a parameter.

CVE-2018-19785

February 26, 2023 by

PHP-Proxy through 5.1.0 has Cross-Site Scripting (XSS) via the URL field in index.php.

CVE-2018-19787

February 26, 2023 by

An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by “j a v a s c r i p t:” in Internet Explorer. This is a similar issue to CVE-2014-3146.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 344
  • Go to page 345
  • Go to page 346
  • Go to page 347
  • Go to page 348
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE