CVE-2017-14594

The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jqlQuery query parameter.

Source: CVE-2017-14594

CVE-2017-16862

The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist setting via a Cross-site request forgery (CSRF) vulnerability.

Source: CVE-2017-16862

CVE-2017-2158

Improper verification when expanding ZIP64 archives in Lhaplus versions 1.73 and earlier may lead to unintended contents to be extracted from a specially crafted ZIP64 archive.

Source: CVE-2017-2158

CVE-2017-16864

The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the orderby parameter.

Source: CVE-2017-16864

CVE-2018-5377

Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiverindex.php action parameter.

Source: CVE-2018-5377

CVE-2018-5376

Discuz! DiscuzX X3.4 has XSS via the includespacecpspacecp_upload.php op parameter.

Source: CVE-2018-5376

CVE-2018-5374

The Dbox 3D Slider Lite plugin through 1.2.2 for WordPress has SQL Injection via settingssliders.php (current_slider_id parameter).

Source: CVE-2018-5374

CVE-2018-5375

Discuz! DiscuzX X3.4 has XSS via the includespacecpspacecp_space.php appid parameter in a delete action.

Source: CVE-2018-5375

CVE-2018-5373

The Smooth Slider plugin through 2.8.6 for WordPress has SQL Injection via smooth-slider.php (trid parameter).

Source: CVE-2018-5373

CVE-2018-5362

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post_type][page] parameter to wp-admin/options.php.

Source: CVE-2018-5362