• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2018-19506

February 26, 2023 by

Zurmo 3.2.4 has XSS via an admin’s use of the name parameter in the reports section, aka the app/index.php/reports/default/details?id=1 URI.

CVE-2018-19507

February 26, 2023 by

CMSimple 4.7.5 has XSS via an admin’s use of a ?file=config&action=array URI.

CVE-2018-19508

February 26, 2023 by

CMSimple 4.7.5 has XSS via an admin’s upload of an SVG file at a ?userfiles&subdir=userfiles/images/flags/ URI.

CVE-2018-19509

February 26, 2023 by

wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars() instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to XSS.

CVE-2018-1951

February 26, 2023 by

IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153494.

CVE-2018-1952

February 26, 2023 by

IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153495.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 354
  • Go to page 355
  • Go to page 356
  • Go to page 357
  • Go to page 358
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE