Export limit exceeded: 44054 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44054 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-16234 | 1 Morningstarsecurity | 1 Whatweb | 2024-11-21 | N/A |
| MorningStar WhatWeb 0.4.9 has XSS via JSON report files. | ||||
| CVE-2018-16233 | 1 1234n | 1 Minicms | 2024-11-21 | N/A |
| MiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags parameter. | ||||
| CVE-2018-16226 | 1 Mitel | 1 Mivoice Office 400 | 2024-11-21 | N/A |
| A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 (v8839a1) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack, due to insufficient validation for the start.asp page. A successful exploit could allow the attacker to execute arbitrary scripts to access sensitive browser-based information. | ||||
| CVE-2018-16220 | 1 Audiocodes | 2 405hd, 405hd Firmware | 2024-11-21 | N/A |
| Cross Site Scripting in different input fields (domain field and personal settings) in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an attacker (local or remote) to inject JavaScript into the web interface of the device by manipulating the phone book entries or manipulating the domain name sent to the device from the domain controller. | ||||
| CVE-2018-16206 | 1 Ohtanz | 1 Spam-byebye | 2024-11-21 | N/A |
| Cross-site scripting vulnerability in WordPress plugin spam-byebye 2.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2018-16205 | 1 Weseek | 1 Growi | 2024-11-21 | N/A |
| Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via New Page modal. | ||||
| CVE-2018-16204 | 1 Google Xml Sitemaps Project | 1 Google Xml Sitemaps | 2024-11-21 | 4.8 Medium |
| Cross-site scripting vulnerability in Google XML Sitemaps Version 4.0.9 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2018-16201 | 1 Toshiba | 4 Hem-gw16a, Hem-gw16a Firmware, Hem-gw26a and 1 more | 2024-11-21 | N/A |
| Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier uses hard-coded credentials, which may allow an attacker on the same network segment to login to the administrators settings screen and change the configuration or execute arbitrary OS commands. | ||||
| CVE-2018-16199 | 1 Toshiba | 4 Hem-gw16a, Hem-gw16a Firmware, Hem-gw26a and 1 more | 2024-11-21 | N/A |
| Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an remote attacker to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2018-16193 | 1 Nec | 4 Aterm Wf1200cr, Aterm Wf1200cr Firmware, Aterm Wg1200cr and 1 more | 2024-11-21 | N/A |
| Cross-site scripting vulnerability in Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2018-16186 | 1 Ricoh | 16 D2200, D2200 Firmware, D5500 and 13 more | 2024-11-21 | N/A |
| RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) uses hard-coded credentials, which may allow an attacker on the same network segments to login to the administrators settings screen and change the configuration. | ||||
| CVE-2018-16180 | 1 Daj | 1 I-filter | 2024-11-21 | N/A |
| Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2018-16173 | 1 Thimpress | 1 Learnpress | 2024-11-21 | N/A |
| Cross-site scripting vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2018-16165 | 1 Jpcert | 1 Logontracer | 2024-11-21 | N/A |
| Cross-site scripting vulnerability in LogonTracer 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2018-16164 | 1 Web-dorado | 1 Event Calendar Wd | 2024-11-21 | N/A |
| Cross-site scripting vulnerability in Event Calendar WD version 1.1.21 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2018-16158 | 1 Eaton | 6 Power Xpert Meter 4000, Power Xpert Meter 4000 Firmware, Power Xpert Meter 6000 and 3 more | 2024-11-21 | N/A |
| Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the PubkeyAuthentication option. | ||||
| CVE-2018-16148 | 1 Opsview | 1 Opsview | 2024-11-21 | N/A |
| The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting. | ||||
| CVE-2018-16147 | 1 Opsview | 1 Opsview | 2024-11-21 | N/A |
| The data parameter of the /settings/api/router endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting. | ||||
| CVE-2018-16142 | 1 Phpok | 1 Phpok | 2024-11-21 | N/A |
| PHPOK 4.8.278 has a Reflected XSS vulnerability in framework/www/login_control.php via the _back parameter to the ok_f function. | ||||
| CVE-2018-16139 | 1 Bibliosoft | 1 Bibliopac | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in BIBLIOsoft BIBLIOpac 2008 allows remote attackers to inject arbitrary web script or HTML via the db or action parameter to to bin/wxis.exe/bibliopac/. | ||||