Search Results (82871 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-19917 1 Microweber 1 Microweber 2024-11-21 N/A
Microweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilities.
CVE-2018-19915 1 Domainmod 1 Domainmod 2024-11-21 N/A
DomainMOD through 4.11.01 has XSS via the assets/edit/host.php Web Host Name or Web Host URL field.
CVE-2018-19914 1 Domainmod 1 Domainmod 2024-11-21 N/A
DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field.
CVE-2018-19913 1 Domainmod 1 Domainmod 2024-11-21 N/A
DomainMOD through 4.11.01 has XSS via the assets/add/registrar-accounts.php UserName, Reseller ID, or notes field.
CVE-2018-19911 1 Freeswitch 1 Freeswitch 2024-11-21 N/A
FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute arbitrary commands via the api/system or txtapi/system (or api/bg_system or txtapi/bg_system) query string on TCP port 8080, as demonstrated by an api/system?calc URI. This can also be exploited via CSRF. Alternatively, the default password of works for the freeswitch account can sometimes be used.
CVE-2018-19908 1 Misp 1 Misp 2024-11-21 N/A
An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filename of the STIX import.
CVE-2018-19907 1 Craftercms 1 Crafter Cms 2024-11-21 N/A
A Server-Side Template Injection issue was discovered in Crafter CMS 3.0.18. Attackers with developer privileges may execute OS commands by Creating/Editing a template file (.ftl filetype) that triggers a call to freemarker.template.utility.Execute in the FreeMarker library during rendering of a web page.
CVE-2018-19903 1 Xsltcms.org Project 1 Xsltcms.org 2024-11-21 N/A
Persistent XSS exists in XSLT CMS via the create/?action=items.edit&type=Page title field.
CVE-2018-19902 1 No-cms Project 1 No-cms 2024-11-21 N/A
No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article "keyword" parameter.
CVE-2018-19901 1 No-cms Project 1 No-cms 2024-11-21 N/A
No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article/index/ "article_title" parameter.
CVE-2018-19892 1 Domainmod 1 Domainmod 2024-11-21 N/A
DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field.
CVE-2018-19877 1 Adiscon 1 Loganalyzer 2024-11-21 N/A
login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field.
CVE-2018-19860 2 Broadcom, Cypress 126 Bcm4335c0, Bcm4335c0 Firmware, Bcm43438a1 and 123 more 2024-11-21 N/A
Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command.
CVE-2018-19849 1 Yzmcms 1 Yzmcms 2024-11-21 N/A
An issue was discovered in YzmCMS 5.2. XSS exists via the admin/content/search.html searinfo parameter.
CVE-2018-19845 1 Get-simple 1 Getsimple Cms 2024-11-21 N/A
There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to CVE-2018-16325.
CVE-2018-19844 1 Frogcms Project 1 Frogcms 2024-11-21 N/A
FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, which is mishandled during an edit action, a related issue to CVE-2018-10319.
CVE-2018-19836 1 Metinfo 1 Metinfo 2024-11-21 N/A
In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers (including the Cookie header), and common.inc.php allows registering variables from the $_COOKIE value. This issue can, for example, be exploited in conjunction with CVE-2018-19835 to bypass many XSS filters such as the Chrome XSS filter.
CVE-2018-19835 1 Metinfo 1 Metinfo 2024-11-21 N/A
Metinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_columnerr4 parameter.
CVE-2018-19828 1 Artica 1 Integria Ims 2024-11-21 N/A
Artica Integria IMS 5.0.83 has XSS via the search_string parameter.
CVE-2018-19822 1 Infovista 1 Vistaportal 2024-11-21 N/A
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/SharedCriteria.jsp" has reflected XSS via the ConnPoolName or GroupId parameter.