Export limit exceeded: 44161 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44161 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-18248 | 1 Icinga | 1 Icinga Web 2 | 2024-11-21 | N/A |
| Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir parameter, the /icingaweb2/user/list query string, the /icingaweb2/monitoring/timeline query string, or the /icingaweb2/setup query string. | ||||
| CVE-2018-18247 | 1 Icinga | 1 Icinga Web 2 | 2024-11-21 | N/A |
| Icinga Web 2 before 2.6.2 has XSS via the /icingaweb2/navigation/add icon parameter. | ||||
| CVE-2018-18245 | 2 Debian, Nagios | 2 Debian Linux, Nagios Core | 2024-11-21 | N/A |
| Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE. | ||||
| CVE-2018-18244 | 1 Vivotek | 1 Camera | 2024-11-21 | N/A |
| Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header. | ||||
| CVE-2018-18210 | 1 Dilicms | 1 Dilicms | 2024-11-21 | N/A |
| XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_url parameter. | ||||
| CVE-2018-18209 | 1 Dilicms | 1 Dilicms | 2024-11-21 | N/A |
| XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=site_attachment attachment_type parameter. | ||||
| CVE-2018-18208 | 1 Virtualmin | 1 Virtualmin | 2024-11-21 | N/A |
| Virtualmin 6.03 allows XSS via the query string, as demonstrated by the webmin_search.cgi URI. | ||||
| CVE-2018-18199 | 1 Redaxo | 1 Redaxo | 2024-11-21 | N/A |
| Mediamanager in REDAXO before 5.6.4 has XSS. | ||||
| CVE-2018-18198 | 1 Redaxo | 1 Redaxo | 2024-11-21 | N/A |
| The $opener_input_field variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page. The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=[XSS] request. | ||||
| CVE-2018-18087 | 1 Bixie | 1 Portfolio | 2024-11-21 | N/A |
| The Bixie Portfolio plugin 1.2.0 for Pagekit has XSS: a logged-in user who has the "Manage portfolio" privilege can inject arbitrary web script or HTML via the Image URL field in the portfolio editor. The vulnerability is triggered by visiting /portfolio/${project_title}. | ||||
| CVE-2018-18082 | 1 Bijiadao | 1 Waimai Super Cms | 2024-11-21 | N/A |
| XSS exists in Waimai Super Cms 20150505 via the fname parameter to the admin.php?m=Food&a=addsave or admin.php?m=Food&a=editsave URI. | ||||
| CVE-2018-18069 | 1 Wpml | 1 Wpml | 2024-11-21 | N/A |
| process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php. | ||||
| CVE-2018-18062 | 1 Tecrail | 1 Responsive Filemanager | 2024-11-21 | N/A |
| An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. A reflected XSS vulnerability allows remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2018-18035 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A |
| A vulnerability in flashcanvas.swf in OpenEMR before 5.0.1 Patch 6 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. | ||||
| CVE-2018-18029 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | N/A |
| Navigate CMS has Stored XSS via the navigate.php Title field in an edit action. | ||||
| CVE-2018-18019 | 1 Tribulant | 1 Slideshow Gallery | 2024-11-21 | N/A |
| XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-slides&method=save Slide[title], Slide[media_file], or Slide[image_url] parameter. | ||||
| CVE-2018-18017 | 1 Tribulant | 1 Slideshow Gallery | 2024-11-21 | N/A |
| XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter. | ||||
| CVE-2018-18009 | 1 Dlink | 4 Dir-140l, Dir-140l Firmware, Dir-640l and 1 more | 2024-11-21 | 9.8 Critical |
| dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials. | ||||
| CVE-2018-18008 | 1 Dlink | 14 Dir-140l, Dir-140l Firmware, Dir-640l and 11 more | 2024-11-21 | N/A |
| spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials. | ||||
| CVE-2018-18007 | 1 Dlink | 2 Dsl-2770l, Dsl-2770l Firmware | 2024-11-21 | 9.8 Critical |
| atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials. | ||||