Search Results (82938 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-20530 1 Website Seller Script Project 1 Website Seller Script 2024-11-21 N/A
PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a Profile field such as Company Address, a related issue to CVE-2018-15896.
CVE-2018-20524 1 Urlchatbox 1 Chat Anywhere 2024-11-21 N/A
The Chat Anywhere extension 2.4.0 for Chrome allows XSS via crafted use of <<a> in a message, because a danmuWrapper DIV element in chatbox-only\danmu.js is outside the scope of a Content Security Policy (CSP).
CVE-2018-20523 1 Mi 37 Redmi 4a, Redmi 4a Firmware, Redmi 5 Plus and 34 more 2024-11-21 5.3 Medium
Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider injection. In other words, a third-party application can read the user's cleartext browser history via an app.provider.query content://com.android.browser.searchhistory/searchhistory request.
CVE-2018-20520 1 1234n 1 Minicms 2024-11-21 N/A
MiniCMS V1.10 has XSS via the mc-admin/post-edit.php query string, a related issue to CVE-2018-10296 and CVE-2018-16233.
CVE-2018-20503 1 Alliedtelesis 2 8100l\/8, 8100l\/8 Firmware 2024-11-21 N/A
Allied Telesis 8100L/8 devices allow XSS via the edit-ipv4_interface.php vlanid or subnet_mask parameter.
CVE-2018-20500 1 Gitlab 1 Gitlab 2024-11-21 N/A
An insecure permissions issue was discovered in GitLab Community and Enterprise Edition 9.4 and later but before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. The runner registration token in the CI/CD settings could not be reset. This was a security risk if one of the maintainers leaves the group and they know the token.
CVE-2018-20496 1 Gitlab 1 Gitlab 2024-11-21 5.4 Medium
An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.
CVE-2018-20491 1 Gitlab 1 Gitlab 2024-11-21 5.4 Medium
An issue was discovered in GitLab Enterprise Edition 11.3.x and 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.
CVE-2018-20490 1 Gitlab 1 Gitlab 2024-11-21 5.4 Medium
An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.
CVE-2018-20486 1 Metinfo 1 Metinfo 2024-11-21 N/A
MetInfo 6.x through 6.1.3 has XSS via the /admin/login/login_check.php url_array[] parameter.
CVE-2018-20485 1 Zohocorp 1 Manageengine Adselfservice Plus 2024-11-21 N/A
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature.
CVE-2018-20484 1 Zohocorp 1 Manageengine Adselfservice Plus 2024-11-21 N/A
Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation.
CVE-2018-20476 1 S-cms 1 S-cms 2024-11-21 N/A
An issue was discovered in S-CMS 3.0. It allows XSS via the admin/demo.php T_id parameter.
CVE-2018-20472 1 Sahipro 1 Sahi Pro 2024-11-21 5.4 Medium
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. The logs web interface is vulnerable to stored XSS.
CVE-2018-20464 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 N/A
There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php. This vulnerability is triggered upon an attempt to modify a user's mailbox with the wrong format. The response contains the user's previously entered email address.
CVE-2018-20462 1 Jsmol2wp Project 1 Jsmol2wp 2024-11-21 N/A
An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter.
CVE-2018-20460 1 Radare 1 Radare2 2024-11-21 N/A
In radare2 prior to 3.1.2, the parseOperands function in libr/asm/arch/arm/armass64.c allows attackers to cause a denial-of-service (application crash caused by stack-based buffer overflow) by crafting an input file.
CVE-2018-20455 1 Radare 1 Radare2 2024-11-21 N/A
In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash via a stack-based buffer overflow) by crafting an input file, a related issue to CVE-2018-20456.
CVE-2018-20454 1 74cms 1 74cms 2024-11-21 N/A
An issue was discovered in 74cms v4.2.111. upload/index.php?c=resume&a=resume_list has XSS via the key parameter.
CVE-2018-20448 1 Frog Cms Project 1 Frog Cms 2024-11-21 N/A
Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI.