Export limit exceeded: 336600 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 44036 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44036 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-11027 | 1 Ruckussecurity | 2 Icx7450-48, Icx7450-48 Firmware | 2024-11-21 | N/A |
| A reflected XSS vulnerability on Ruckus ICX7450-48 devices allows remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2018-11012 | 1 Halo | 1 Halo | 2024-11-21 | N/A |
| ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd parameters in a failed login attempt to AdminController.java. | ||||
| CVE-2018-11011 | 1 Halo | 1 Halo | 2024-11-21 | N/A |
| ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to FrontCommentController.java. | ||||
| CVE-2018-10994 | 1 Signal | 1 Signal-desktop | 2024-11-21 | N/A |
| js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL. | ||||
| CVE-2018-10966 | 1 Gamerpolls | 1 Gamerpolls | 2024-11-21 | N/A |
| An issue was discovered in GamerPolls 0.4.6, related to config/environments/all.js and config/initializers/02_passport.js. An attacker can edit the Passport.js contents of the session cookie to contain the ID number of the account they wish to take over, and re-sign it using the hard coded secret. | ||||
| CVE-2018-10948 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | N/A |
| Synacor Zimbra Admin UI in Zimbra Collaboration Suite before 8.8.0 beta 2 has Persistent XSS via mail addrs. | ||||
| CVE-2018-10939 | 2 Synacor, Zimbra | 2 Zimbra Collaboration Suite, Zimbra Collaboration Suite | 2024-11-21 | N/A |
| Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group. | ||||
| CVE-2018-10937 | 1 Redhat | 1 Openshift Container Platform | 2024-11-21 | N/A |
| A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. An attacker with the ability to create pods can use this flaw to perform actions on the K8s API as the victim. | ||||
| CVE-2018-10934 | 1 Redhat | 4 Enterprise Linux Server, Jboss Enterprise Application Platform, Jboss Single Sign On and 1 more | 2024-11-21 | N/A |
| A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users. | ||||
| CVE-2018-10898 | 2 Openstack, Redhat | 2 Tripleo Heat Templates, Openstack | 2024-11-21 | N/A |
| A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials. | ||||
| CVE-2018-10854 | 2 Linux, Redhat | 3 Linux Kernel, Cloudforms Management Engine, Cloudforms Managementengine | 2024-11-21 | 5.4 Medium |
| cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A flaw was found in CloudForms's v2v infrastructure mapping delete feature. A stored cross-site scripting due to improper sanitization of user input in Name field. | ||||
| CVE-2018-10821 | 1 Blackcat-cms | 1 Blackcat Cms | 2024-11-21 | 4.8 Medium |
| Cross-site scripting (XSS) vulnerability in backend/pages/modify.php in BlackCatCMS 1.3 allows remote authenticated users with the Admin role to inject arbitrary web script or HTML via the search panel. | ||||
| CVE-2018-10817 | 1 Severalnines | 1 Clustercontrol | 2024-11-21 | N/A |
| Severalnines ClusterControl before 1.6.0-4699 allows XSS. | ||||
| CVE-2018-10813 | 1 Aprendecondedos | 1 Dedos-web | 2024-11-21 | N/A |
| In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub. An attacker can edit the contents of the session cookie and re-sign it using the hardcoded secret. Due to the use of Passport.js, this could lead to privilege escalation. | ||||
| CVE-2018-10810 | 1 Livezilla | 1 Livezilla | 2024-11-21 | N/A |
| chat/mobile/index.php in LiveZilla Live Chat 7.0.9.5 and prior is affected by Cross-Site Scripting via the Accept-Language HTTP header. | ||||
| CVE-2018-10806 | 1 Frogcms Project | 1 Frogcms | 2024-11-21 | N/A |
| An issue was discovered in Frog CMS 0.9.5. There is a reflected Cross Site Scripting Vulnerability via the file[current_name] parameter to the admin/?/plugin/file_manager/rename URI. This can be used in conjunction with CSRF. | ||||
| CVE-2018-10803 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the add credentials functionality in Zoho ManageEngine NetFlow Analyzer v12.3 before 12.3.125 (build 123125) allows remote attackers to inject arbitrary web script or HTML via a crafted description value. This can be exploited through CSRF. | ||||
| CVE-2018-10763 | 1 Synametrics | 1 Synaman | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1) Main heading or (2) Sub heading fields in the Partial Branding configuration page. | ||||
| CVE-2018-10752 | 1 Tagregator Project | 1 Tagregator | 2024-11-21 | N/A |
| The Tagregator plugin 0.6 for WordPress has stored XSS via the title field in an Add New action. | ||||
| CVE-2018-10727 | 1 Fabrikar | 1 Fabrik | 2024-11-21 | 6.1 Medium |
| Reflected Cross-Site Scripting (XSS) vulnerability in the fabrik_referrer hidden field in the Fabrikar Fabrik component through v3.8.1 for Joomla! allows remote attackers to inject arbitrary web script via the HTTP Referer header. | ||||