Export limit exceeded: 44167 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44167 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-20454 | 1 74cms | 1 74cms | 2024-11-21 | N/A |
| An issue was discovered in 74cms v4.2.111. upload/index.php?c=resume&a=resume_list has XSS via the key parameter. | ||||
| CVE-2018-20448 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | N/A |
| Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI. | ||||
| CVE-2018-20432 | 1 Dlink | 4 Covr-2600r, Covr-2600r Firmware, Covr-3902 and 1 more | 2024-11-21 | 9.8 Critical |
| D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration. | ||||
| CVE-2018-20418 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | N/A |
| index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab. | ||||
| CVE-2018-20379 | 1 Technicolor | 2 Dpc3928sl, Dpc3928sl Firmware | 2024-11-21 | N/A |
| Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-160428a devices allow XSS via a Cross Protocol Injection attack with setSSID of 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.1.1.3.10001. | ||||
| CVE-2018-20373 | 1 Tendacn | 2 Adsl, Adsl Firmware | 2024-11-21 | N/A |
| Tenda ADSL modem routers 1.0.1 allow XSS via the hostname of a DHCP client. | ||||
| CVE-2018-20372 | 1 Tp-link | 2 Td-w8961nd, Td-w8961nd Firmware | 2024-11-21 | N/A |
| TP-Link TD-W8961ND devices allow XSS via the hostname of a DHCP client. | ||||
| CVE-2018-20370 | 1 The-sz | 1 Netchat | 2024-11-21 | N/A |
| SZ NetChat before 7.9 has XSS in the MyName input field of the Options module. Attackers are able to inject commands to compromise the enabled HTTP server web frontend. | ||||
| CVE-2018-20369 | 1 Barracuda | 1 Message Archiver | 2024-11-21 | N/A |
| Barracuda Message Archiver 2018 has XSS in the error_msg exception-handling value for the ldap_user parameter to the cgi-mod/ldap_load_entry.cgi module. The injection point of the issue is the Add_Update module. | ||||
| CVE-2018-20368 | 1 Averta | 1 Master Slider | 2024-11-21 | N/A |
| The Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the wp-admin/admin-ajax.php Name input field of the MSPanel.Settings value on Callback. | ||||
| CVE-2018-20367 | 1 Wstmart | 1 Wstmart | 2024-11-21 | N/A |
| The "mall some commodity details: commodity consultation" component in WSTMart 2.0.8_181212 has stored XSS via the consultContent parameter, as demonstrated by the index.php/home/goodsconsult/add.html URI. | ||||
| CVE-2018-20351 | 1 Evernote | 1 Evernote | 2024-11-21 | N/A |
| The Markdown component in Evernote (Chinese) before 8.3.2 on macOS allows stored XSS, aka MAC-832. | ||||
| CVE-2018-20339 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section. | ||||
| CVE-2018-20328 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | N/A |
| Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php in the social groups tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered "low risk" due to the nature of the feature it exploits. | ||||
| CVE-2018-20327 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | N/A |
| Chamilo LMS version 1.11.8 contains XSS in main/template/default/admin/gradebook_list.tpl in the gradebook dependencies tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered "low risk" due to the nature of the feature it exploits. | ||||
| CVE-2018-20326 | 1 Chinamobile | 2 Gpn2.4p21-c-cn, Gpn2.4p21-c-cn Firmware | 2024-11-21 | N/A |
| ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have XSS via the cgi-bin/webproc?getpage=html/index.html var:subpage parameter. | ||||
| CVE-2018-20322 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | N/A |
| LimeSurvey version 3.15.5 contains a Cross-site scripting (XSS) vulnerability in Survey Resource zip upload, resulting in Javascript code execution against LimeSurvey administrators. Fixed in version 3.15.6. | ||||
| CVE-2018-20306 | 1 Pulsesecure | 1 Virtual Traffic Manager | 2024-11-21 | N/A |
| A stored cross-site scripting (XSS) vulnerability in the web administration user interface of Pulse Secure Virtual Traffic Manager may allow a remote authenticated attacker to inject web script or HTML via a crafted website and steal sensitive data and credentials. Affected releases are Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1. | ||||
| CVE-2018-20302 | 1 Emetrotel | 1 Xain | 2024-11-21 | N/A |
| An XSS issue was discovered in Steve Pallen Xain before 0.6.2 via the order parameter. | ||||
| CVE-2018-20244 | 1 Apache | 1 Airflow | 2024-11-21 | N/A |
| In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. | ||||