Search Results (83087 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-9034 1 Relevanssi 1 Relevanssi 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter.
CVE-2018-9027 1 Ca 1 Ca Privileged Access Manager 2024-11-21 N/A
A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link.
CVE-2018-9020 1 Pixelite 1 Events Manager 2024-11-21 N/A
The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature.
CVE-2018-9017 1 Dsmall Project 1 Dsmall 2024-11-21 N/A
dsmall v20180320 allows XSS via the member search box at the public/index.php/home/membersnsfriend/findlist.html URI.
CVE-2018-9016 1 Dsmall Project 1 Dsmall 2024-11-21 N/A
dsmall v20180320 allows XSS via the main page search box at the public/index.php/home URI.
CVE-2018-9015 1 Dsmall Project 1 Dsmall 2024-11-21 N/A
dsmall v20180320 allows XSS via the public/index.php/home/predeposit/index.html pdr_sn parameter (aka the CMS search box).
CVE-2018-8979 1 Open-audit 1 Open-audit 2024-11-21 N/A
Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI.
CVE-2018-8978 1 Open-audit 1 Open-audit 2024-11-21 N/A
Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an IMG element within a URI.
CVE-2018-8973 1 Otcms 1 Otcms 2024-11-21 N/A
OTCMS 3.20 allows XSS by adding a keyword or link to an article, as demonstrated by an admin/keyWord_deal.php?mudi=add request.
CVE-2018-8957 1 Covercms Project 1 Covercms 2024-11-21 N/A
CoverCMS v1.1.6 has XSS via the fourth input box to index.php, related to admina/mconfigs.inc.php.
CVE-2018-8949 1 Misp-project 1 Misp 2024-11-21 N/A
An issue was discovered in app/Model/Attribute.php in MISP before 2.4.89. There is a critical API integrity bug, potentially allowing users to delete attributes of other events. A crafted edit for an event (without attribute UUIDs but attribute IDs set) could overwrite an existing attribute.
CVE-2018-8948 1 Misp-project 1 Misp 2024-11-21 N/A
In MISP before 2.4.89, app/View/Events/resolved_attributes.ctp has multiple XSS issues via a malicious MISP module.
CVE-2018-8942 1 Xiuno Bbs Project 1 Xiuno Bbs 2024-11-21 N/A
Xiuno BBS 4.0.0 has XSS in the adminpage sitename parameter.
CVE-2018-8933 1 Amd 2 Epyc Server, Epyc Server Firmware 2024-11-21 N/A
The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3.
CVE-2018-8932 1 Amd 4 Ryzen, Ryzen Firmware, Ryzen Pro and 1 more 2024-11-21 N/A
The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4.
CVE-2018-8931 1 Amd 6 Ryzen, Ryzen Firmware, Ryzen Mobile and 3 more 2024-11-21 N/A
The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1.
CVE-2018-8928 1 Synology 1 Carddav Server 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the (1) family_name, (2) given_name, or (3) additional_name parameter.
CVE-2018-8924 1 Synology 1 Office 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in Title Tootip in Synology Office before 3.0.3-2143 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name.
CVE-2018-8923 1 Synology 1 File Station 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.
CVE-2018-8921 1 Synology 1 Drive Server 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive before 1.0.2-10275 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name.