Export limit exceeded: 44054 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44054 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-17952 | 1 Microfocus | 1 Edirectory | 2024-11-21 | N/A |
| Cross site scripting vulnerability in eDirectory prior to 9.1 SP2 | ||||
| CVE-2018-17949 | 1 Microfocus | 1 Imanager | 2024-11-21 | N/A |
| Cross site scripting vulnerability in iManager prior to 3.1 SP2. | ||||
| CVE-2018-17947 | 1 Atmist | 1 Snazzy Maps | 2024-11-21 | N/A |
| The Snazzy Maps plugin before 1.1.5 for WordPress has XSS via the text or tab parameter. | ||||
| CVE-2018-17946 | 1 Tribulant | 1 Slideshow Gallery | 2024-11-21 | N/A |
| The Tribulant Slideshow Gallery plugin before 1.6.6.1 for WordPress has XSS via the id, method, Gallerymessage, Galleryerror, or Galleryupdated parameter. | ||||
| CVE-2018-17919 | 1 Xiongmaitech | 1 Xmeye P2p Cloud Server | 2024-11-21 | N/A |
| All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use an undocumented user account "default" with its default password to login to XMeye and access/view video streams. | ||||
| CVE-2018-17904 | 1 Geovap | 1 Reliance 4 | 2024-11-21 | N/A |
| Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This vulnerability could allow an unauthorized attacker to inject arbitrary code. | ||||
| CVE-2018-17896 | 1 Yokogawa | 8 Fcj, Fcj Firmware, Fcn-100 and 5 more | 2024-11-21 | N/A |
| Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work. | ||||
| CVE-2018-17894 | 1 Nuuo | 1 Nuuo Cms | 2024-11-21 | N/A |
| NUUO CMS all versions 3.1 and prior, The application creates default accounts that have hard-coded passwords, which could allow an attacker to gain privileged access. | ||||
| CVE-2018-17886 | 1 Jeesns | 1 Jeesns | 2024-11-21 | N/A |
| An issue was discovered in JEESNS 1.3. The XSS filter in com.lxinet.jeesns.core.utils.XssHttpServletRequestWrapper.java could be bypassed, as demonstrated by a <svg/onLoad=confirm substring. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-12429. | ||||
| CVE-2018-17884 | 1 Gwolle Guestbook Project | 1 Gwolle Guestbook | 2024-11-21 | N/A |
| XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook (gwolle-gb) plugin before 2.5.4 for WordPress via the PATH_INFO to wp-admin/index.php | ||||
| CVE-2018-17876 | 1 Web-feet | 1 Coaster Cms | 2024-11-21 | N/A |
| A Stored XSS vulnerability has been discovered in the v5.5.0 version of the Coaster CMS product. | ||||
| CVE-2018-17874 | 1 Expressionengine | 1 Expressionengine | 2024-11-21 | N/A |
| ExpressionEngine before 4.3.5 has reflected XSS. | ||||
| CVE-2018-17868 | 1 Dasan | 2 H660gw, H660gw Firmware | 2024-11-21 | N/A |
| DASAN H660GW devices have Stored XSS in the Port Forwarding functionality. | ||||
| CVE-2018-17866 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2.0.28 for WordPress allow remote attackers to inject arbitrary web script or HTML via the "Primary button Text" or "Second button text" field. | ||||
| CVE-2018-17865 | 1 Sap | 1 J2ee Engine | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2018-17862 | 1 Sap | 1 J2ee Engine | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sys_jdbc parameter to /TestJDBC_Web/test2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2018-17861 | 1 Sap | 1 J2ee Engine | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2018-17849 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | N/A |
| Navigate CMS 2.8 has Stored XSS via a navigate_upload.php (aka File Upload) request with a multipart/form-data JavaScript payload. | ||||
| CVE-2018-17835 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | N/A |
| An issue was discovered in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalink Structure parameter, which injects the XSS payload into any page created at the admin/pages.php URI. | ||||
| CVE-2018-17832 | 1 Wuzhicms | 1 Wuzhi Cms | 2024-11-21 | N/A |
| XSS exists in WUZHI CMS 2.0 via the index.php v or f parameter. | ||||