|
248771
|
5.4 |
MEDIUM
Network
|
schiocco
|
support_board_-_chat_and_help_desk
|
In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for WordPress, a Stored XSS vulnerability has been discovered in file upload areas in the Chat and Help Desk sections via the msg par…
|
CWE-79
Cross-site Scripting
|
CVE-2018-18373
|
2024-11-21 12:55 |
2018-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248772
|
6.1 |
MEDIUM
Network
|
kaasoft
|
library_cms
|
A Stored XSS vulnerability has been discovered in KAASoft Library CMS - Powerful Book Management System 2.1.1 via the /admin/book/create/ title parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-18372
|
2024-11-21 12:55 |
2018-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248773
|
6.1 |
MEDIUM
Network
|
zohocorp
|
manageengine_opmanager
|
Zoho ManageEngine OpManager 12.3 before build 123214 has XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2018-18262
|
2024-11-21 12:55 |
2018-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248774
|
6.1 |
MEDIUM
Network
|
aryanic
|
highportal
|
Aryanic HighPortal 12.5 has XSS via an Add Tags action.
|
CWE-79
Cross-site Scripting
|
CVE-2018-17964
|
2024-11-21 12:55 |
2018-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248775
|
8.8 |
HIGH
Network
|
jtbc
|
jtbc_php
|
JTBC(PHP) 3.0 allows CSRF for creating an account via the console/account/manage.php?type=action&action=add URI.
|
CWE-352
Origin Validation Error
|
CVE-2018-18436
|
2024-11-21 12:55 |
2018-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248776
|
7.5 |
HIGH
Network
|
litemall_project
|
litemall
|
An issue was discovered in litemall 0.9.0. Arbitrary file download is possible via ../ directory traversal in linlinjava/litemall/wx/web/WxStorageController.java in the litemall-wx-api component.
|
CWE-22
Path Traversal
|
CVE-2018-18434
|
2024-11-21 12:55 |
2018-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248777
|
4.8 |
MEDIUM
Network
|
destoon
|
destoon_b2b
|
An issue was discovered in DESTOON B2B 7.0. admin/category.inc.php has XSS via the category[catname] parameter to the admin.php URI.
|
CWE-79
Cross-site Scripting
|
CVE-2018-18433
|
2024-11-21 12:55 |
2018-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248778
|
8.8 |
HIGH
Network
|
destoon
|
destoon_b2b
|
An issue was discovered in DESTOON B2B 7.0. CSRF exists via the admin.php URI in an action=add request.
|
CWE-352
Origin Validation Error
|
CVE-2018-18432
|
2024-11-21 12:55 |
2018-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248779
|
4.8 |
MEDIUM
Network
|
destoon
|
destoon_b2b
|
An issue was discovered in DESTOON B2B 7.0. XSS exists via certain text boxes to the admin.php?moduleid=2&action=add URI.
|
CWE-79
Cross-site Scripting
|
CVE-2018-18431
|
2024-11-21 12:55 |
2018-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248780
|
4.8 |
MEDIUM
Network
|
destoon
|
destoon_b2b
|
An issue was discovered in DESTOON B2B 7.0. admin\setting.inc.php has XSS via the first text box to the admin.php URI.
|
CWE-79
Cross-site Scripting
|
CVE-2018-18430
|
2024-11-21 12:55 |
2018-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|