| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the media_preview action. |
| admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element. |
| Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field. |
| Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field. |
| MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description. |
| MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name. |
| MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs. |
| MODX Revolution through v2.7.0-pl allows XSS via the User Photo field. |
| An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product. |
| An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product. |
| A stored cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via User-Chat.php. |
| A reflected cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via the reg parameter in mh.php. |
| A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices. |
| A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label. |
| A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors. |
| A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color. |
| CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string. |
| Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka "Admin ids" input in the Facebook section). |
| Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field. |
| In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property. |
