Export limit exceeded: 45694 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45694 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-6010 | 1 Yiiframework | 1 Yiiframework | 2024-11-21 | N/A |
| In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php. | ||||
| CVE-2018-6002 | 1 Webartisan | 1 Soundy Background Music | 2024-11-21 | N/A |
| The Soundy Background Music plugin 3.9 and below for WordPress has Cross-Site Scripting via soundy-background-music\templates\front-end.php (war_soundy_preview parameter). | ||||
| CVE-2018-6001 | 1 Webartisan | 1 Soundy Audio Playlist | 2024-11-21 | N/A |
| The Soundy Audio Playlist plugin 4.6 and below for WordPress has Cross-Site Scripting via soundy-audio-playlist\templates\front-end.php (war_sdy_pl_preview parameter). | ||||
| CVE-2018-5967 | 1 Netis-systems | 2 Wf2419, Wf2419 Firmware | 2024-11-21 | N/A |
| Netis WF2419 V2.2.36123 devices allow XSS via the Description parameter on the Bandwidth Control Rule Settings page. | ||||
| CVE-2018-5965 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A |
| CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter. | ||||
| CVE-2018-5964 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A |
| CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter. | ||||
| CVE-2018-5963 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A |
| CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter. | ||||
| CVE-2018-5962 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | N/A |
| index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the id parameter to the phpini_editor module or the email_address parameter to the mail_add-new module. | ||||
| CVE-2018-5961 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | N/A |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of the `index.php` file. | ||||
| CVE-2018-5950 | 4 Canonical, Debian, Gnu and 1 more | 10 Ubuntu Linux, Debian Linux, Mailman and 7 more | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL. | ||||
| CVE-2018-5799 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | N/A |
| In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139. | ||||
| CVE-2018-5798 | 1 Cloudera | 1 Cloudera Manager | 2024-11-21 | N/A |
| This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager. | ||||
| CVE-2018-5797 | 1 Extremenetworks | 1 Extremewireless Wing | 2024-11-21 | N/A |
| An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is an Smint_encrypt Hardcoded AES Key that can be used for packet decryption (obtaining cleartext credentials) by an attacker who has access to a wired port. | ||||
| CVE-2018-5776 | 1 Wordpress | 1 Wordpress | 2024-11-21 | N/A |
| WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement). | ||||
| CVE-2018-5773 | 1 Python-markdown2 Project | 1 Python-markdown2 | 2024-11-21 | N/A |
| An issue was discovered in markdown2 (aka python-markdown2) through 2.3.5. The safe_mode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be triggered, as demonstrated by omitting the final '>' character from an IMG tag. | ||||
| CVE-2018-5768 | 1 Tendacn | 2 Ac15, Ac15 Firmware | 2024-11-21 | N/A |
| A remote, unauthenticated attacker can gain remote code execution on the the Tenda AC15 router with a specially crafted password parameter for the COOKIE header. | ||||
| CVE-2018-5754 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related to copying content to the clipboard. | ||||
| CVE-2018-5725 | 1 Barni | 2 Master Ip Camera01, Master Ip Camera01 Firmware | 2024-11-21 | N/A |
| MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Change, as demonstrated by the port number of the web server. | ||||
| CVE-2018-5723 | 1 Barni | 2 Master Ip Camera01, Master Ip Camera01 Firmware | 2024-11-21 | N/A |
| MASTER IPCAMERA01 3.3.4.2103 devices have a hardcoded password of cat1029 for the root account. | ||||
| CVE-2018-5715 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | N/A |
| phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable). | ||||