• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2018-11366

February 26, 2023 by

init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has Unauthenticated Stored Cross-Site Scripting (XSS) because logging is mishandled. This is fixed in 1.4.0.

CVE-2018-11326

February 26, 2023 by

An issue was discovered in Joomla! Core before 3.8.8. Inadequate input filtering leads to a multiple XSS vulnerabilities. Additionally, the default filtering settings could potentially allow users of the default Administrator user group to perform a XSS attack.

CVE-2018-11328

February 26, 2023 by

An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack of escaping the user-info component of the URI could result in an XSS vulnerability.

CVE-2018-11330

February 26, 2023 by

An issue was discovered in Pluck before 4.7.6. There is authenticated stored XSS because the character set for filenames is not properly restricted.

CVE-2018-11332

February 26, 2023 by

Stored cross-site scripting (XSS) vulnerability in the “Site Name” field found in the “site” tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted site name to the manager/processors/save_settings.processor.php file.

CVE-2018-11339

February 26, 2023 by

An XSS issue was discovered in Frappe ERPNext v11.x.x-develop b1036e5 via a comment.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 515
  • Go to page 516
  • Go to page 517
  • Go to page 518
  • Go to page 519
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE