Export limit exceeded: 18443 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 44794 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44794 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-0513 | 1 Mtssb.mt-systems | 1 Simple Booking | 2024-11-21 | N/A |
| Cross-site scripting vulnerability in MTS Simple Booking C, MTS Simple Booking Business version 1.28.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2018-0511 | 1 Meowapps | 1 Wp Retina 2x | 2024-11-21 | N/A |
| Cross-site scripting vulnerability in WP Retina 2x prior to version 5.2.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2018-0508 | 1 Kkcald Project | 1 Kkcald | 2024-11-21 | N/A |
| Cross-site scripting vulnerability in epg search result viewer (kkcald) 0.7.21 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2018-0503 | 3 Debian, Mediawiki, Redhat | 3 Debian Linux, Mediawiki, Openshift | 2024-11-21 | N/A |
| Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'. | ||||
| CVE-2018-0499 | 2 Canonical, Xapian | 2 Ubuntu Linux, Xapian-core | 2024-11-21 | N/A |
| A cross-site scripting vulnerability in queryparser/termgenerator_internal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet(). | ||||
| CVE-2018-0059 | 1 Juniper | 1 Netscreen Screenos | 2024-11-21 | N/A |
| A persistent cross-site scripting vulnerability in the graphical user interface of ScreenOS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. Affected releases are Juniper Networks ScreenOS 6.3.0 versions prior to 6.3.0r26. | ||||
| CVE-2018-0047 | 1 Juniper | 1 Junos Space | 2024-11-21 | N/A |
| A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow stealing of information or performing actions as a different user when other users access the Security Director web interface. This issue affects all versions of Juniper Networks Junos Space Security Director prior to 17.2R2. | ||||
| CVE-2018-0046 | 1 Juniper | 1 Junos Space | 2024-11-21 | N/A |
| A reflected cross-site scripting vulnerability in OpenNMS included with Juniper Networks Junos Space may allow the stealing of sensitive information or session credentials from Junos Space administrators or perform administrative actions. This issue affects Juniper Networks Junos Space versions prior to 18.2R1. | ||||
| CVE-2018-0041 | 1 Juniper | 1 Contrail Service Orchestration | 2024-11-21 | N/A |
| Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 use hardcoded credentials to access Keystone service. These credentials allow network based attackers unauthorized access to information stored in keystone. | ||||
| CVE-2018-0040 | 1 Juniper | 1 Contrail Service Orchestration | 2024-11-21 | N/A |
| Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized access to services. | ||||
| CVE-2018-0039 | 1 Juniper | 1 Contrail Service Orchestration | 2024-11-21 | N/A |
| Juniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Grafana or exploit other weaknesses or vulnerabilities in Grafana. | ||||
| CVE-2018-0038 | 1 Juniper | 1 Contrail Service Orchestration | 2024-11-21 | N/A |
| Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Cassandra. | ||||
| CVE-2018-0011 | 1 Juniper | 1 Junos Space | 2024-11-21 | N/A |
| A reflected cross site scripting (XSS) vulnerability in Junos Space may potentially allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a session, and to perform administrative actions on the Junos Space network management device. | ||||
| CVE-2017-9838 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | N/A |
| Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting (XSS) vulnerabilities in versions before 5.0.4: index.php (leftmenu parameter), core/ajax/box.php (PATH_INFO), product/stats/card.php (type parameter), holiday/list.php (month_create, month_start, and month_end parameters), and don/card.php (societe, lastname, firstname, address, zipcode, town, and email parameters). | ||||
| CVE-2017-9821 | 1 Npci | 1 Bharat Interface For Money \(bhim\) | 2024-11-21 | N/A |
| The National Payments Corporation of India BHIM application 1.3 for Android relies on three hardcoded strings (AK-NPCIMB, IM-NPCIBM, and VK-NPCIBM) for SMS validation, which makes it easier for attackers to bypass authentication. | ||||
| CVE-2017-9808 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | N/A |
| OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS). | ||||
| CVE-2017-9786 | 1 Projectsend | 1 Projectsend | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote attackers to inject arbitrary web script or HTML via the Description field in My account Name updated, related to home.php and actions-log.php. | ||||
| CVE-2017-9783 | 1 Projectsend | 1 Projectsend | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote attackers to inject arbitrary web script or HTML via the Description field in a Site name updated. | ||||
| CVE-2017-9656 | 1 Philips | 1 Dosewise | 2024-11-21 | N/A |
| The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevated privileges are first required for an attacker to access the web application backend system files that contain the hard-coded credentials. Successful exploitation may allow a remote attacker to gain access to the database of the DWP application, which contains PHI. CVSS v3 base score: 9.1, CVSS vector string: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H. | ||||
| CVE-2017-9425 | 1 Facetag Project | 1 Facetag | 2024-11-21 | N/A |
| The Facetag extension 0.0.3 for Piwigo allows XSS via the name parameter to ws.php in a facetag.changeTag action. | ||||