Export limit exceeded: 44018 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44018 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-12240 | 1 Symantec | 1 Norton Password Manager | 2024-11-21 | 5.9 Medium |
| The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation issue via a hard coded IV, which is a type of vulnerability that can potentially increase the likelihood of encrypted data being recovered without adequate credentials. | ||||
| CVE-2018-12229 | 1 Sfu | 1 Open Journal System | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Public Knowledge Project (PKP) Open Journal System (OJS) 3.0.0 to 3.1.1-1 allows remote attackers to inject arbitrary web script or HTML via the templates/frontend/pages/search.tpl parameter (aka the By Author field). | ||||
| CVE-2018-12111 | 1 Canon | 1 Efi Printme | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the Canon PrintMe EFI webinterface allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /wt3/mydocs.php URI. | ||||
| CVE-2018-12104 | 1 Airbnb | 1 Knowledge Repo | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Airbnb Knowledge Repo 0.7.4 allows remote attackers to inject arbitrary web scripts or HTML via the post comments functionality, as demonstrated by the post/posts/new_report.kp URI. | ||||
| CVE-2018-12101 | 1 Clippercms | 1 Clippercms | 2024-11-21 | N/A |
| CMS Clipper 1.3.3 has XSS in the Security tab search, User Groups, Resource Groups, and User/Resource Group Links fields. | ||||
| CVE-2018-12100 | 1 Sonatype | 1 Nexus Repository Manager | 2024-11-21 | N/A |
| Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS in multiple areas in the Administration UI. | ||||
| CVE-2018-12099 | 3 Grafana, Netapp, Redhat | 4 Grafana, Active Iq Performance Analytics Services, Storagegrid Webscale Nas Bridge and 1 more | 2024-11-21 | N/A |
| Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links. | ||||
| CVE-2018-12095 | 1 Oecms Project | 1 Oecms | 2024-11-21 | N/A |
| A Reflected Cross-Site Scripting web vulnerability has been discovered in the OEcms v3.1 web-application. The vulnerability is located in the mod parameter of info.php. | ||||
| CVE-2018-12094 | 1 Dimofinf | 1 Dimofinf Cms | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in news.php in Dimofinf CMS Version 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2018-12090 | 1 Lamsfoundation | 1 Lams | 2024-11-21 | N/A |
| There is unauthenticated reflected cross-site scripting (XSS) in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change. | ||||
| CVE-2018-12073 | 1 Eminent-online | 1 Em4544 | 2024-11-21 | N/A |
| An issue was discovered on Eminent EM4544 9.10 devices. The device does not require the user's current password to set a new one within the web interface. Therefore, it is possible to exploit this issue (e.g., in combination with a successful XSS, or at an unattended workstation) to change the admin password to an attacker-chosen value without knowing the current password. | ||||
| CVE-2018-12047 | 1 Ximdex | 1 Ximdex | 2024-11-21 | N/A |
| xfind/search in Ximdex 4.0 has XSS via the filter[n][value] parameters for non-negative values of n, as demonstrated by n equal to 0 through 12. | ||||
| CVE-2018-12043 | 1 Getsymphony | 1 Symphony | 2024-11-21 | N/A |
| content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the pages content page. | ||||
| CVE-2018-12040 | 1 Sensiolabs | 1 Symfony | 2024-11-21 | N/A |
| Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an _profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool that should never be deployed in production (so, we don't handle those issues as security issues). | ||||
| CVE-2018-12030 | 1 Chevereto | 1 Chevereto | 2024-11-21 | N/A |
| Chevereto Free before 1.0.13 has XSS. | ||||
| CVE-2018-11735 | 1 Ximdex | 1 Ximdex | 2024-11-21 | N/A |
| index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or fname parameter. | ||||
| CVE-2018-11734 | 1 E107 | 1 E107 | 2024-11-21 | N/A |
| In e107 v2.1.7, output without filtering results in XSS. | ||||
| CVE-2018-11715 | 1 Recent Threads Project | 1 Recent Threads | 2024-11-21 | N/A |
| The Recent Threads plugin before 1.1 for MyBB allows XSS via a thread subject. | ||||
| CVE-2018-11709 | 1 Gvectors | 1 Wpforo Forum | 2024-11-21 | N/A |
| wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI. | ||||
| CVE-2018-11691 | 1 Emerson | 2 Ve6046, Ve6046 Firmware | 2024-11-21 | N/A |
| Emerson DeltaV Smart Switch Command Center application, available in versions 11.3.x and 12.3.1, was unable to change the DeltaV Smart Switches’ management password upon commissioning. Emerson released patches for DeltaV workstations to address this issue, and the patches can be downloaded from Emerson’s Guardian Support Portal. Please refer to the DeltaV Security Notification DSN19003 (KBA NK-1900-0808) for more information about this issue. DeltaV versions 13.3 and higher use the Network Device Command Center application to manage DeltaV Smart Switches, and this newer application is not impacted by this issue. After patching the Smart Switch Command Center, users are required to either commission the DeltaV Smart Switches or change password using the tool. | ||||