Export limit exceeded: 44225 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44225 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-18579 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
| Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter. | ||||
| CVE-2018-18578 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
| DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter. | ||||
| CVE-2018-18570 | 1 Planonsoftware | 1 Planon | 2024-11-21 | N/A |
| Planon before Live Build 41 has XSS. | ||||
| CVE-2018-18553 | 1 Leanote | 1 Leanote | 2024-11-21 | N/A |
| Leanote 2.6.1 has XSS via the Blog Basic Setting title field, which is mishandled during rendering of the "likes" page. | ||||
| CVE-2018-18551 | 1 Serverscheck | 1 Monitoring Software | 2024-11-21 | N/A |
| ServersCheck Monitoring Software through 14.3.3 has Persistent and Reflected XSS via the sensors.html status parameter, sensors.html type parameter, sensors.html device parameter, report.html location parameter, group_delete.html group parameter, report_save.html query parameter, sensors.html location parameter, or group_delete.html group parameter. | ||||
| CVE-2018-18548 | 1 Ajenti | 1 Ajenticp | 2024-11-21 | N/A |
| ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager. | ||||
| CVE-2018-18547 | 1 Vestacp | 1 Control Panel | 2024-11-21 | N/A |
| Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dir_a parameter, or the filename to the list/directory/ URI. | ||||
| CVE-2018-18545 | 1 Fiyo | 1 Fiyo Cms | 2024-11-21 | 6.1 Medium |
| Fiyo CMS 2.0.7 has XSS via the dapur\apps\app_user\edit_user.php name parameter. | ||||
| CVE-2018-18540 | 1 Teakki | 1 Teakki | 2024-11-21 | N/A |
| TeaKKi 2.7 allows XSS via a crafted onerror attribute for a picture's URL. | ||||
| CVE-2018-18524 | 1 Evernote | 1 Evernote | 2024-11-21 | N/A |
| Evernote 6.15 on Windows has an incorrectly repaired stored XSS vulnerability. An attacker can use this XSS issue to inject Node.js code under Present mode. After a victim opens an affected note under Present mode, the attacker can read the victim's files and achieve remote execution command on the victim's computer. | ||||
| CVE-2018-18517 | 1 Citrix | 1 Netscaler Gateway Firmware | 2024-11-21 | N/A |
| Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1.59.004, 12.0.x before 12.0.58.7, and 12.1.x before 12.1.49.1 has XSS. | ||||
| CVE-2018-18478 | 1 Librenms | 1 Librenms | 2024-11-21 | N/A |
| Persistent Cross-Site Scripting (XSS) issues in LibreNMS before 1.44 allow remote attackers to inject arbitrary web script or HTML via the dashboard_name parameter in the /ajax_form.php resource, related to html/includes/forms/add-dashboard.inc.php, html/includes/forms/delete-dashboard.inc.php, and html/includes/forms/edit-dashboard.inc.php. | ||||
| CVE-2018-18473 | 1 Patlite | 6 Nbm-d88n, Nbm-d88n Firmware, Nhl-3fb1 and 3 more | 2024-11-21 | N/A |
| A hidden backdoor on PATLITE NH-FB Series devices with firmware version 1.45 or earlier, NH-FV Series devices with firmware version 1.10 or earlier, and NBM Series devices with firmware version 1.09 or earlier allow attackers to enable an SSH daemon via the "kankichi" or "kamiyo4" password to the _secret1.htm URI. Subsequently, the default password of root for the root account allows an attacker to conduct remote code execution and as a result take over the system. | ||||
| CVE-2018-18460 | 1 3cx | 1 Live Chat | 2024-11-21 | N/A |
| XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.php wplivechat-menu-gdpr-page request. | ||||
| CVE-2018-18437 | 1 Axiositalia | 1 Registro Elettronico | 2024-11-21 | N/A |
| In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0, secret/relogoff.aspx has XSS via the Error_Desc parameter. | ||||
| CVE-2018-18433 | 1 Destoon | 1 Destoon B2b | 2024-11-21 | N/A |
| An issue was discovered in DESTOON B2B 7.0. admin/category.inc.php has XSS via the category[catname] parameter to the admin.php URI. | ||||
| CVE-2018-18431 | 1 Destoon | 1 Destoon B2b | 2024-11-21 | N/A |
| An issue was discovered in DESTOON B2B 7.0. XSS exists via certain text boxes to the admin.php?moduleid=2&action=add URI. | ||||
| CVE-2018-18430 | 1 Destoon | 1 Destoon B2b | 2024-11-21 | N/A |
| An issue was discovered in DESTOON B2B 7.0. admin\setting.inc.php has XSS via the first text box to the admin.php URI. | ||||
| CVE-2018-18419 | 1 Ardawan | 1 User Management | 2024-11-21 | N/A |
| Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1, as demonstrated by a .jpg filename to the /account URI. | ||||
| CVE-2018-18417 | 1 Creativeitem | 1 Ekushey Project Manager | 2024-11-21 | N/A |
| In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI. | ||||