Export limit exceeded: 44201 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44201 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-18006 | 1 Ricoh | 1 Myprint | 2024-11-21 | N/A |
| Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Windows and 2.2.7 for Android give access to any externally disclosed myPrint WSDL API, as demonstrated by discovering API secrets of related Google cloud printers, encrypted passwords of mail servers, and names of printed files. | ||||
| CVE-2018-18005 | 1 Vivotek | 1 Camera | 2024-11-21 | N/A |
| Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter. | ||||
| CVE-2018-17997 | 1 Layerbb | 1 Layerbb | 2024-11-21 | N/A |
| LayerBB 1.1.1 allows XSS via the titles of conversations (PMs). | ||||
| CVE-2018-17989 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2024-11-21 | N/A |
| A stored XSS vulnerability exists in the web interface on D-Link DSL-3782 devices with firmware 1.01 that allows authenticated attackers to inject a JavaScript or HTML payload inside the ACL page. The injected payload would be executed in a user's browser when "/cgi-bin/New_GUI/Acl.asp" is requested. | ||||
| CVE-2018-17981 | 1 Lifesize | 4 Express 220, Express 220 Firmware, Room 220i and 1 more | 2024-11-21 | 6.1 Medium |
| Lifesize Express ls ex2_4.7.10 2000 (14) devices allow XSS via the interface/interface.php brand parameter. | ||||
| CVE-2018-17964 | 1 Aryanic | 1 Highportal | 2024-11-21 | N/A |
| Aryanic HighPortal 12.5 has XSS via an Add Tags action. | ||||
| CVE-2018-17960 | 1 Ckeditor | 1 Ckeditor | 2024-11-21 | N/A |
| CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste. | ||||
| CVE-2018-17952 | 1 Microfocus | 1 Edirectory | 2024-11-21 | N/A |
| Cross site scripting vulnerability in eDirectory prior to 9.1 SP2 | ||||
| CVE-2018-17949 | 1 Microfocus | 1 Imanager | 2024-11-21 | N/A |
| Cross site scripting vulnerability in iManager prior to 3.1 SP2. | ||||
| CVE-2018-17947 | 1 Atmist | 1 Snazzy Maps | 2024-11-21 | N/A |
| The Snazzy Maps plugin before 1.1.5 for WordPress has XSS via the text or tab parameter. | ||||
| CVE-2018-17946 | 1 Tribulant | 1 Slideshow Gallery | 2024-11-21 | N/A |
| The Tribulant Slideshow Gallery plugin before 1.6.6.1 for WordPress has XSS via the id, method, Gallerymessage, Galleryerror, or Galleryupdated parameter. | ||||
| CVE-2018-17919 | 1 Xiongmaitech | 1 Xmeye P2p Cloud Server | 2024-11-21 | N/A |
| All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use an undocumented user account "default" with its default password to login to XMeye and access/view video streams. | ||||
| CVE-2018-17904 | 1 Geovap | 1 Reliance 4 | 2024-11-21 | N/A |
| Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This vulnerability could allow an unauthorized attacker to inject arbitrary code. | ||||
| CVE-2018-17896 | 1 Yokogawa | 8 Fcj, Fcj Firmware, Fcn-100 and 5 more | 2024-11-21 | N/A |
| Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work. | ||||
| CVE-2018-17894 | 1 Nuuo | 1 Nuuo Cms | 2024-11-21 | N/A |
| NUUO CMS all versions 3.1 and prior, The application creates default accounts that have hard-coded passwords, which could allow an attacker to gain privileged access. | ||||
| CVE-2018-17886 | 1 Jeesns | 1 Jeesns | 2024-11-21 | N/A |
| An issue was discovered in JEESNS 1.3. The XSS filter in com.lxinet.jeesns.core.utils.XssHttpServletRequestWrapper.java could be bypassed, as demonstrated by a <svg/onLoad=confirm substring. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-12429. | ||||
| CVE-2018-17884 | 1 Gwolle Guestbook Project | 1 Gwolle Guestbook | 2024-11-21 | N/A |
| XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook (gwolle-gb) plugin before 2.5.4 for WordPress via the PATH_INFO to wp-admin/index.php | ||||
| CVE-2018-17876 | 1 Web-feet | 1 Coaster Cms | 2024-11-21 | N/A |
| A Stored XSS vulnerability has been discovered in the v5.5.0 version of the Coaster CMS product. | ||||
| CVE-2018-17874 | 1 Expressionengine | 1 Expressionengine | 2024-11-21 | N/A |
| ExpressionEngine before 4.3.5 has reflected XSS. | ||||
| CVE-2018-17868 | 1 Dasan | 2 H660gw, H660gw Firmware | 2024-11-21 | N/A |
| DASAN H660GW devices have Stored XSS in the Port Forwarding functionality. | ||||