Search Results (82965 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-20871 1 Univa 1 Grid Engine 2024-11-21 N/A
In Univa Grid Engine before 8.6.3, when configured for Docker jobs and execd spooling on root_squash, weak file permissions ("other" write access) occur in certain cases (GE-6890).
CVE-2018-20868 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interface (SEC-464).
CVE-2018-20866 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 76.0.8 has Stored XSS in the WHM "Reset a DNS Zone" feature (SEC-461).
CVE-2018-20865 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459).
CVE-2018-20859 1 Edx 1 Edx-platform 2024-11-21 6.1 Medium
edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem.
CVE-2018-20858 1 Edx 1 Recommender 2024-11-21 N/A
Recommender before 2018-07-18 allows XSS.
CVE-2018-20850 1 Stormshield 1 Stormshield Network Security 2024-11-21 N/A
Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server.
CVE-2018-20849 1 Arastta 1 Ecommerce 2024-11-21 N/A
Arastta eCommerce 1.6.2 is vulnerable to XSS via the PATH_INFO to the login/ URI.
CVE-2018-20848 1 Peel 1 Peel Shopping 2024-11-21 N/A
Advisto PEEL SHOPPING 9.0.0 has CSRF via en/achat/caddie_ajout.php and en/achat/caddie_affichage.php, as demonstrated by an XSS payload in the couleurId[0] parameter to the latter.
CVE-2018-20841 1 Hootoo 2 Tripmate Titan Ht-tm05, Tripmate Titan Ht-tm05 Firmware 2024-11-21 N/A
HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow remote command execution via shell metacharacters in the mac parameter of a protocol.csp?function=set&fname=security&opt=mac_table request.
CVE-2018-20840 1 Google 1 Api C\+\+ Client 2024-11-21 N/A
An unhandled exception vulnerability exists during Google Sign-In with Google API C++ Client before 2019-04-10. It potentially causes an outage of third-party services that were not designed to recover from exceptions. On the client, ID token handling can cause an unhandled exception because of misinterpretation of an integer as a string, resulting in denial-of-service and then other users can no longer login/sign-in to the affected third-party service. Once this third-party service uses Google Sign-In with google-api-cpp-client, a malicious user can trigger this client/auth/oauth2_authorization.cc vulnerability by requesting the client to receive the ID token from a Google authentication server.
CVE-2018-20838 1 Magazine3 1 Amp For Wp 2024-11-21 N/A
ampforwp_save_steps_data in the AMP for WP plugin before 0.9.97.21 for WordPress allows stored XSS.
CVE-2018-20837 1 Typesettercms 1 Typesetter 2024-11-21 N/A
include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu/Ajax?cmd=AddHidden title XSS.
CVE-2018-20827 1 Atlassian 1 Jira 2024-11-21 N/A
The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the country parameter.
CVE-2018-20824 1 Atlassian 1 Jira 2024-11-21 N/A
The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter.
CVE-2018-20819 1 Dropbox 1 Lepton 2024-11-21 N/A
io/ZlibCompression.cc in the decompression component in Dropbox Lepton 1.2.1 allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact by crafting a jpg image file. The root cause is a missing check of header payloads that may be (incorrectly) larger than the maximum file size.
CVE-2018-20816 1 Salesagility 1 Suitecrm 2024-11-21 N/A
An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a phished URL, with script executed.
CVE-2018-20814 2 Ivanti, Pulsesecure 2 Connect Secure, Pulse Policy Secure 2024-11-21 N/A
An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.3R2 before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX or PPS 5.2RX.
CVE-2018-20808 1 Ivanti 1 Connect Secure 2024-11-21 N/A
An XSS issue has been found with rd.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R3 due to improper header sanitization. This is not applicable to 8.1RX.
CVE-2018-20807 1 Ivanti 1 Connect Secure 2024-11-21 N/A
An XSS issue has been found in welcome.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1.x before 8.1R12, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 due to one of the URL parameters not being sanitized properly.