Export limit exceeded: 44234 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44234 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-0025 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2024-11-21 | N/A |
| A persistent cross-site scripting (XSS) vulnerability in RADIUS configuration menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. | ||||
| CVE-2019-0024 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2024-11-21 | N/A |
| A persistent cross-site scripting (XSS) vulnerability in the Email Collectors menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. | ||||
| CVE-2019-0023 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2024-11-21 | N/A |
| A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. | ||||
| CVE-2019-0022 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2024-11-21 | N/A |
| Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3. | ||||
| CVE-2019-0020 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2024-11-21 | N/A |
| Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full control of any installation of the software. Affected releases are Juniper Networks Juniper ATP: 5.0 versions prior to 5.0.3. | ||||
| CVE-2019-0018 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2024-11-21 | N/A |
| A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. | ||||
| CVE-2019-0002 | 1 Juniper | 3 Ex2300, Ex3400, Junos | 2024-11-21 | 9.8 Critical |
| On EX2300 and EX3400 series, stateless firewall filter configuration that uses the action 'policer' in combination with other actions might not take effect. When this issue occurs, the output of the command: show pfe filter hw summary will not show the entry for: RACL group Affected releases are Junos OS on EX2300 and EX3400 series: 15.1X53 versions prior to 15.1X53-D590; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2. This issue affect both IPv4 and IPv6 firewall filter. | ||||
| CVE-2018-9999 | 1 Zulip | 1 Zulip Server | 2024-11-21 | N/A |
| In Zulip Server versions before 1.7.2, there was an XSS issue with user uploads and the (default) LOCAL_UPLOADS_DIR storage backend. | ||||
| CVE-2018-9997 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page with data-toggle gadgets. | ||||
| CVE-2018-9993 | 1 Yunucms | 1 Yunucms | 2024-11-21 | N/A |
| YUNUCMS 1.0.7 has XSS via the content title on an admin/content/addcontent/cid/## page (aka a news center page). | ||||
| CVE-2018-9992 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | N/A |
| Frog CMS 0.9.5 has XSS via the name field of a new "File" or "Directory" on the admin/?/plugin/file_manager/browse/ screen. | ||||
| CVE-2018-9991 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | N/A |
| Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter. | ||||
| CVE-2018-9990 | 1 Zulip | 1 Zulip Server | 2024-11-21 | N/A |
| In Zulip Server versions before 1.7.2, there was an XSS issue with stream names in topic typeahead. | ||||
| CVE-2018-9987 | 1 Zulip | 1 Zulip Server | 2024-11-21 | N/A |
| In Zulip Server versions 1.5.x, 1.6.x, and 1.7.x before 1.7.2, there was an XSS issue with muting notifications. | ||||
| CVE-2018-9986 | 1 Zulip | 1 Zulip Server | 2024-11-21 | N/A |
| In Zulip Server versions before 1.7.2, there were XSS issues with the frontend markdown processor. | ||||
| CVE-2018-9985 | 1 Metinfo | 1 Metinfo | 2024-11-21 | N/A |
| The front page of MetInfo 6.0 allows XSS by sending a feedback message to an administrator. | ||||
| CVE-2018-9928 | 1 Metinfo | 1 Metinfo | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML via the webname or weburl parameter. | ||||
| CVE-2018-9925 | 1 Icmsdev | 1 Icms | 2024-11-21 | N/A |
| An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists via the nickname field in an admincp.php?app=user&do=save&frame=iPHP request. | ||||
| CVE-2018-9864 | 1 3cx | 1 Live Chat | 2024-11-21 | N/A |
| The WP Live Chat Support plugin before 8.0.06 for WordPress has stored XSS via the Name field. | ||||
| CVE-2018-9861 | 2 Ckeditor, Drupal | 2 Enhanced Image, Drupal | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor (in versions 4.5.10 through 4.9.1; fixed in 4.9.2), as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, allows remote attackers to inject arbitrary web script through a crafted IMG element. | ||||