| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article "keyword" parameter. |
| No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article/index/ "article_title" parameter. |
| DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field. |
| login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field. |
| An issue was discovered in YzmCMS 5.2. XSS exists via the admin/content/search.html searinfo parameter. |
| There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to CVE-2018-16325. |
| FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, which is mishandled during an edit action, a related issue to CVE-2018-10319. |
| In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers (including the Cookie header), and common.inc.php allows registering variables from the $_COOKIE value. This issue can, for example, be exploited in conjunction with CVE-2018-19835 to bypass many XSS filters such as the Chrome XSS filter. |
| Metinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_columnerr4 parameter. |
| Artica Integria IMS 5.0.83 has XSS via the search_string parameter. |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/SharedCriteria.jsp" has reflected XSS via the ConnPoolName or GroupId parameter. |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/SecurityPolicies.jsp" has reflected XSS via the ConnPoolName parameter. |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Roles.jsp" has reflected XSS via the ConnPoolName parameter. |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Rights.jsp" has reflected XSS via the ConnPoolName parameter. |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Contacts.jsp" has reflected XSS via the ConnPoolName parameter. |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/AdminAuthorisationFrame.jsp" has reflected XSS via the ConnPoolName or GroupId parameter. |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/categorytree/ChooseCategory.jsp" has reflected XSS via the ConnPoolName parameter. |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/UserPopupAddNewProp.jsp" has reflected XSS via the ConnPoolName parameter. |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Subscriptions.jsp" has reflected XSS via the ConnPoolName or GroupId parameter. |
| Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Subscribers.jsp" has reflected XSS via the ConnPoolName or GroupId parameter. |
