| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Typesetter 5.1 allows XSS via the index.php/Admin LABEL parameter during new page creation. |
| Evolution CMS 1.4.x allows XSS via the manager/ search parameter. |
| Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI. |
| Nucleus CMS 3.70 allows HTML Injection via the index.php body parameter. |
| Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php. |
| Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title. |
| Mezzanine CMS v4.3.1 allows XSS via the /admin/blog/blogcategory/add/?_to_field=id&_popup=1 title parameter at admin/blog/blogpost/add/. |
| Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter. |
| Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file. |
| panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element. |
| panel/login in Kirby v2.5.12 allows XSS via a blog name. |
| index.php/Admin/Classes in Typesetter 5.1 allows XSS via the description of a new class name. |
| index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file with JavaScript in a SCRIPT element. |
| panel/pages/home/edit in Kirby v2.5.12 allows XSS via the title of a new page. |
| Kirby V2.5.12 is prone to a Persistent XSS attack via the Title of the "Site options" in the admin panel dashboard dropdown. |
| Multiple cross-site scripting (XSS) vulnerabilities in /api/content/addOne in DoraCMS v2.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) discription or (2) comments field, related to users/userAddContent. |
| Sonatype Nexus Repository Manager before 3.14 allows XSS. |
| Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field. |
| D-Link DIR-600M devices allow XSS via the Hostname and Username fields in the Dynamic DNS Configuration page. |
| A vulnerability has been identified in SCALANCE S602 (All versions < V4.0.1.1), SCALANCE S612 (All versions < V4.0.1.1), SCALANCE S623 (All versions < V4.0.1.1), SCALANCE S627-2M (All versions < V4.0.1.1). The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known. |
