| CVE-2019-10349 |
Jenkins Dependency Graph Viewer Plugin |
XSS |
Persistent JavaScript injection via job configuration |
| CVE-2019-6804 |
Rundeck Community Edition (< 3.0.13) |
XSS |
Malicious scripts injected on the Job Edit page |
| CVE-2017-14618 |
PHPMyFAQ (≤ 2.9.8) |
XSS |
Script injection via Questions field in Add New FAQ |
| CVE-2017-14619 |
PHPMyFAQ (≤ 2.9.8) |
XSS |
HTML/JavaScript injection via “Title of your FAQ” field |
| CVE-2017-15284 |
OctoberCMS 1.0.425 |
XSS |
Malicious SVG avatar upload leading to JavaScript execution |
| CVE-2017-16807 |
Kirby CMS (< 2.5.7) |
XSS |
Script execution via specially crafted SVG file |
| CVE-2017-18048 |
Monstra CMS 3.0.4 |
Arbitrary File Upload |
Remote command execution via dangerous file uploads |
| CVE-2017-18049 |
SilverStripe CMS (< 3.5.6, < 3.6.3, < 4.0.1) |
CSV Injection |
CSV exports containing executable macros/scripts |