Export limit exceeded: 45347 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45347 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-20141 | 1 Abantecart | 1 Abantecart | 2024-11-21 | N/A |
| AbanteCart 1.2.12 has reflected cross-site scripting (XSS) via the sort parameter, as demonstrated by a /apparel--accessories?sort= substring. | ||||
| CVE-2018-20140 | 1 Zenphoto | 1 Zenphoto | 2024-11-21 | N/A |
| Zenphoto 1.4.14 has multiple cross-site scripting (XSS) vulnerabilities via different URL parameters. | ||||
| CVE-2018-20138 | 1 Readymadeb2bscript | 1 Entrepreneur B2b Script | 2024-11-21 | 5.4 Medium |
| PHP Scripts Mall Entrepreneur B2B Script 3.0.6 allows Stored XSS via Account Settings fields such as FirstName and LastName, a similar issue to CVE-2018-14541. | ||||
| CVE-2018-20137 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | N/A |
| XSS exists in FUEL CMS 1.4.3 via the Page title, Meta description, or Meta keywords during page data management, as demonstrated by the pages/edit/1?lang=english URI. | ||||
| CVE-2018-20136 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | N/A |
| XSS exists in FUEL CMS 1.4.3 via the Header or Body in the Layout Variables during new-page creation, as demonstrated by the pages/edit/1?lang=english URI. | ||||
| CVE-2018-20121 | 1 Podcastgenerator | 1 Podcast Generator | 2024-11-21 | N/A |
| Podcast Generator 2.7 has stored cross-site scripting (XSS) via the URL addcategory parameter. | ||||
| CVE-2018-20101 | 1 Codection | 1 Import Users From Csv With Meta | 2024-11-21 | N/A |
| The codection "Import users from CSV with meta" plugin before 1.12.1 for WordPress allows XSS via the value of a cell. | ||||
| CVE-2018-20071 | 1 Google | 1 Chrome | 2024-11-21 | N/A |
| Insufficiently strict origin checks during JIT payment app installation in Payments in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to install a service worker for a domain that can host attacker controled files via a crafted HTML page. | ||||
| CVE-2018-20017 | 1 Sem-cms | 1 Semcms | 2024-11-21 | N/A |
| SEMCMS 3.5 has XSS via the first text box to the SEMCMS_Main.php URI. | ||||
| CVE-2018-20012 | 1 Phpcmf | 1 Phpcmf | 2024-11-21 | N/A |
| PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=member&c=register&m=index URI. | ||||
| CVE-2018-20011 | 1 Domainmod | 1 Domainmod | 2024-11-21 | N/A |
| DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field. | ||||
| CVE-2018-20010 | 1 Domainmod | 1 Domainmod | 2024-11-21 | N/A |
| DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field. | ||||
| CVE-2018-20009 | 1 Domainmod | 1 Domainmod | 2024-11-21 | N/A |
| DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field. | ||||
| CVE-2018-20006 | 1 Phpok | 1 Phpok | 2024-11-21 | N/A |
| An issue was discovered in PHPok v5.0.055. There is a Stored XSS vulnerability via the title parameter to api.php?c=post&f=save (reachable via the index.php?id=book URI). | ||||
| CVE-2018-1984 | 1 Ibm | 1 Rational Team Concert | 2024-11-21 | N/A |
| IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 154137. | ||||
| CVE-2018-1983 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Team Concert | 2024-11-21 | N/A |
| IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 154136. | ||||
| CVE-2018-1982 | 1 Ibm | 1 Rational Team Concert | 2024-11-21 | N/A |
| IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 154135. | ||||
| CVE-2018-1975 | 1 Ibm | 1 Rational Doors Web Access | 2024-11-21 | N/A |
| IBM Rational DOORS Web Access 9.5.1 through 9.5.2.9, and 9.6 through 9.6.1.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153916. | ||||
| CVE-2018-1967 | 1 Ibm | 1 Security Identity Manager | 2024-11-21 | N/A |
| IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153748. | ||||
| CVE-2018-1959 | 1 Ibm | 1 Security Identity Manager | 2024-11-21 | N/A |
| IBM Security Identity Manager 7.0.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 153633. | ||||