Export limit exceeded: 44050 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44050 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-14497 | 1 Tendacn | 2 D152, D152 Firmware | 2024-11-21 | N/A |
| Tenda D152 ADSL routers allow XSS via a crafted SSID. | ||||
| CVE-2018-14493 | 1 Opmantek | 1 Open-audit | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name. | ||||
| CVE-2018-14486 | 1 Dnnsoftware | 1 Dotnetnuke | 2024-11-21 | N/A |
| DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML. | ||||
| CVE-2018-14481 | 1 Osclass | 1 Osclass | 2024-11-21 | N/A |
| Osclass 3.7.4 has XSS via the query string to index.php, a different vulnerability than CVE-2014-6280. | ||||
| CVE-2018-14478 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2024-11-21 | N/A |
| ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter. | ||||
| CVE-2018-14476 | 1 Metalgenix | 1 Genixcms | 2024-11-21 | 6.1 Medium |
| GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step 1 of installation. | ||||
| CVE-2018-14430 | 1 Mondula | 1 Multi Step Form | 2024-11-21 | N/A |
| The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows XSS via the fw_data [id][1], fw_data [id][2], fw_data [id][3], fw_data [id][4], or email field of the contact form, exploitable with an fw_send_email action to wp-admin/admin-ajax.php. | ||||
| CVE-2018-14425 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | N/A |
| There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite (ZCS) Zimbra Web Client (ZWC) 8.8.8 before 8.8.8 Patch 7 and 8.8.9 before 8.8.9 Patch 1. | ||||
| CVE-2018-14422 | 1 Sanscms | 1 Sanscms | 2024-11-21 | N/A |
| blog/index.php in SansCMS 0.7 has XSS via the q parameter. | ||||
| CVE-2018-14419 | 1 Metinfo | 1 Metinfo | 2024-11-21 | N/A |
| MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page. | ||||
| CVE-2018-14415 | 1 Icmsdev | 1 Icms | 2024-11-21 | N/A |
| An issue was discovered in idreamsoft iCMS before 7.0.10. XSS exists via the fourth and fifth input elements on the admincp.php?app=prop&do=add screen. | ||||
| CVE-2018-14397 | 1 Cremecrm | 1 Cremecrm | 2024-11-21 | N/A |
| An issue was discovered in Creme CRM 1.6.12. The organization creation page is affected by 9 stored cross-site scripting vulnerabilities involving the name, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters. | ||||
| CVE-2018-14396 | 1 Cremecrm | 1 Cremecrm | 2024-11-21 | N/A |
| An issue was discovered in Creme CRM 1.6.12. The salesman creation page is affected by 10 stored cross-site scripting vulnerabilities involving the firstname, lastname, billing_address-address, billing_address-zipcode, billing_address-city, billing_address-department, shipping_address-address, shipping_address-zipcode, shipping_address-city, and shipping_address-department parameters. | ||||
| CVE-2018-14392 | 1 Mybb | 1 New Threads | 2024-11-21 | N/A |
| The New Threads plugin before 1.2 for MyBB has XSS. | ||||
| CVE-2018-14388 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2024-11-21 | N/A |
| joyplus-cms 1.6.0 has XSS via the manager/admin_ajax.php can_search_device array parameter. | ||||
| CVE-2018-14384 | 1 Seopanel | 1 Seo Panel | 2024-11-21 | 4.8 Medium |
| The Website Manager module in SEO Panel 3.13.0 and earlier is affected by a stored Cross-Site Scripting (XSS) vulnerability, allowing remote authenticated attackers to inject arbitrary web script or HTML via the websites.php name parameter. | ||||
| CVE-2018-14382 | 1 Instantcms | 1 Instantcms | 2024-11-21 | N/A |
| InstantCMS 2.10.1 has /redirect?url= XSS. | ||||
| CVE-2018-14380 | 1 Graylog | 1 Graylog | 2024-11-21 | N/A |
| In Graylog before 2.4.6, XSS was possible in typeahead components, related to components/common/TypeAheadInput.jsx and components/search/QueryInput.ts. | ||||
| CVE-2018-14324 | 1 Oracle | 1 Glassfish Server | 2024-11-21 | N/A |
| The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP port 7676 open by default with a password of admin for the admin account. This allows remote attackers to obtain potentially sensitive information, perform database operations, or manipulate the demo via a JMX RMI session, aka a "jmx_rmi remote monitoring and control problem." NOTE: this is not an Oracle supported product. | ||||
| CVE-2018-14082 | 1 Freelancewebdesignerchennai | 1 Job Portal | 2024-11-21 | N/A |
| PHP Scripts Mall JOB SITE (aka Job Portal) 3.0.1 has Cross-site Scripting (XSS) via the search bar. | ||||