• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2018-10680

February 26, 2023 by

** DISPUTED ** Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to “Web site settings –> Basic setting –> Website title” and enters an XSS payload via the zb_system/cmd.php ZC_BLOG_NAME parameter. NOTE: the vendor disputes the security relevance, noting it is “just a functional bug.”

CVE-2018-10686

February 26, 2023 by

An issue was discovered in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $_REQUEST[‘path’] to the view/file/index.php URI, which can lead to remote PHP code execution via vectors involving a file_put_contents call in web/upload/UploadHandler.php.

CVE-2018-10692

February 26, 2023 by

An issue was discovered on Moxa AWK-3121 1.14 devices. The session cookie “Password508” does not have an HttpOnly flag. This allows an attacker who is able to execute a cross-site scripting attack to steal the cookie very easily.

CVE-2018-10700

February 26, 2023 by

An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter “iw_board_deviceName” is susceptible to this injection.

CVE-2018-10704

February 26, 2023 by

yidashi yii2cmf 2.0 has XSS via the /search q parameter.

CVE-2018-10726

February 26, 2023 by

** DISPUTED ** A stored XSS vulnerability was found in Datenstrom Yellow 0.7.3 via an “Edit page” action. NOTE: the vendor disputes the relevance of this report because an installation accessible to untrusted users is supposed to have parserSafeMode=1 in system/config/config.ini to prevent XSS.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 523
  • Go to page 524
  • Go to page 525
  • Go to page 526
  • Go to page 527
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE