Export limit exceeded: 14468 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45684 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45684 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-9243 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). This is fixed in 10.6.3, 10.5.7, and 10.4.7. | ||||
| CVE-2018-9238 | 1 Yahei | 1 Yahei Php Prober | 2024-11-21 | N/A |
| proberv.php in Yahei-PHP Proberv 0.4.7 has XSS via the funName parameter. | ||||
| CVE-2018-9237 | 1 Iscripts | 1 Easycreate | 2024-11-21 | N/A |
| iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site Description" field. | ||||
| CVE-2018-9236 | 1 Iscripts | 1 Easycreate | 2024-11-21 | N/A |
| iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site title" field. | ||||
| CVE-2018-9235 | 1 Iscripts | 1 Sonicbb | 2024-11-21 | N/A |
| iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php. | ||||
| CVE-2018-9195 | 1 Fortinet | 2 Forticlient, Fortios | 2024-11-21 | 5.9 Medium |
| Use of a hardcoded cryptographic key in the FortiGuard services communication protocol may allow a Man in the middle with knowledge of the key to eavesdrop on and modify information (URL/SPAM services in FortiOS 5.6, and URL/SPAM/AV services in FortiOS 6.0.; URL rating in FortiClient) sent and received from Fortiguard severs by decrypting these messages. Affected products include FortiClient for Windows 6.0.6 and below, FortiOS 6.0.7 and below, FortiClient for Mac OS 6.2.1 and below. | ||||
| CVE-2018-9186 | 1 Fortinet | 1 Fortiauthenticator | 2024-11-21 | N/A |
| A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header. | ||||
| CVE-2018-9183 | 1 Joomsky | 1 Js Jobs | 2024-11-21 | N/A |
| The Joom Sky JS Jobs extension before 1.2.1 for Joomla! has XSS. | ||||
| CVE-2018-9182 | 1 Lynxtechnology | 1 Twonky Server | 2024-11-21 | N/A |
| Twonky Server before 8.5.1 has XSS via a modified "language" parameter in the Language section. | ||||
| CVE-2018-9177 | 1 Lynxtechnology | 1 Twonky Server | 2024-11-21 | N/A |
| Twonky Server before 8.5.1 has XSS via a folder name on the Shared Folders screen. | ||||
| CVE-2018-9173 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter. | ||||
| CVE-2018-9172 | 1 Iptanus | 1 Wordpress File Upload | 2024-11-21 | N/A |
| The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes. | ||||
| CVE-2018-9169 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | N/A |
| Z-BlogPHP 1.5.1 has XSS via the zb_users/plugin/AppCentre/plugin_edit.php app_id parameter. The component must be accessed directly by an administrator, or through CSRF. | ||||
| CVE-2018-9163 | 1 Zohocorp | 1 Manageengine Recovery Manager Plus | 2024-11-21 | N/A |
| A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do. | ||||
| CVE-2018-9161 | 1 Prismaindustriale | 1 Checkweigher Prismaweb | 2024-11-21 | N/A |
| Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the prismaweb account by reading user/scripts/login_par.js. | ||||
| CVE-2018-9155 | 1 Open-audit | 1 Open-audit | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the Admin->Logs section (with a logs?logs.type= URI) and the Manage->Attributes section (via the "Name (display)" field to the attributes/create URI). | ||||
| CVE-2018-9149 | 1 Zyxel | 2 Ac3000, Ac3000 Firmware | 2024-11-21 | N/A |
| The Zyxel Multy X (AC3000 Tri-Band WiFi System) device doesn't use a suitable mechanism to protect the UART. After an attacker dismantles the device and uses a USB-to-UART cable to connect the device, he can use the 1234 password for the root account to login to the system. Furthermore, an attacker can start the device's TELNET service as a backdoor. | ||||
| CVE-2018-9147 | 1 Gespage | 1 Gespage | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerabilities in version 7.5.7 of Gespage software allow remote attackers to inject arbitrary web script or HTML via the email, passwd, and repasswd parameters to webapp/users/user_reg.jsp. | ||||
| CVE-2018-9140 | 1 Samsung | 1 Samsung Mobile | 2024-11-21 | N/A |
| On Samsung mobile devices with M(6.0) software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747. | ||||
| CVE-2018-9130 | 1 Ibos | 1 Ibos | 2024-11-21 | N/A |
| IBOS 4.4.3 has XSS via a company full name. | ||||