Export limit exceeded: 44166 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44166 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-15528 | 1 Javasystemsolutions | 1 Sso Plugin | 2024-11-21 | N/A |
| Reflected Cross-Site Scripting exists in the Java System Solutions SSO plugin 4.0.13.1 for BMC MyIT. A remote attacker can abuse this issue to inject client-side scripts into the "select_sso()" function. The payload is triggered when the victim opens a prepared /ux/jss-sso/arslogin?[XSS] link and then clicks the "Login" button. | ||||
| CVE-2018-15512 | 1 Totemo | 1 Totemomail | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the 'Authorisation Service' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2018-15511 | 1 Totemo | 1 Totemomail | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the 'Notification template' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2018-15510 | 1 Totemo | 1 Totemomail | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the 'Certificate' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2018-15494 | 2 Debian, Dojotoolkit | 2 Debian Linux, Dojo | 2024-11-21 | N/A |
| In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid. | ||||
| CVE-2018-15491 | 1 Zemana | 1 Antilogger | 2024-11-21 | N/A |
| A vulnerability in the permission and encryption implementation of Zemana Anti-Logger 1.9.3.527 and prior (fixed in 1.9.3.602) allows an attacker to take control of the whitelisting feature (MyRules2.ini under %LOCALAPPDATA%\Zemana\ZALSDK) to permit execution of unauthorized applications (such as ones that record keystrokes). | ||||
| CVE-2018-15365 | 1 Trendmicro | 1 Deep Discovery Inspector | 2024-11-21 | N/A |
| A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro Deep Discovery Inspector 3.85 and below could allow an attacker to bypass CSRF protection and conduct an attack on vulnerable installations. An attacker must be an authenticated user in order to exploit the vulnerability. | ||||
| CVE-2018-15360 | 1 Eltex | 2 Esp-200, Esp-200 Firmware | 2024-11-21 | N/A |
| An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0. | ||||
| CVE-2018-15315 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | N/A |
| On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a reflected Cross Site Scripting (XSS) vulnerability in an undisclosed Configuration Utility page. | ||||
| CVE-2018-15314 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2024-11-21 | N/A |
| On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page. | ||||
| CVE-2018-15313 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2024-11-21 | N/A |
| On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page. | ||||
| CVE-2018-15312 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | N/A |
| On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, a reflected Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an authenticated user to execute JavaScript for the currently logged-in user. | ||||
| CVE-2018-15199 | 1 Auracms | 1 Auracms | 2024-11-21 | N/A |
| AuraCMS 2.3 allows XSS via a Bukutamu -> AddGuestbook action. | ||||
| CVE-2018-15190 | 1 Hotel Booking Script Project | 1 Hotel Booking Script | 2024-11-21 | N/A |
| PHP Scripts Mall hotel-booking-script 2.0.4 allows XSS via the First Name, Last Name, or Address field. | ||||
| CVE-2018-15189 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2024-11-21 | N/A |
| PHP Scripts Mall advanced-real-estate-script has XSS via the Name field of a profile. | ||||
| CVE-2018-15184 | 1 Naukri Clone Script Project | 1 Naukri Clone Script | 2024-11-21 | N/A |
| PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 has Stored XSS via the USERNAME field, a related issue to CVE-2018-6795. | ||||
| CVE-2018-15183 | 1 Myperfectresume \/ Jobhero \/ Resume Clone Script Project | 1 Myperfectresume \/ Jobhero \/ Resume Clone Script | 2024-11-21 | N/A |
| PHP Scripts Mall Myperfectresume / JobHero / Resume Clone Script 2.0.6 has Stored XSS via the Full Name and Title fields. | ||||
| CVE-2018-15182 | 1 Car Rental Script Project | 1 Car Rental Script | 2024-11-21 | N/A |
| PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the FirstName and LastName fields. | ||||
| CVE-2018-15181 | 1 Jio | 2 4g Hotspot M2s, 4g Hotspot M2s Firmware | 2024-11-21 | N/A |
| JioFi 4G Hotspot M2S devices allow attackers to cause a denial of service (secure configuration outage) via an XSS payload in the SSID name and Security Key fields. | ||||
| CVE-2018-15169 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | N/A |
| A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter. | ||||