Export limit exceeded: 45693 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45693 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-2464 | 1 Sap | 1 Netweaver | 2024-11-21 | N/A |
| SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2018-2452 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 6.1 Medium |
| The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2018-2444 | 1 Sap | 1 Businessobjects Financial Consolidation | 2024-11-21 | N/A |
| SAP BusinessObjects Financial Consolidation, versions 10.0, 10.1, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2018-2435 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-11-21 | N/A |
| SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2018-2432 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | 5.4 Medium |
| SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to a Web user. Successful exploitation of this vulnerability may lead to advanced attacks, including: cross-site scripting and page hijacking. | ||||
| CVE-2018-2431 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | N/A |
| SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2018-2410 | 1 Sap | 1 Business One | 2024-11-21 | N/A |
| SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2018-2405 | 1 Sap | 1 Solution Manager | 2024-11-21 | N/A |
| SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting. | ||||
| CVE-2018-2399 | 1 Sap | 1 Process Monitoring Infrastructure | 2024-11-21 | N/A |
| Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to inefficient encoding of user controlled inputs. | ||||
| CVE-2018-2397 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | N/A |
| In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting. | ||||
| CVE-2018-2388 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | N/A |
| Stored cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53. | ||||
| CVE-2018-2383 | 1 Sap | 1 Internet Graphics Server | 2024-11-21 | N/A |
| Reflected cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53. | ||||
| CVE-2018-2371 | 1 Sap | 1 Netweaver Java Web Application | 2024-11-21 | N/A |
| The SAML 2.0 service provider of SAP Netweaver AS Java Web Application, 7.50, does not sufficiently encode user controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2018-2365 | 1 Sap | 1 Netweaver Portal | 2024-11-21 | N/A |
| SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2018-2364 | 1 Sap | 2 Customer Relationship Management Webclient Ui, S4fnd | 2024-11-21 | N/A |
| SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does not sufficiently validate and/or encode hidden fields, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2018-2021 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 6.1 Medium |
| IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155345. | ||||
| CVE-2018-2004 | 1 Ibm | 1 Jazz Reporting Service | 2024-11-21 | N/A |
| IBM Jazz Reporting Service (JRS) 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155006. | ||||
| CVE-2018-25097 | 1 Acumos | 1 Design Studio | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in Acumos Design Studio up to 2.0.7. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The name of the patch is 0df8a5e8722188744973168648e4c74c69ce67fd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-249420. | ||||
| CVE-2018-25086 | 1 Fanpress Cm Project | 1 Fanpress Cm | 2024-11-21 | 3.5 Low |
| A vulnerability was found in sea75300 FanPress CM up to 3.6.3. It has been classified as problematic. This affects the function getArticlesPreview of the file inc/controller/action/system/templatepreview.php of the component Template Preview. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.6.4 is able to address this issue. The patch is named c380d343c2107fcee55ab00eb8d189ce5e03369b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230235. | ||||
| CVE-2018-25085 | 1 Drupal | 1 Responsive Menus | 2024-11-21 | 2.4 Low |
| A vulnerability classified as problematic was found in Responsive Menus 7.x-1.x-dev on Drupal. Affected by this vulnerability is the function responsive_menus_admin_form_submit of the file responsive_menus.module of the component Configuration Setting Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 7.x-1.7 is able to address this issue. The patch is named 3c554b31d32a367188f44d44857b061eac949fb8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227755. | ||||