| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A stored cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via User-Chat.php. |
| A reflected cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via the reg parameter in mh.php. |
| A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices. |
| A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label. |
| A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors. |
| A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color. |
| CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string. |
| Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka "Admin ids" input in the Facebook section). |
| Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field. |
| In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property. |
| In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute. |
| The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA Platform through 6.10.x has Persistent XSS via the "Reports > Reports" name field. |
| PHP Scripts Mall Basic B2B Script 2.0.9 has HTML injection via the First Name or Last Name field. |
| PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has stored Cross-Site Scripting (XSS) via the Full Name field. |
| PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has HTML injection via the Search Bar. |
| PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has HTML injection via the First Name field. |
| PHP Scripts Mall Advance B2B Script 2.1.4 has stored Cross-Site Scripting (XSS) via the FIRST NAME or LAST NAME field. |
| PHP Scripts Mall Consumer Reviews Script 4.0.3 has HTML injection via the search box. |
| imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo.php?cookie URI. |
| UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action. |
