タイプ別 CVE リスト:XSS(公開年で絞り込み)

XSS に分類される脆弱性に紐づく CVE を、公開年で絞り込みます。一覧は新しい公開が上に来る並びで、CVSS / EPSS のリスク指標でもさらに絞り込めます。

直近の脆弱性公開や傾向を押さえ、セキュリティチームが高リスクな事象や悪用の可能性を素早く把握するためのビューです。

2018 年に公開され、XSS に分類される CVE を表示しています。 CVE の一覧へ

CVSS スコア
表示中 120 / 2029
«« 先頭 « 前へ 1 / 102 次へ »
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2018-6333 The hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering. As a result, a malicious URL could be used to render HTML and other content inside of the editor's context, which could potentially be chained to lead to code execution. This issue affected Nuclide prior to v0.290.0. 9.8 2.33% 2018-12-31 2026-06-16
CVE-2018-6341 React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was fixed in 16.0.1, 16.1.2, 16.2.1, 16.3.3, and 16.4.2. 6.1 3.43% 2018-12-31 2026-06-16
CVE-2018-19918 CuppaCMS has XSS via an SVG document uploaded to the administrator/#/component/table_manager/view/cu_views URI. 5.4 0.66% 2018-12-31 2026-06-16
CVE-2018-19906 Stored XSS exists in razorCMS 3.4.8 via the /#/page description parameter. 5.4 0.66% 2018-12-31 2026-06-16
CVE-2018-19905 HTML injection exists in razorCMS 3.4.8 via the /#/page keywords parameter. 5.4 0.67% 2018-12-31 2026-06-16
CVE-2018-19904 Persistent XSS exists in XSLT CMS via the create/?action=items.edit&type=Page "body" field. 6.1 0.86% 2018-12-31 2026-06-16
CVE-2018-19903 Persistent XSS exists in XSLT CMS via the create/?action=items.edit&type=Page title field. 6.1 0.71% 2018-12-31 2026-06-16
CVE-2018-19902 No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article "keyword" parameter. 4.8 0.56% 2018-12-31 2026-06-16
CVE-2018-19901 No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article/index/ "article_title" parameter. 4.8 0.56% 2018-12-31 2026-06-16
CVE-2018-19845 There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to CVE-2018-16325. 5.4 0.57% 2018-12-31 2026-06-16
CVE-2018-19844 FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, which is mishandled during an edit action, a related issue to CVE-2018-10319. 4.8 0.56% 2018-12-31 2026-06-16
CVE-2018-20611 imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo.php?cookie URI. 6.1 0.94% 2018-12-30 2026-06-16
CVE-2018-20601 UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action. 4.8 0.56% 2018-12-30 2026-06-16
CVE-2018-20600 sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit action. 6.1 0.71% 2018-12-30 2026-06-16
CVE-2018-20597 UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action. 4.8 0.55% 2018-12-30 2026-06-16
CVE-2018-20594 An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerability due to the absence of type parameter checking in FlowableModelManagerController.java. 6.1 0.86% 2018-12-30 2026-06-16
CVE-2018-20590 Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/users.php user ID. 4.8 0.63% 2018-12-30 2026-06-16
CVE-2018-20589 Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/add_pictures.php article ID. 4.8 0.64% 2018-12-30 2026-06-16
CVE-2018-20583 Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library versions 0.15.6 through 0.18.x before 0.18.1 allows remote attackers to insert unsafe URLs into HTML (even if allow_unsafe_links is false) via a newline character (e.g., writing javascript as javascri%0apt). 6.1 1.60% 2018-12-30 2026-06-16
CVE-2018-16638 Evolution CMS 1.4.x allows XSS via the manager/ search parameter. 5.4 0.57% 2018-12-28 2026-06-16
«« 先頭 « 前へ 1 / 102 次へ »
cvelogic Threat Intelligence