• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2018-11558

February 26, 2023 by

DomainMod 4.10.0 has Stored XSS in the “/settings/profile/index.php” new_first_name parameter.

CVE-2018-11559

February 26, 2023 by

DomainMod 4.10.0 has Stored XSS in the “/settings/profile/index.php” new_last_name parameter.

CVE-2018-11562

February 26, 2023 by

An issue was discovered in MISP 2.4.91. A vulnerability in app/View/Elements/eventattribute.ctp allows reflected XSS if a user clicks on a malicious link for an event view and then clicks on the deleted attributes quick filter.

CVE-2018-11564

February 26, 2023 by

Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG format. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to “/storage/poc.svg” that will point to http://localhost/pagekit/storage/poc.svg. When a user comes along to click that link, it will trigger a XSS attack.

CVE-2018-11568

February 26, 2023 by

Reflected XSS is possible in the GamePlan theme through 1.5.13.2 for WordPress because of insufficient input sanitization, as demonstrated by the s parameter. In some (but not all) cases, the ” characters have < and > representations.

CVE-2018-11572

February 26, 2023 by

ClipperCMS 1.3.3 has XSS in the “Module name” field in a “Modules -> Manage modules -> edit” action to the manager/ URI.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 510
  • Go to page 511
  • Go to page 512
  • Go to page 513
  • Go to page 514
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE