Search Results (83088 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-9997 1 Open-xchange 1 Open-xchange Appsuite 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page with data-toggle gadgets.
CVE-2018-9993 1 Yunucms 1 Yunucms 2024-11-21 N/A
YUNUCMS 1.0.7 has XSS via the content title on an admin/content/addcontent/cid/## page (aka a news center page).
CVE-2018-9992 1 Frog Cms Project 1 Frog Cms 2024-11-21 N/A
Frog CMS 0.9.5 has XSS via the name field of a new "File" or "Directory" on the admin/?/plugin/file_manager/browse/ screen.
CVE-2018-9991 1 Frog Cms Project 1 Frog Cms 2024-11-21 N/A
Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter.
CVE-2018-9990 1 Zulip 1 Zulip Server 2024-11-21 N/A
In Zulip Server versions before 1.7.2, there was an XSS issue with stream names in topic typeahead.
CVE-2018-9987 1 Zulip 1 Zulip Server 2024-11-21 N/A
In Zulip Server versions 1.5.x, 1.6.x, and 1.7.x before 1.7.2, there was an XSS issue with muting notifications.
CVE-2018-9986 1 Zulip 1 Zulip Server 2024-11-21 N/A
In Zulip Server versions before 1.7.2, there were XSS issues with the frontend markdown processor.
CVE-2018-9985 1 Metinfo 1 Metinfo 2024-11-21 N/A
The front page of MetInfo 6.0 allows XSS by sending a feedback message to an administrator.
CVE-2018-9982 1 Foxitsoftware 2 Foxit Reader, Phantompdf 2024-11-21 N/A
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the Texture Width in U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5483.
CVE-2018-9943 1 Foxitsoftware 2 Foxit Reader, Phantompdf 2024-11-21 N/A
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the openList method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5377.
CVE-2018-9942 1 Foxitsoftware 2 Foxit Reader, Phantompdf 2024-11-21 N/A
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the record remove method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5376.
CVE-2018-9941 1 Foxitsoftware 2 Foxit Reader, Phantompdf 2024-11-21 N/A
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the record append method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5375.
CVE-2018-9940 1 Foxitsoftware 2 Foxit Reader, Phantompdf 2024-11-21 N/A
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the layout sheet attribute. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5374.
CVE-2018-9939 1 Foxitsoftware 2 Foxit Reader, Phantompdf 2024-11-21 N/A
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of layout elements. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5373.
CVE-2018-9938 1 Foxitsoftware 2 Foxit Reader, Phantompdf 2024-11-21 N/A
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the absPageSpan method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5372.
CVE-2018-9937 1 Foxitsoftware 2 Foxit Reader, Phantompdf 2024-11-21 N/A
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of subform elements. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5371.
CVE-2018-9936 1 Foxitsoftware 2 Foxit Reader, Phantompdf 2024-11-21 N/A
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of field elements. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5370.
CVE-2018-9928 1 Metinfo 1 Metinfo 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML via the webname or weburl parameter.
CVE-2018-9925 1 Icmsdev 1 Icms 2024-11-21 N/A
An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists via the nickname field in an admincp.php?app=user&do=save&frame=iPHP request.
CVE-2018-9867 1 Sonicwall 2 Sonicos, Sonicosv 2024-11-21 5.5 Medium
In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Gen 6 version 6.2.7.3, 6.5.1.3, 6.5.2.2, 6.5.3.1, 6.2.7.8, 6.4.0.0, 6.5.1.8, 6.0.5.3-86o and SonicOSv 6.5.0.2-8v_RC363 (VMWARE), 6.5.0.2.8v_RC367 (AZURE), SonicOSv 6.5.0.2.8v_RC368 (AWS), SonicOSv 6.5.0.2.8v_RC366 (HYPER_V).