Total
37657 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-19934 | 1 Solarwinds | 1 Serv-u Ftp Server | 2024-11-21 | N/A |
| SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting (XSS) in the Web management interface via URL path and HTTP POST parameter. | ||||
| CVE-2018-19933 | 1 Bolt | 1 Bolt Cms | 2024-11-21 | N/A |
| Bolt CMS <3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry. | ||||
| CVE-2018-19927 | 1 Zenitel | 2 Ip-stationweb, Ip-stationweb Firmware | 2024-11-21 | N/A |
| Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zForm_save_changes sip_nick parameter. The password of alphaadmin for the admin account may be used for authentication in some cases. | ||||
| CVE-2018-19926 | 1 Zenitel | 2 Ip-stationweb, Ip-stationweb Firmware | 2024-11-21 | N/A |
| Zenitel Norway IP-StationWeb before 4.2.3.9 allows reflected XSS via the goform/ PATH_INFO. | ||||
| CVE-2018-19924 | 1 Sales \& Company Management System Project | 1 Sales \& Company Management System | 2024-11-21 | N/A |
| An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. An email address can be modified in between the request for a validation code and the entry of the validation code, leading to storage of an XSS payload contained in the modified address. | ||||
| CVE-2018-19922 | 1 Actiontec | 2 C1000a, C1000a Firmware | 2024-11-21 | N/A |
| Persistent Cross-Site Scripting (XSS) in the advancedsetup_websiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary HTML into the 'TodUrlAdd' URL parameter in a /urlfilter.cmd POST request. | ||||
| CVE-2018-19921 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller. | ||||
| CVE-2018-19919 | 1 Pixelimity | 1 Pixelimity | 2024-11-21 | N/A |
| Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php data[title] parameter, as demonstrated by a crafted onload attribute of an SVG element. | ||||
| CVE-2018-19917 | 1 Microweber | 1 Microweber | 2024-11-21 | N/A |
| Microweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilities. | ||||
| CVE-2018-19915 | 1 Domainmod | 1 Domainmod | 2024-11-21 | N/A |
| DomainMOD through 4.11.01 has XSS via the assets/edit/host.php Web Host Name or Web Host URL field. | ||||
| CVE-2018-19914 | 1 Domainmod | 1 Domainmod | 2024-11-21 | N/A |
| DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field. | ||||
| CVE-2018-19913 | 1 Domainmod | 1 Domainmod | 2024-11-21 | N/A |
| DomainMOD through 4.11.01 has XSS via the assets/add/registrar-accounts.php UserName, Reseller ID, or notes field. | ||||
| CVE-2018-19903 | 1 Xsltcms.org Project | 1 Xsltcms.org | 2024-11-21 | N/A |
| Persistent XSS exists in XSLT CMS via the create/?action=items.edit&type=Page title field. | ||||
| CVE-2018-19902 | 1 No-cms Project | 1 No-cms | 2024-11-21 | N/A |
| No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article "keyword" parameter. | ||||
| CVE-2018-19901 | 1 No-cms Project | 1 No-cms | 2024-11-21 | N/A |
| No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article/index/ "article_title" parameter. | ||||
| CVE-2018-19892 | 1 Domainmod | 1 Domainmod | 2024-11-21 | N/A |
| DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field. | ||||
| CVE-2018-19877 | 1 Adiscon | 1 Loganalyzer | 2024-11-21 | N/A |
| login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field. | ||||
| CVE-2018-19849 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | N/A |
| An issue was discovered in YzmCMS 5.2. XSS exists via the admin/content/search.html searinfo parameter. | ||||
| CVE-2018-19845 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | N/A |
| There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to CVE-2018-16325. | ||||
| CVE-2018-19844 | 1 Frogcms Project | 1 Frogcms | 2024-11-21 | N/A |
| FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, which is mishandled during an edit action, a related issue to CVE-2018-10319. | ||||