| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI. |
| An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note. |
| In b3log Solo 2.9.3, XSS in the Input page under the Publish Articles menu, with an ID of linkAddress stored in the link JSON field, allows remote attackers to inject arbitrary Web scripts or HTML via a crafted site name provided by an administrator. |
| An issue was discovered in UCMS 1.4.6. There is XSS in the title bar, as demonstrated by a do=list request. |
| DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax.php. |
| Complete Responsive CMS Blog through 2018-05-20 has XSS via a comment. |
| BlogCMS through 2016-10-25 has XSS via a comment. |
| Cross-site scripting (XSS) vulnerability in Jenzabar v8.2.1 through 9.2.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter (aka the Search Field). |
| wityCMS 0.6.2 has XSS via the "Site Name" field found in the "Contact" "Configuration" page. |
| An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the site name in the "Categories" menu. |
| EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field. |
| Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new. |
| The removeXSS function in App/Common/common.php (called from App/Modules/Index/Action/SearchAction.class.php) in EasyCMS v1.4 allows XSS via an onhashchange event. |
| In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the _whatfilter and _messages parameters (in the Filters section of the settings). |
| \upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name. |
| Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages->manage under admin.php?action=files. |
| feindura 2.0.7 allows XSS via the tags field of a new page created at index.php?category=0&page=new. |
| razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component. |
| razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings component. |
| An issue is discovered in baijiacms V4. XSS exists via the assets/weengine/components/zclip/ZeroClipboard.swf id parameter, aka "Non-standard use of the flash component." |
