Export limit exceeded: 44039 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44039 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-12241 | 1 Symantec | 1 Security Analytics | 2024-11-21 | N/A |
| The Symantec Security Analytics (SA) 7.x prior to 7.3.4 Web UI is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker with knowledge of the SA web UI hostname or IP address can craft a malicious URL for the SA web UI and target SA web UI users with phishing attacks or other social engineering techniques. A successful attack allows injecting malicious JavaScript code into the SA web UI client application. | ||||
| CVE-2018-12240 | 1 Symantec | 1 Norton Password Manager | 2024-11-21 | 5.9 Medium |
| The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation issue via a hard coded IV, which is a type of vulnerability that can potentially increase the likelihood of encrypted data being recovered without adequate credentials. | ||||
| CVE-2018-12229 | 1 Sfu | 1 Open Journal System | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Public Knowledge Project (PKP) Open Journal System (OJS) 3.0.0 to 3.1.1-1 allows remote attackers to inject arbitrary web script or HTML via the templates/frontend/pages/search.tpl parameter (aka the By Author field). | ||||
| CVE-2018-12111 | 1 Canon | 1 Efi Printme | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the Canon PrintMe EFI webinterface allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /wt3/mydocs.php URI. | ||||
| CVE-2018-12104 | 1 Airbnb | 1 Knowledge Repo | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Airbnb Knowledge Repo 0.7.4 allows remote attackers to inject arbitrary web scripts or HTML via the post comments functionality, as demonstrated by the post/posts/new_report.kp URI. | ||||
| CVE-2018-12101 | 1 Clippercms | 1 Clippercms | 2024-11-21 | N/A |
| CMS Clipper 1.3.3 has XSS in the Security tab search, User Groups, Resource Groups, and User/Resource Group Links fields. | ||||
| CVE-2018-12100 | 1 Sonatype | 1 Nexus Repository Manager | 2024-11-21 | N/A |
| Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS in multiple areas in the Administration UI. | ||||
| CVE-2018-12099 | 3 Grafana, Netapp, Redhat | 4 Grafana, Active Iq Performance Analytics Services, Storagegrid Webscale Nas Bridge and 1 more | 2024-11-21 | N/A |
| Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links. | ||||
| CVE-2018-12095 | 1 Oecms Project | 1 Oecms | 2024-11-21 | N/A |
| A Reflected Cross-Site Scripting web vulnerability has been discovered in the OEcms v3.1 web-application. The vulnerability is located in the mod parameter of info.php. | ||||
| CVE-2018-12094 | 1 Dimofinf | 1 Dimofinf Cms | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in news.php in Dimofinf CMS Version 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2018-12090 | 1 Lamsfoundation | 1 Lams | 2024-11-21 | N/A |
| There is unauthenticated reflected cross-site scripting (XSS) in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change. | ||||
| CVE-2018-12073 | 1 Eminent-online | 1 Em4544 | 2024-11-21 | N/A |
| An issue was discovered on Eminent EM4544 9.10 devices. The device does not require the user's current password to set a new one within the web interface. Therefore, it is possible to exploit this issue (e.g., in combination with a successful XSS, or at an unattended workstation) to change the admin password to an attacker-chosen value without knowing the current password. | ||||
| CVE-2018-12047 | 1 Ximdex | 1 Ximdex | 2024-11-21 | N/A |
| xfind/search in Ximdex 4.0 has XSS via the filter[n][value] parameters for non-negative values of n, as demonstrated by n equal to 0 through 12. | ||||
| CVE-2018-12043 | 1 Getsymphony | 1 Symphony | 2024-11-21 | N/A |
| content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the pages content page. | ||||
| CVE-2018-12040 | 1 Sensiolabs | 1 Symfony | 2024-11-21 | N/A |
| Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an _profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool that should never be deployed in production (so, we don't handle those issues as security issues). | ||||
| CVE-2018-12030 | 1 Chevereto | 1 Chevereto | 2024-11-21 | N/A |
| Chevereto Free before 1.0.13 has XSS. | ||||
| CVE-2018-11735 | 1 Ximdex | 1 Ximdex | 2024-11-21 | N/A |
| index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or fname parameter. | ||||
| CVE-2018-11734 | 1 E107 | 1 E107 | 2024-11-21 | N/A |
| In e107 v2.1.7, output without filtering results in XSS. | ||||
| CVE-2018-11715 | 1 Recent Threads Project | 1 Recent Threads | 2024-11-21 | N/A |
| The Recent Threads plugin before 1.1 for MyBB allows XSS via a thread subject. | ||||
| CVE-2018-11709 | 1 Gvectors | 1 Wpforo Forum | 2024-11-21 | N/A |
| wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI. | ||||