Export limit exceeded: 338340 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44266 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-6002 | 1 Webartisan | 1 Soundy Background Music | 2024-11-21 | N/A |
| The Soundy Background Music plugin 3.9 and below for WordPress has Cross-Site Scripting via soundy-background-music\templates\front-end.php (war_soundy_preview parameter). | ||||
| CVE-2018-6001 | 1 Webartisan | 1 Soundy Audio Playlist | 2024-11-21 | N/A |
| The Soundy Audio Playlist plugin 4.6 and below for WordPress has Cross-Site Scripting via soundy-audio-playlist\templates\front-end.php (war_sdy_pl_preview parameter). | ||||
| CVE-2018-5967 | 1 Netis-systems | 2 Wf2419, Wf2419 Firmware | 2024-11-21 | N/A |
| Netis WF2419 V2.2.36123 devices allow XSS via the Description parameter on the Bandwidth Control Rule Settings page. | ||||
| CVE-2018-5965 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A |
| CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter. | ||||
| CVE-2018-5964 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A |
| CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter. | ||||
| CVE-2018-5963 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A |
| CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter. | ||||
| CVE-2018-5962 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | N/A |
| index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the id parameter to the phpini_editor module or the email_address parameter to the mail_add-new module. | ||||
| CVE-2018-5961 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | N/A |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of the `index.php` file. | ||||
| CVE-2018-5950 | 4 Canonical, Debian, Gnu and 1 more | 10 Ubuntu Linux, Debian Linux, Mailman and 7 more | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL. | ||||
| CVE-2018-5799 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | N/A |
| In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139. | ||||
| CVE-2018-5798 | 1 Cloudera | 1 Cloudera Manager | 2024-11-21 | N/A |
| This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager. | ||||
| CVE-2018-5797 | 1 Extremenetworks | 1 Extremewireless Wing | 2024-11-21 | N/A |
| An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is an Smint_encrypt Hardcoded AES Key that can be used for packet decryption (obtaining cleartext credentials) by an attacker who has access to a wired port. | ||||
| CVE-2018-5776 | 1 Wordpress | 1 Wordpress | 2024-11-21 | N/A |
| WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement). | ||||
| CVE-2018-5773 | 1 Python-markdown2 Project | 1 Python-markdown2 | 2024-11-21 | N/A |
| An issue was discovered in markdown2 (aka python-markdown2) through 2.3.5. The safe_mode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be triggered, as demonstrated by omitting the final '>' character from an IMG tag. | ||||
| CVE-2018-5768 | 1 Tendacn | 2 Ac15, Ac15 Firmware | 2024-11-21 | N/A |
| A remote, unauthenticated attacker can gain remote code execution on the the Tenda AC15 router with a specially crafted password parameter for the COOKIE header. | ||||
| CVE-2018-5754 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related to copying content to the clipboard. | ||||
| CVE-2018-5725 | 1 Barni | 2 Master Ip Camera01, Master Ip Camera01 Firmware | 2024-11-21 | N/A |
| MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Change, as demonstrated by the port number of the web server. | ||||
| CVE-2018-5723 | 1 Barni | 2 Master Ip Camera01, Master Ip Camera01 Firmware | 2024-11-21 | N/A |
| MASTER IPCAMERA01 3.3.4.2103 devices have a hardcoded password of cat1029 for the root account. | ||||
| CVE-2018-5715 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | N/A |
| phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable). | ||||
| CVE-2018-5712 | 4 Canonical, Debian, Php and 1 more | 5 Ubuntu Linux, Debian Linux, Php and 2 more | 2024-11-21 | N/A |
| An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file. | ||||