Export limit exceeded: 44054 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44054 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-15847 | 1 Puppycms | 1 Puppycms | 2024-11-21 | N/A |
| An issue was discovered in puppyCMS 5.1. There is an XSS vulnerability via menu.php in the "Add Page/URL" URL link field. | ||||
| CVE-2018-15843 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | N/A |
| GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field. | ||||
| CVE-2018-15842 | 1 Wolfcms | 1 Wolf Cms | 2024-11-21 | N/A |
| WolfCMS 0.8.3.1 has XSS via the /?/admin/page/add slug parameter. | ||||
| CVE-2018-15820 | 1 Easyio | 2 Easyio 30p, Easyio 30p Firmware | 2024-11-21 | 6.1 Medium |
| EasyIO EasyIO-30P devices before 2.0.5.27 allow XSS via the dev.htm GDN parameter. | ||||
| CVE-2018-15808 | 1 Posim | 1 Evo | 2024-11-21 | N/A |
| POSIM EVO 15.13 for Windows includes hardcoded database credentials for the "root" database user. "root" access to POSIM EVO's database may result in a breach of confidentiality, integrity, or availability or allow for attackers to remotely execute code on associated POSIM EVO clients. | ||||
| CVE-2018-15781 | 1 Dell | 1 Wyse Thinlinux | 2024-11-21 | N/A |
| The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded private key and decrypt locally stored cipher text. | ||||
| CVE-2018-15753 | 1 Mensamax | 1 Mensamax | 2024-11-21 | N/A |
| An issue was discovered in the MensaMax (aka com.breustedt.mensamax) application 4.3 for Android. The use of a Hard-coded DES Cryptographic Key allows an attacker who decodes the application to decrypt transmitted data such as the login username and password. | ||||
| CVE-2018-15740 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | 6.1 Medium |
| Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen. | ||||
| CVE-2018-15720 | 1 Logitech | 2 Harmony Hub, Harmony Hub Firmware | 2024-11-21 | N/A |
| Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API. | ||||
| CVE-2018-15714 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | N/A |
| Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the oname and oname2 parameters. | ||||
| CVE-2018-15713 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | N/A |
| Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php. | ||||
| CVE-2018-15712 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | N/A |
| Nagios XI 5.5.6 allows reflected cross site scripting from remote unauthenticated attackers via the host parameter in api_tool.php. | ||||
| CVE-2018-15707 | 1 Advantech | 1 Webaccess | 2024-11-21 | N/A |
| Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things. | ||||
| CVE-2018-15703 | 1 Advantech | 1 Webaccess | 2024-11-21 | N/A |
| Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser. | ||||
| CVE-2018-15699 | 1 Asustor | 1 Data Master | 2024-11-21 | N/A |
| ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configuration files Version field. | ||||
| CVE-2018-15679 | 1 Btiteam | 1 Xbtit | 2024-11-21 | N/A |
| An issue was discovered in BTITeam XBTIT 2.5.4. The "keywords" parameter in the search function available at /index.php?page=forums&action=search is vulnerable to reflected cross-site scripting. | ||||
| CVE-2018-15678 | 1 Btiteam | 1 Xbtit | 2024-11-21 | N/A |
| An issue was discovered in BTITeam XBTIT 2.5.4. The "act" parameter in the sign-up page available at /index.php?page=signup is vulnerable to reflected cross-site scripting. | ||||
| CVE-2018-15677 | 1 Btiteam | 1 Xbtit | 2024-11-21 | N/A |
| The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has stored XSS via the title of a news item. This is also exploitable via CSRF. | ||||
| CVE-2018-15676 | 1 Btiteam | 1 Xbtit | 2024-11-21 | N/A |
| An issue was discovered in BTITeam XBTIT. By using String.replace and eval, it is possible to bypass the includes/crk_protection.php anti-XSS mechanism that looks for a number of dangerous fingerprints. | ||||
| CVE-2018-15641 | 1 Odoo | 1 Odoo | 2024-11-21 | 5.4 Medium |
| Cross-site scripting (XSS) issue in web module in Odoo Community 11.0 through 14.0 and Odoo Enterprise 11.0 through 14.0, allows remote authenticated internal users to inject arbitrary web script in the browser of a victim via crafted calendar event attributes. | ||||