Total
323682 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-15202 | 1 Juunan06 | 1 Ecommerce | 2024-11-21 | N/A |
| An issue was discovered in Juunan06 eCommerce through 2018-08-05. There is a CSRF vulnerability in ee/eBoutique/app/template/includes/crudTreatment.php that can add new users and add products. | ||||
| CVE-2018-15199 | 1 Auracms | 1 Auracms | 2024-11-21 | N/A |
| AuraCMS 2.3 allows XSS via a Bukutamu -> AddGuestbook action. | ||||
| CVE-2018-15198 | 1 Onethink | 1 Onethink | 2024-11-21 | N/A |
| An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/User/add.html that can add a user. | ||||
| CVE-2018-15197 | 1 Onethink | 1 Onethink | 2024-11-21 | N/A |
| An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/AuthManager/addToGroup.html that can endow administrator privileges. | ||||
| CVE-2018-15193 | 1 Gogs | 1 Gogs | 2024-11-21 | N/A |
| A CSRF vulnerability in the admin panel in Gogs through 0.11.53 allows remote attackers to execute admin operations via a crafted issue / link. | ||||
| CVE-2018-15192 | 2 Gitea, Gogs | 2 Gitea, Gogs | 2024-11-21 | N/A |
| An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services. | ||||
| CVE-2018-15191 | 1 Hotel Booking Script Project | 1 Hotel Booking Script | 2024-11-21 | N/A |
| PHP Scripts Mall hotel-booking-script 2.0.4 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, or Address field. | ||||
| CVE-2018-15190 | 1 Hotel Booking Script Project | 1 Hotel Booking Script | 2024-11-21 | N/A |
| PHP Scripts Mall hotel-booking-script 2.0.4 allows XSS via the First Name, Last Name, or Address field. | ||||
| CVE-2018-15189 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2024-11-21 | N/A |
| PHP Scripts Mall advanced-real-estate-script has XSS via the Name field of a profile. | ||||
| CVE-2018-15188 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2024-11-21 | N/A |
| PHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote attackers to cause a denial of service (page structure loss) via crafted JavaScript code in the Name field of a profile. | ||||
| CVE-2018-15187 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2024-11-21 | N/A |
| PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via edit-profile.php. | ||||
| CVE-2018-15186 | 1 Chartered Accountant \ | 1 Auditor Website Project | 2024-11-21 | N/A |
| PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has CSRF via client/auditor/updprofile.php. | ||||
| CVE-2018-15185 | 1 Naukri Clone Script Project | 1 Naukri Clone Script | 2024-11-21 | N/A |
| PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 allows remote attackers to cause a denial of service (page update outage) via crafted PHP and JavaScript code in the "Current Position" field. | ||||
| CVE-2018-15184 | 1 Naukri Clone Script Project | 1 Naukri Clone Script | 2024-11-21 | N/A |
| PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 has Stored XSS via the USERNAME field, a related issue to CVE-2018-6795. | ||||
| CVE-2018-15183 | 1 Myperfectresume \/ Jobhero \/ Resume Clone Script Project | 1 Myperfectresume \/ Jobhero \/ Resume Clone Script | 2024-11-21 | N/A |
| PHP Scripts Mall Myperfectresume / JobHero / Resume Clone Script 2.0.6 has Stored XSS via the Full Name and Title fields. | ||||
| CVE-2018-15182 | 1 Car Rental Script Project | 1 Car Rental Script | 2024-11-21 | N/A |
| PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the FirstName and LastName fields. | ||||
| CVE-2018-15181 | 1 Jio | 2 4g Hotspot M2s, 4g Hotspot M2s Firmware | 2024-11-21 | N/A |
| JioFi 4G Hotspot M2S devices allow attackers to cause a denial of service (secure configuration outage) via an XSS payload in the SSID name and Security Key fields. | ||||
| CVE-2018-15180 | 1 Qasymphony | 1 Qtest Manager | 2024-11-21 | N/A |
| qTest Portal in QASymphony qTest Manager 9.0.0 has an Open Redirect via the /portal/loginform redirect parameter. | ||||
| CVE-2018-15178 | 1 Gogs | 1 Gogs | 2024-11-21 | N/A |
| Open redirect vulnerability in Gogs before 0.12 allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via an initial /\ substring in the user/login redirect_to parameter, related to the function isValidRedirect in routes/user/auth.go. | ||||
| CVE-2018-15177 | 1 Gxlcms | 1 Gxlcms | 2024-11-21 | N/A |
| In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF attack can add an administrator account. | ||||