Export limit exceeded: 343520 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45296 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-17218 | 1 Ptc | 1 Thingworx Platform | 2024-11-21 | 5.4 Medium |
| An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is reflected XSS in the SQUEAL search function. | ||||
| CVE-2018-17217 | 1 Ptc | 1 Thingworx Platform | 2024-11-21 | N/A |
| An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is a hardcoded encryption key. | ||||
| CVE-2018-17193 | 1 Apache | 1 Nifi | 2024-11-21 | N/A |
| The message-page.jsp error page used the value of the HTTP request header X-ProxyContextPath without sanitization, resulting in a reflected XSS attack. Mitigation: The fix to correctly parse and sanitize the request attribute value was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release. | ||||
| CVE-2018-17184 | 1 Apache | 1 Syncope | 2024-11-21 | N/A |
| A malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into Connector names, Report names, AnyTypeClass keys and Policy descriptions. When another user with enough administration entitlements edits one of the Entities above via Admin Console, the injected JavaScript code is executed. | ||||
| CVE-2018-17167 | 1 Printeron | 1 Printeron | 2024-11-21 | N/A |
| PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Machine Host Name" or "Server Serial Number" field in the clustering configuration, (2) "name" field in the Edit Group configuration, (3) "Rule Name" field in the Access Control configuration, (4) "Service Name" in the Service Configuration, or (5) First Name or Last Name field in the Edit Account configuration. | ||||
| CVE-2018-17150 | 1 Intersystems | 1 Cache | 2024-11-21 | N/A |
| Intersystems Cache 2017.2.2.865.0 allows XSS. | ||||
| CVE-2018-17147 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | N/A |
| Nagios XI before 5.5.4 has XSS in the auto login admin management page. | ||||
| CVE-2018-17146 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | N/A |
| A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 via the 'name' parameter within the Account Information page. Exploitation of this vulnerability allows an attacker to execute arbitrary JavaScript code within the auto login admin management page. | ||||
| CVE-2018-17140 | 1 Vms-studio | 1 Quizlord | 2024-11-21 | N/A |
| The Quizlord plugin through 2.0 for WordPress is prone to Stored XSS via the title parameter in a ql_insert action to wp-admin/admin.php. | ||||
| CVE-2018-17138 | 1 Nickelpro | 1 Jibu Pro | 2024-11-21 | N/A |
| The Jibu Pro plugin through 1.7 for WordPress is prone to Stored XSS via the wp-content/plugins/jibu-pro/quiz_action.php name (aka Quiz Name) field. | ||||
| CVE-2018-17130 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | N/A |
| PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header, | ||||
| CVE-2018-17128 | 1 Mybb | 1 Mybb | 2024-11-21 | N/A |
| A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode. | ||||
| CVE-2018-17113 | 1 Easycms | 1 Easycms | 2024-11-21 | N/A |
| App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf in EasyCMS 1.5 has XSS via the uploadifyID or movieName parameter, a related issue to CVE-2018-9173. | ||||
| CVE-2018-17090 | 1 I4a | 1 Donlinkage | 2024-11-21 | N/A |
| An issue was discovered in DonLinkage 6.6.8. The modules /pages/bazy/bazy_adresow.php and /pages/proxy/add.php are vulnerable to stored XSS that can be triggered by closing <textarea> followed by <script></script> tags. | ||||
| CVE-2018-17086 | 1 Otcms | 1 Otcms | 2024-11-21 | N/A |
| An issue was discovered in OTCMS 3.61. XSS exists in admin/share_switch.php via these parameters: fieldName fieldName2 tabName. | ||||
| CVE-2018-17085 | 1 Otcms | 1 Otcms | 2024-11-21 | N/A |
| An issue was discovered in OTCMS 3.61. XSS exists in admin/users.php via these parameters: dataTypeCN dataMode dataModeStr. | ||||
| CVE-2018-17082 | 4 Debian, Netapp, Php and 1 more | 4 Debian Linux, Storage Automation Store, Php and 1 more | 2024-11-21 | N/A |
| The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c. | ||||
| CVE-2018-17079 | 1 Zrlog | 1 Zrlog | 2024-11-21 | N/A |
| An issue was discovered in ZRLOG 2.0.1. There is a Stored XSS vulnerability in the nickname field of the comment area. | ||||
| CVE-2018-17077 | 1 Yiqicms Project | 1 Yiqicms | 2024-11-21 | N/A |
| An issue was discovered in yiqicms through 2016-11-20. There is stored XSS in comment.php because a length limit can be bypassed. | ||||
| CVE-2018-17062 | 1 Seacms | 1 Seacms | 2024-11-21 | N/A |
| An issue was discovered in SeaCMS 6.64. XSS exists in admin_video.php via the action, area, type, yuyan, jqtype, v_isunion, v_recycled, v_ismoney, or v_ispsd parameter. | ||||