• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2018-1155

February 26, 2023 by

In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented to correct this issue.

CVE-2018-1147

February 26, 2023 by

In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation. A remote authenticated attacker could create and upload a .nessus file, which may be viewed by an administrator allowing for the execution of arbitrary script code in a user’s browser session. In other scenarios, XSS could also occur by altering variables from the Advanced Settings.

CVE-2018-11471

February 26, 2023 by

Cockpit 0.5.5 has XSS via a collection, form, or region.

CVE-2018-11472

February 26, 2023 by

Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php).

CVE-2018-11473

February 26, 2023 by

Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration).

CVE-2018-11485

February 26, 2023 by

The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress is vulnerable to Stored XSS. It allows an attacker to inject malicious JavaScript code on the WooCommerce -> Orders admin page. The attack is possible by modifying the “referral_site” cookie to have an XSS payload, and placing an order.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 512
  • Go to page 513
  • Go to page 514
  • Go to page 515
  • Go to page 516
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE