Export limit exceeded: 44079 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44079 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-17051 | 1 Knet | 1 Cisco Configuration Manager | 2024-11-21 | N/A |
| K-Net Cisco Configuration Manager through 2014-11-19 has XSS via devices.php. | ||||
| CVE-2018-17049 | 1 Cqu Lankers Project | 1 Cqu Lankers | 2024-11-21 | N/A |
| CQU-LANKERS through 2017-11-02 has XSS via the public/api.php callback parameter in an uploadpic action. | ||||
| CVE-2018-17046 | 1 Translate Man Project | 1 Translate Man | 2024-11-21 | N/A |
| translate man before 2018-08-21 has XSS via containers/outputBox/outputBox.vue and store/index.js. | ||||
| CVE-2018-17044 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | N/A |
| In YzmCMS 5.1, stored XSS exists via the admin/system_manage/user_config_add.html title parameter. | ||||
| CVE-2018-17039 | 2 1234n, Microsoft | 2 Minicms, Internet Explorer | 2024-11-21 | N/A |
| MiniCMS 1.10, when Internet Explorer is used, allows XSS via a crafted URI because $_SERVER['REQUEST_URI'] is mishandled. | ||||
| CVE-2018-17034 | 1 Ucms Project | 1 Ucms | 2024-11-21 | N/A |
| UCMS 1.4.6 has XSS via the install/index.php mysql_dbname parameter. | ||||
| CVE-2018-17031 | 1 Gogs | 1 Gogs | 2024-11-21 | N/A |
| In Gogs 0.11.53, an attacker can use a crafted .eml file to trigger MIME type sniffing, which leads to XSS, as demonstrated by Internet Explorer, because an "X-Content-Type-Options: nosniff" header is not sent. | ||||
| CVE-2018-17026 | 1 Monstra | 1 Monstra | 2024-11-21 | N/A |
| admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an edit_page&name=error404 action, a different vulnerability than CVE-2018-10121. | ||||
| CVE-2018-17025 | 1 Monstra | 1 Monstra | 2024-11-21 | N/A |
| admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an edit_page action for a page with no special role. | ||||
| CVE-2018-17024 | 1 Monstra | 1 Monstra | 2024-11-21 | N/A |
| admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an add_page action. | ||||
| CVE-2018-17021 | 1 Asus | 2 Gt-ac5300, Gt-ac5300 Firmware | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability on ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allows remote attackers to inject arbitrary web script or HTML via the appGet.cgi hook parameter. | ||||
| CVE-2018-17003 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | N/A |
| In LimeSurvey 3.14.7, HTML Injection and Stored XSS have been discovered in the appendix via the surveyls_title parameter to /index.php?r=admin/survey/sa/insert. | ||||
| CVE-2018-17002 | 1 Ricoh | 2 Mp 2001sp, Mp 2001sp Firmware | 2024-11-21 | N/A |
| On the RICOH MP 2001 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | ||||
| CVE-2018-17001 | 1 Ricoh | 2 Sp 4510sf, Sp 4510sf Firmware | 2024-11-21 | N/A |
| On the RICOH SP 4510SF printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | ||||
| CVE-2018-16980 | 1 Dotcms | 1 Dotcms | 2024-11-21 | N/A |
| dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/image_tools/index.jsp fieldName and inode parameters. | ||||
| CVE-2018-16978 | 1 Monstra | 1 Monstra | 2024-11-21 | N/A |
| Monstra CMS V3.0.4 has XSS when ones tries to register an account with a crafted password parameter to users/registration, a different vulnerability than CVE-2018-11473. | ||||
| CVE-2018-16967 | 1 Filemanagerpro | 1 File Manager | 2024-11-21 | N/A |
| There is an XSS vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter. | ||||
| CVE-2018-16965 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2024-11-21 | N/A |
| In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter. | ||||
| CVE-2018-16960 | 1 Buffalo | 1 Open Xdmod | 2024-11-21 | N/A |
| An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/login.php has Reflected XSS via the xd_user_formal_name parameter. | ||||
| CVE-2018-16957 | 1 Oracle | 1 Webcenter Interaction | 2024-11-21 | N/A |
| The Oracle WebCenter Interaction 10.3.3 search service queryd.exe binary is compiled with the i1g2s3c4 hardcoded password. Authentication to the Oracle WCI search service uses this hardcoded password and cannot be customised by customers. An adversary able to access this service over a network could perform search queries to extract large quantities of sensitive information from the WCI installation. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support. | ||||