Export limit exceeded: 336927 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 44069 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44069 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-10665 | 1 Ilias | 1 Ilias | 2024-11-21 | N/A |
| ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to shib_logout.php and third-party demo files. | ||||
| CVE-2018-10649 | 1 Citrix | 1 Xenmobile Server | 2024-11-21 | N/A |
| There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3. | ||||
| CVE-2018-10633 | 1 Universal-robots | 2 Cb3.1, Cb3.1 Firmware | 2024-11-21 | N/A |
| Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100 utilizes hard-coded credentials that may allow an attacker to reset passwords for the controller. | ||||
| CVE-2018-10609 | 1 Martem | 4 Telem-gw6, Telem-gw6 Firmware, Telem-gwm and 1 more | 2024-11-21 | N/A |
| Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges. | ||||
| CVE-2018-10592 | 1 Yokogawa | 8 Fcj, Fcj Firmware, Fcn-100 and 5 more | 2024-11-21 | N/A |
| Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could result in remote code execution. | ||||
| CVE-2018-10586 | 1 Netgain-systems | 1 Enterprise Manager | 2024-11-21 | N/A |
| NetGain Enterprise Manager (EM) is affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities in versions before 10.1.12. | ||||
| CVE-2018-10580 | 1 Latest Posts On Profile Project | 1 Latest Posts On Profile | 2024-11-21 | N/A |
| The "Latest Posts on Profile" plugin 1.1 for MyBB has XSS because there is an added section in a user profile that displays that user's most recent posts without sanitizing the tsubject (aka thread subject) field. | ||||
| CVE-2018-10575 | 1 Watchguard | 6 Ap100, Ap100 Firmware, Ap102 and 3 more | 2024-11-21 | N/A |
| An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Hardcoded credentials exist for an unprivileged SSH account with a shell of /bin/false. | ||||
| CVE-2018-10571 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A |
| Multiple reflected cross-site scripting (XSS) vulnerabilities in OpenEMR before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) patient parameter to interface/main/finder/finder_navigation.php; (2) key parameter to interface/billing/get_claim_file.php; (3) formid or (4) formseq parameter to interface/orders/types.php; (5) eraname, (6) paydate, (7) post_to_date, (8) deposit_date, (9) debug, or (10) InsId parameter to interface/billing/sl_eob_process.php; (11) form_source, (12) form_paydate, (13) form_deposit_date, (14) form_amount, (15) form_name, (16) form_pid, (17) form_encounter, (18) form_date, or (19) form_to_date parameter to interface/billing/sl_eob_search.php; (20) codetype or (21) search_term parameter to interface/de_identification_forms/find_code_popup.php; (22) search_term parameter to interface/de_identification_forms/find_drug_popup.php; (23) search_term parameter to interface/de_identification_forms/find_immunization_popup.php; (24) id parameter to interface/forms/CAMOS/view.php; (25) id parameter to interface/forms/reviewofs/view.php; or (26) list_id parameter to library/custom_template/personalize.php. | ||||
| CVE-2018-10570 | 1 Frogcms Project | 1 Frogcms | 2024-11-21 | N/A |
| Frog CMS 0.9.5 has XSS in /install/index.php via the ['config']['admin_username'] field. | ||||
| CVE-2018-10569 | 1 Edimax | 2 Edimax Ew-7438rpn V2 Firmware, Ew-7438rpn Mini V2 | 2024-11-21 | N/A |
| An issue was discovered in Edimax EW-7438RPn Mini v2 before version 1.26. There is XSS in an SSID field. | ||||
| CVE-2018-10568 | 1 Flexense | 1 Disksorter | 2024-11-21 | N/A |
| XSS exists in Flexense DiskSorter Enterprise from v9.5.12 to v10.7. | ||||
| CVE-2018-10567 | 1 Flexense | 1 Vx Search | 2024-11-21 | N/A |
| XSS exists in Flexense VX Search Enterprise from v10.1.12 to v10.7. | ||||
| CVE-2018-10566 | 1 Flexense | 1 Dupscout | 2024-11-21 | N/A |
| XSS exists in Flexense DupScout Enterprise from v10.0.18 to v10.7. | ||||
| CVE-2018-10565 | 1 Flexense | 1 Disksavvy | 2024-11-21 | N/A |
| XSS exists in Flexense DiskSavvy Enterprise from v10.4 to v10.7. | ||||
| CVE-2018-10564 | 1 Flexense | 1 Diskpulse | 2024-11-21 | N/A |
| XSS exists in Flexense DiskPulse Enterprise from v10.4 to v10.7. | ||||
| CVE-2018-10563 | 1 Flexense | 1 Syncbreeze | 2024-11-21 | N/A |
| An XSS in Flexense SyncBreeze affects all versions (tested from SyncBreeze Enterprise from v10.1 to v10.7). | ||||
| CVE-2018-10554 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | N/A |
| An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; (2) includes/components/xicore/downtime.php, related to the update_pages function; (3) the ajaxhelper.php opts or background parameter; (4) the i[] array parameter to ajax_handler.php; or (5) the deploynotification.php title parameter. | ||||
| CVE-2018-10547 | 5 Canonical, Debian, Netapp and 2 more | 6 Ubuntu Linux, Debian Linux, Storage Automation Store and 3 more | 2024-11-21 | N/A |
| An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712. | ||||
| CVE-2018-10532 | 1 Ee | 2 4gee, 4gee Firmware | 2024-11-21 | N/A |
| An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70_E1_02.00_19 devices. Hardcoded root SSH credentials were discovered to be stored within the "core_app" binary utilised by the EE router for networking services. An attacker with knowledge of the default password (oelinux123) could login to the router via SSH as the root user, which could allow for the loss of confidentiality, integrity, and availability of the system. This would also allow for the bypass of the "AP Isolation" mode that is supported by the router, as well as the settings for multiple Wireless networks, which a user may use for guest clients. | ||||