Export limit exceeded: 44233 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44233 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-7476 | 1 Finecms | 1 Finecms | 2024-11-21 | N/A |
| controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site Scripting (XSS) via the id or lid parameter in a c=linkage,m=import request to admin.php, because the xss_clean protection mechanism is defeated by crafted input that lacks a '<' or '>' character. | ||||
| CVE-2018-7475 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2018-7469 | 1 Entrepreneur Job Portal Script Project | 1 Entrepreneur Job Portal Script | 2024-11-21 | N/A |
| PHP Scripts Mall Entrepreneur Job Portal Script 2.0.9 has XSS via the p_name (aka Edit Category Name) field to admin/categories_industry.php (aka Categories - Industry Type). | ||||
| CVE-2018-7465 | 1 Virtuemart | 1 Virtuemart | 2024-11-21 | N/A |
| An XSS issue was discovered in VirtueMart before 3.2.14. All the textareas in the backend of the plugin can be closed by simply adding </textarea> to the value and saving the product/config. By editing back the product/config, the editor's browser will execute everything after the </textarea>, leading to a possible XSS. | ||||
| CVE-2018-7447 | 1 Mojoportal | 1 Mojoportal | 2024-11-21 | N/A |
| mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. The 'Title' and 'Subtitle' fields of the 'Blog' page are vulnerable. NOTE: The software maintainer disputes this as a vulnerability because the fields claimed to be vulnerable to XSS are only available to administrators who are supposed to have access to add scripts | ||||
| CVE-2018-7427 | 1 Splunk | 1 Splunk | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2018-7405 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-11-21 | N/A |
| Cross-site scripting (XSS) in Zoho ManageEngine EventLog Analyzer before 11.12 Build 11120 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2018-7355 | 1 Zte | 4 Mf65, Mf65 Firmware, Mf65m1 and 1 more | 2024-11-21 | N/A |
| All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0B02 of ZTE MF65M1 are impacted by cross-site scripting vulnerability. Due to improper neutralization of input during web page generation, an attacker could exploit this vulnerability to conduct reflected XSS or HTML injection attacks on the devices. | ||||
| CVE-2018-7303 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | N/A |
| The Calendar component in Tiki 17.1 allows HTML injection. | ||||
| CVE-2018-7302 | 1 Tiki | 1 Tiki | 2024-11-21 | N/A |
| Tiki 17.1 allows upload of a .PNG file that actually has SVG content, leading to XSS. | ||||
| CVE-2018-7290 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | N/A |
| Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, and 18.1. | ||||
| CVE-2018-7280 | 1 Ninjaforms | 1 Ninja Forms | 2024-11-21 | N/A |
| The Ninja Forms plugin before 3.2.14 for WordPress has XSS. | ||||
| CVE-2018-7278 | 1 Rletech | 4 Fds-pc, Fds-pc-dp, Fds-pc-dp Firmware and 1 more | 2024-11-21 | N/A |
| An issue was discovered on RLE Protocol Converter FDS-PC / FDS-PC-DP 2.1 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP. | ||||
| CVE-2018-7277 | 1 Rletech | 4 Fds-wi, Fds-wi Firmware, Wi-mgr and 1 more | 2024-11-21 | N/A |
| An issue was discovered on RLE Wi-MGR/FDS-Wi 6.2 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP. | ||||
| CVE-2018-7274 | 1 Quarx Cms Project | 1 Quarx Cms | 2024-11-21 | 6.1 Medium |
| Yab Quarx through 2.4.3 is prone to multiple persistent cross-site scripting vulnerabilities: Blog (Title), FAQ (Question), Pages (Title), Widgets (Name), and Menus (Name). | ||||
| CVE-2018-7265 | 1 Shimmie2 Project | 1 Shimmie2 | 2024-11-21 | N/A |
| Shimmie 2 2.6.0 allows an attacker to upload a crafted SVG file that enables stored XSS. | ||||
| CVE-2018-7261 | 1 Radiantcms | 1 Radiant Cms | 2024-11-21 | N/A |
| There are multiple Persistent XSS vulnerabilities in Radiant CMS 1.1.4. They affect Personal Preferences (Name and Username) and Configuration (Site Title, Dev Site Domain, Page Parts, and Page Fields). | ||||
| CVE-2018-7260 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2018-7241 | 1 Schneider-electric | 114 140cpu31110, 140cpu31110 Firmware, 140cpu31110c and 111 more | 2024-11-21 | N/A |
| Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. | ||||
| CVE-2018-7229 | 1 Schneider-electric | 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more | 2024-11-21 | 9.8 Critical |
| A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow an unauthenticated, remote attacker to bypass authentication and gain administrator privileges because the use of hardcoded credentials. | ||||