Export limit exceeded: 44064 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44064 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-18998 | 1 Lcds | 1 Laquis Scada | 2024-11-21 | N/A |
| LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credentials, which may allow an attacker unauthorized access to the system with high privileges. | ||||
| CVE-2018-18997 | 1 Abb | 4 Gate-e1, Gate-e1 Firmware, Gate-e2 and 1 more | 2024-11-21 | N/A |
| Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthenticated attacker using the administrative web interface to insert an HTML/Javascript payload into any of the device properties, which may allow an attacker to display/execute the payload in a visitor browser. | ||||
| CVE-2018-18991 | 1 Spidercontrol | 1 Scada Webserver | 2024-11-21 | N/A |
| Reflected cross-site scripting (non-persistent) in SCADA WebServer (Versions prior to 2.03.0001) could allow an attacker to send a crafted URL that contains JavaScript, which can be reflected off the web application to the victim's browser. | ||||
| CVE-2018-18985 | 1 Tridium | 3 Niagara, Niagara Ax Framework, Niagara Enterprise Security | 2024-11-21 | N/A |
| Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.118.6, Niagara AX 3.8u4, all versions prior to 3.8.401.1, Niagara 4.4u2, all versions prior to 4.4.93.40.2, and Niagara 4.6, all versions prior to 4.6.96.28.4 a cross-site scripting vulnerability has been identified that may allow a remote attacker to inject code to some web pages affecting confidentiality. | ||||
| CVE-2018-18979 | 1 Ascensia | 1 Contour Diabetes | 2024-11-21 | N/A |
| An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded initialization vector. Extraction of the initialization vector is necessary for deciphering communications between this application and the backend server. This, in combination with retrieving any user's encrypted data from the Ascensia cloud through another vulnerability, allows an attacker to obtain and modify any patient's medical information. | ||||
| CVE-2018-18978 | 1 Ascensia | 1 Contour Diabetes | 2024-11-21 | N/A |
| An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded encryption key. Extraction of the encryption key is necessary for deciphering communications between this application and the backend server. This, in combination with retrieving any user's encrypted data from the Ascensia cloud through another vulnerability, allows an attacker to obtain and modify any patient's medical information. | ||||
| CVE-2018-18952 | 1 Jeecms | 1 Jeecms | 2024-11-21 | N/A |
| JEECMS 9.3 has XSS via an index.do#/content/update?type=update URI. | ||||
| CVE-2018-18943 | 1 Basercms | 1 Basercms | 2024-11-21 | N/A |
| An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the data[UploaderCategory][name] parameter to an admin/uploader/uploader_categories/edit URI. | ||||
| CVE-2018-18940 | 1 Netscape | 1 Enterprise Server | 2024-11-21 | N/A |
| servlet/SnoopServlet (a servlet installed by default) in Netscape Enterprise 3.63 has reflected XSS via an arbitrary parameter=[XSS] in the query string. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. NOTE: this product is discontinued. | ||||
| CVE-2018-18939 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2024-11-21 | N/A |
| An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via a seventh input field. | ||||
| CVE-2018-18929 | 1 Trms | 2 Seneca Hdn, Seneca Hdn Firmware | 2024-11-21 | 8.8 High |
| The Tightrope Media Carousel Seneca HDn Windows-based appliance 7.0.4.104 is shipped with a default local administrator username and password. This can be found by a limited user account in an "unattend.xml" file left over on the C: drive from the Sysprep process. An attacker with this username and password can leverage it to gain administrator-level access on the system. | ||||
| CVE-2018-18927 | 1 Publiccms | 1 Publiccms | 2024-11-21 | N/A |
| An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list "attached" attribute (which typically has 'class="icon-globe icon-large"' in its value), as demonstrated by an 'UPDATE sys_module SET attached = "[XSS]" WHERE id="page_list"' statement. | ||||
| CVE-2018-18919 | 1 Iiong | 1 Wp Editor.md | 2024-11-21 | N/A |
| The WP Editor.md plugin 10.0.1 for WordPress allows XSS via the comment area. | ||||
| CVE-2018-18909 | 1 Xheditor | 1 Xheditor | 2024-11-21 | N/A |
| xhEditor 1.2.2 allows XSS via JavaScript code in the SRC attribute of an IFRAME element within the editor's source-code view. | ||||
| CVE-2018-18886 | 1 Helpy.io | 1 Helpy | 2024-11-21 | 6.1 Medium |
| Helpy v2.1.0 has Stored XSS via the Ticket title. | ||||
| CVE-2018-18882 | 1 Controlbyweb | 2 X-320m-i, X-320m-i Firmware | 2024-11-21 | N/A |
| A stored cross-site scripting (XSS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can inject arbitrary script via setup.html in the web interface. | ||||
| CVE-2018-18880 | 1 Columbiaweather | 2 Weather Microserver, Weather Microserver Firmware | 2024-11-21 | N/A |
| In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a networkdiags.php reflected Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script. | ||||
| CVE-2018-18875 | 1 Columbiaweather | 2 Weather Microserver, Weather Microserver Firmware | 2024-11-21 | N/A |
| In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a stored Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script via changestationname.php. | ||||
| CVE-2018-18872 | 1 Kieranoshea | 1 Calendar | 2024-11-21 | N/A |
| The Kieran O'Shea Calendar plugin before 1.3.11 for WordPress has Stored XSS via the event_title parameter in a wp-admin/admin.php?page=calendar add action, or the category name during category creation at the wp-admin/admin.php?page=calendar-categories URI. | ||||
| CVE-2018-18868 | 1 No-cms Project | 1 No-cms | 2024-11-21 | N/A |
| No-CMS 1.1.3 is prone to Persistent XSS via a contact_us name parameter, as demonstrated by the VG48Z5PqVWname parameter. | ||||