Export limit exceeded: 45591 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45591 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-11635 | 1 Dialogic | 1 Powermedia Xms | 2024-11-21 | N/A |
| Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to bypass authentication. | ||||
| CVE-2018-11629 | 1 Lutron | 6 Homeworks Qs, Homeworks Qs Firmware, Radiora 2 and 3 more | 2024-11-21 | N/A |
| Default and unremovable support credentials (user:lutron password:integration) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the HomeWorks QS Lutron integration protocol Revision M to Revision Y. NOTE: The vendor disputes this id as not being a vulnerability because what can be done through the ports revolve around controlling lighting, not code execution. A certain set of commands are listed, which bear some similarity to code, but they are not arbitrary and do not allow admin-level control of a machine | ||||
| CVE-2018-11628 | 1 Emssoftware | 1 Ems Master Calendar | 2024-11-21 | N/A |
| Data input into EMS Master Calendar before 8.0.0.201805210 via URL parameters is not properly sanitized, allowing malicious attackers to send a crafted URL for XSS. | ||||
| CVE-2018-11627 | 2 Redhat, Sinatrarb | 3 Cloudforms, Cloudforms Managementengine, Sinatra | 2024-11-21 | N/A |
| Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception. | ||||
| CVE-2018-11588 | 1 Centreon | 2 Centreon, Centreon Web | 2024-11-21 | N/A |
| Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php. | ||||
| CVE-2018-11583 | 1 Seacms | 1 Seacms | 2024-11-21 | N/A |
| SeaCMS 6.61 has stored XSS in admin_collect.php via the siteurl parameter. | ||||
| CVE-2018-11581 | 1 Brother | 4 Hl-l2340d, Hl-l2340d Firmware, Hl-l2380dw and 1 more | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability on Brother HL series printers allows remote attackers to inject arbitrary web script or HTML via the url parameter to etc/loginerror.html. | ||||
| CVE-2018-11580 | 1 Multidots | 1 Mass Pages\/posts Creator | 2024-11-21 | N/A |
| An issue was discovered in mass-pages-posts-creator.php in the MULTIDOTS Mass Pages/Posts Creator plugin 1.2.2 for WordPress. Any logged in user can launch Mass Pages/Posts creation with custom content. There is no nonce or user capability check, so anyone can launch a DoS attack against a site and create hundreds of thousands of posts with custom content. | ||||
| CVE-2018-11572 | 1 Clippercms | 1 Clippercms | 2024-11-21 | N/A |
| ClipperCMS 1.3.3 has XSS in the "Module name" field in a "Modules -> Manage modules -> edit" action to the manager/ URI. | ||||
| CVE-2018-11568 | 1 Cactusthemes | 1 Gameplan-event And Gym Fitness | 2024-11-21 | N/A |
| Reflected XSS is possible in the GamePlan theme through 1.5.13.2 for WordPress because of insufficient input sanitization, as demonstrated by the s parameter. In some (but not all) cases, the '<' and '>' characters have < and > representations. | ||||
| CVE-2018-11564 | 1 Pagekit | 1 Pagekit | 2024-11-21 | N/A |
| Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG format. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/poc.svg" that will point to http://localhost/pagekit/storage/poc.svg. When a user comes along to click that link, it will trigger a XSS attack. | ||||
| CVE-2018-11562 | 1 Misp | 1 Misp | 2024-11-21 | N/A |
| An issue was discovered in MISP 2.4.91. A vulnerability in app/View/Elements/eventattribute.ctp allows reflected XSS if a user clicks on a malicious link for an event view and then clicks on the deleted attributes quick filter. | ||||
| CVE-2018-11559 | 1 Domainmod | 1 Domainmod | 2024-11-21 | N/A |
| DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_last_name parameter. | ||||
| CVE-2018-11558 | 1 Domainmod | 1 Domainmod | 2024-11-21 | N/A |
| DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_first_name parameter. | ||||
| CVE-2018-11557 | 1 Yiban | 1 Easy Class Education Platform | 2024-11-21 | N/A |
| YIBAN Easy class education platform 2.0 has XSS via the articlelist.php k parameter. | ||||
| CVE-2018-11553 | 1 Sgin | 1 Xiangyun Platform | 2024-11-21 | N/A |
| SGIN.CN xiangyun platform V9.4.10 has XSS via the login_url parameter to /login.php. | ||||
| CVE-2018-11552 | 1 Nch | 1 Axon Pbx | 2024-11-21 | N/A |
| There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON->Auto-Dialer->Agents->Name" field. The vulnerability exists due to insufficient filtration of user-supplied data. A remote attacker can execute arbitrary HTML and script code in a browser in the context of the vulnerable application. | ||||
| CVE-2018-11532 | 1 Changuondyu Advanced Statistics Project | 1 Changuondyu Advanced Statistics | 2024-11-21 | N/A |
| An issue was discovered in the ChangUonDyU Advanced Statistics plugin 1.0.2 for MyBB. changstats.php has XSS, as demonstrated by a subject field. | ||||
| CVE-2018-11522 | 1 Yosoro Project | 1 Yosoro | 2024-11-21 | N/A |
| Yosoro 1.0.4 has stored XSS. | ||||
| CVE-2018-11512 | 1 Creatiwity | 1 Witycms | 2024-11-21 | N/A |
| Stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to admin/settings/general. | ||||