Export limit exceeded: 44044 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44044 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-12273 | 1 Ximdex | 1 Ximdex | 2024-11-21 | N/A |
| The /edit URI in the DMS component in Ximdex 4.0 has XSS via the Ciudad or Nombre parameter. | ||||
| CVE-2018-12272 | 1 Ximdex | 1 Ximdex | 2024-11-21 | N/A |
| xowl/request.php in Ximdex 4.0 has XSS via the content parameter. | ||||
| CVE-2018-12266 | 1 Hongcms Project | 1 Hongcms | 2024-11-21 | N/A |
| system\errors\404.php in HongCMS 3.0.0 has XSS via crafted input that triggers a 404 HTTP status code. | ||||
| CVE-2018-12255 | 1 Invoiceplane | 1 Invoiceplane | 2024-11-21 | N/A |
| An XSS issue was discovered in InvoicePlane 1.5.10 via the "Quote PDF Password(Optional)" field. | ||||
| CVE-2018-12246 | 1 Symantec | 1 Web Isolation | 2024-11-21 | N/A |
| Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker can target end users protected by WI with social engineering attacks using crafted URLs for legitimate web sites. A successful attack allows injecting malicious JavaScript code into the website's rendered copy running inside the end user's web browser. It does not allow injecting code into the real (isolated) copy of the website running on the WI Threat Isolation Engine. | ||||
| CVE-2018-12241 | 1 Symantec | 1 Security Analytics | 2024-11-21 | N/A |
| The Symantec Security Analytics (SA) 7.x prior to 7.3.4 Web UI is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker with knowledge of the SA web UI hostname or IP address can craft a malicious URL for the SA web UI and target SA web UI users with phishing attacks or other social engineering techniques. A successful attack allows injecting malicious JavaScript code into the SA web UI client application. | ||||
| CVE-2018-12240 | 1 Symantec | 1 Norton Password Manager | 2024-11-21 | 5.9 Medium |
| The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation issue via a hard coded IV, which is a type of vulnerability that can potentially increase the likelihood of encrypted data being recovered without adequate credentials. | ||||
| CVE-2018-12229 | 1 Sfu | 1 Open Journal System | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Public Knowledge Project (PKP) Open Journal System (OJS) 3.0.0 to 3.1.1-1 allows remote attackers to inject arbitrary web script or HTML via the templates/frontend/pages/search.tpl parameter (aka the By Author field). | ||||
| CVE-2018-12111 | 1 Canon | 1 Efi Printme | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the Canon PrintMe EFI webinterface allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /wt3/mydocs.php URI. | ||||
| CVE-2018-12104 | 1 Airbnb | 1 Knowledge Repo | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Airbnb Knowledge Repo 0.7.4 allows remote attackers to inject arbitrary web scripts or HTML via the post comments functionality, as demonstrated by the post/posts/new_report.kp URI. | ||||
| CVE-2018-12101 | 1 Clippercms | 1 Clippercms | 2024-11-21 | N/A |
| CMS Clipper 1.3.3 has XSS in the Security tab search, User Groups, Resource Groups, and User/Resource Group Links fields. | ||||
| CVE-2018-12100 | 1 Sonatype | 1 Nexus Repository Manager | 2024-11-21 | N/A |
| Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS in multiple areas in the Administration UI. | ||||
| CVE-2018-12099 | 3 Grafana, Netapp, Redhat | 4 Grafana, Active Iq Performance Analytics Services, Storagegrid Webscale Nas Bridge and 1 more | 2024-11-21 | N/A |
| Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links. | ||||
| CVE-2018-12095 | 1 Oecms Project | 1 Oecms | 2024-11-21 | N/A |
| A Reflected Cross-Site Scripting web vulnerability has been discovered in the OEcms v3.1 web-application. The vulnerability is located in the mod parameter of info.php. | ||||
| CVE-2018-12094 | 1 Dimofinf | 1 Dimofinf Cms | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in news.php in Dimofinf CMS Version 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2018-12090 | 1 Lamsfoundation | 1 Lams | 2024-11-21 | N/A |
| There is unauthenticated reflected cross-site scripting (XSS) in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change. | ||||
| CVE-2018-12073 | 1 Eminent-online | 1 Em4544 | 2024-11-21 | N/A |
| An issue was discovered on Eminent EM4544 9.10 devices. The device does not require the user's current password to set a new one within the web interface. Therefore, it is possible to exploit this issue (e.g., in combination with a successful XSS, or at an unattended workstation) to change the admin password to an attacker-chosen value without knowing the current password. | ||||
| CVE-2018-12047 | 1 Ximdex | 1 Ximdex | 2024-11-21 | N/A |
| xfind/search in Ximdex 4.0 has XSS via the filter[n][value] parameters for non-negative values of n, as demonstrated by n equal to 0 through 12. | ||||
| CVE-2018-12043 | 1 Getsymphony | 1 Symphony | 2024-11-21 | N/A |
| content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the pages content page. | ||||
| CVE-2018-12040 | 1 Sensiolabs | 1 Symfony | 2024-11-21 | N/A |
| Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an _profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool that should never be deployed in production (so, we don't handle those issues as security issues). | ||||