Export limit exceeded: 44145 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44145 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-14655 | 1 Redhat | 5 Jboss Single Sign On, Keycloak, Linux and 2 more | 2024-11-21 | N/A |
| A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'response_mode=form_post' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login. | ||||
| CVE-2018-14631 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A |
| moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the search parameter. | ||||
| CVE-2018-14606 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur via a Milestone name during a promotion. | ||||
| CVE-2018-14605 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit. | ||||
| CVE-2018-14604 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the tooltip of the job inside the CI/CD pipeline. | ||||
| CVE-2018-14575 | 1 Mybb | 1 Trash Bin | 2024-11-21 | N/A |
| Trash Bin plugin 1.1.3 for MyBB has cross-site scripting (XSS) via a thread subject and a cross-site request forgery (CSRF) via a post subject. | ||||
| CVE-2018-14541 | 1 Readymadeb2bscript | 1 Basic B2b | 2024-11-21 | N/A |
| PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields. | ||||
| CVE-2018-14528 | 1 Invoxia | 2 Nvx220, Nvx220 Firmware | 2024-11-21 | N/A |
| Invoxia NVX220 devices allow TELNET access as admin with a default password. | ||||
| CVE-2018-14527 | 1 Xiao5ucompany Project | 1 Xiao5ucompany | 2024-11-21 | N/A |
| Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection mechanism in Safe.asp is insufficient (for example, it considers SCRIPT and IMG elements, but does not consider VIDEO elements). | ||||
| CVE-2018-14517 | 1 Seacms | 1 Seacms | 2024-11-21 | N/A |
| SeaCMS 6.61 has two XSS issues in the admin_config.php file via certain form fields. | ||||
| CVE-2018-14513 | 1 Wuzhi Cms Project | 1 Wuzhi Cms | 2024-11-21 | N/A |
| An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[content] parameter to the index.php?m=feedback&f=index&v=contact URI. | ||||
| CVE-2018-14504 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | N/A |
| An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. A cross-site scripting (XSS) vulnerability in the Edit Filter page allows execution of arbitrary code (if CSP settings permit it) when displaying a filter with a crafted name (e.g., 'foobar" onclick="alert(1)'). | ||||
| CVE-2018-14503 | 1 Coremail | 1 Coremail Xt | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in intervalCheck.jsp in Coremail XT 3.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. | ||||
| CVE-2018-14500 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2024-11-21 | 6.1 Medium |
| joyplus-cms 1.6.0 has XSS via the manager/collect/collect_vod_zhuiju.php keyword parameter. | ||||
| CVE-2018-14499 | 1 Hyphp | 1 Hybbs | 2024-11-21 | N/A |
| An issue was found in HYBBS through 2016-03-08. There is an XSS vulnerablity via an article title to post.html. | ||||
| CVE-2018-14497 | 1 Tendacn | 2 D152, D152 Firmware | 2024-11-21 | N/A |
| Tenda D152 ADSL routers allow XSS via a crafted SSID. | ||||
| CVE-2018-14493 | 1 Opmantek | 1 Open-audit | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name. | ||||
| CVE-2018-14486 | 1 Dnnsoftware | 1 Dotnetnuke | 2024-11-21 | N/A |
| DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML. | ||||
| CVE-2018-14481 | 1 Osclass | 1 Osclass | 2024-11-21 | N/A |
| Osclass 3.7.4 has XSS via the query string to index.php, a different vulnerability than CVE-2014-6280. | ||||
| CVE-2018-14478 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2024-11-21 | N/A |
| ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter. | ||||