Export limit exceeded: 44176 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44176 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-18940 | 1 Netscape | 1 Enterprise Server | 2024-11-21 | N/A |
| servlet/SnoopServlet (a servlet installed by default) in Netscape Enterprise 3.63 has reflected XSS via an arbitrary parameter=[XSS] in the query string. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. NOTE: this product is discontinued. | ||||
| CVE-2018-18939 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2024-11-21 | N/A |
| An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via a seventh input field. | ||||
| CVE-2018-18929 | 1 Trms | 2 Seneca Hdn, Seneca Hdn Firmware | 2024-11-21 | 8.8 High |
| The Tightrope Media Carousel Seneca HDn Windows-based appliance 7.0.4.104 is shipped with a default local administrator username and password. This can be found by a limited user account in an "unattend.xml" file left over on the C: drive from the Sysprep process. An attacker with this username and password can leverage it to gain administrator-level access on the system. | ||||
| CVE-2018-18927 | 1 Publiccms | 1 Publiccms | 2024-11-21 | N/A |
| An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list "attached" attribute (which typically has 'class="icon-globe icon-large"' in its value), as demonstrated by an 'UPDATE sys_module SET attached = "[XSS]" WHERE id="page_list"' statement. | ||||
| CVE-2018-18919 | 1 Iiong | 1 Wp Editor.md | 2024-11-21 | N/A |
| The WP Editor.md plugin 10.0.1 for WordPress allows XSS via the comment area. | ||||
| CVE-2018-18909 | 1 Xheditor | 1 Xheditor | 2024-11-21 | N/A |
| xhEditor 1.2.2 allows XSS via JavaScript code in the SRC attribute of an IFRAME element within the editor's source-code view. | ||||
| CVE-2018-18886 | 1 Helpy.io | 1 Helpy | 2024-11-21 | 6.1 Medium |
| Helpy v2.1.0 has Stored XSS via the Ticket title. | ||||
| CVE-2018-18882 | 1 Controlbyweb | 2 X-320m-i, X-320m-i Firmware | 2024-11-21 | N/A |
| A stored cross-site scripting (XSS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can inject arbitrary script via setup.html in the web interface. | ||||
| CVE-2018-18880 | 1 Columbiaweather | 2 Weather Microserver, Weather Microserver Firmware | 2024-11-21 | N/A |
| In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a networkdiags.php reflected Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script. | ||||
| CVE-2018-18875 | 1 Columbiaweather | 2 Weather Microserver, Weather Microserver Firmware | 2024-11-21 | N/A |
| In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a stored Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script via changestationname.php. | ||||
| CVE-2018-18872 | 1 Kieranoshea | 1 Calendar | 2024-11-21 | N/A |
| The Kieran O'Shea Calendar plugin before 1.3.11 for WordPress has Stored XSS via the event_title parameter in a wp-admin/admin.php?page=calendar add action, or the category name during category creation at the wp-admin/admin.php?page=calendar-categories URI. | ||||
| CVE-2018-18868 | 1 No-cms Project | 1 No-cms | 2024-11-21 | N/A |
| No-CMS 1.1.3 is prone to Persistent XSS via a contact_us name parameter, as demonstrated by the VG48Z5PqVWname parameter. | ||||
| CVE-2018-18864 | 1 Loadbalancer | 1 Enterprise Va Max | 2024-11-21 | N/A |
| Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed. | ||||
| CVE-2018-18845 | 1 Advanced Comment System Project | 1 Advanced Comment System | 2024-11-21 | N/A |
| internal/advanced_comment_system/index.php and internal/advanced_comment_system/admin.php in Advanced Comment System, version 1.0, contain a reflected cross-site scripting vulnerability via ACS_path. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The product is discontinued. | ||||
| CVE-2018-18841 | 1 Sem-cms | 1 Semcms | 2024-11-21 | N/A |
| XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexkey parameter. | ||||
| CVE-2018-18840 | 1 Sem-cms | 1 Semcms | 2024-11-21 | N/A |
| XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexmetatit parameter. | ||||
| CVE-2018-18825 | 1 Pagoda Linux Project | 1 Pagoda Linux | 2024-11-21 | N/A |
| Pagoda Linux panel V6.0 has XSS via the verification code associated with an invalid account login. A crafted code is mishandled during rendering of the login log. | ||||
| CVE-2018-18824 | 1 Wolfcms | 1 Wolf Cms | 2024-11-21 | N/A |
| WolfCMS v0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/file_manager/browse/. | ||||
| CVE-2018-18823 | 1 Wolfcms | 1 Wolf Cms | 2024-11-21 | N/A |
| WolfCMS 0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/file_manager/browse/. | ||||
| CVE-2018-18816 | 1 Tibco | 3 Jasperreports Server, Jaspersoft, Jaspersoft Reporting And Analytics | 2024-11-21 | N/A |
| The repository component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS contains a persistent cross site scripting vulnerability. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi- Tenancy versions up to and including 7.1.0, and TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0. | ||||