Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (42955 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-14962 1 Zzcms 1 Zzcms 2024-11-21 N/A
zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php.
CVE-2018-14955 1 Squirrelmail 1 Squirrelmail 2024-11-21 N/A
The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute).
CVE-2018-14954 1 Squirrelmail 1 Squirrelmail 2024-11-21 N/A
The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute.
CVE-2018-14953 1 Squirrelmail 1 Squirrelmail 2024-11-21 N/A
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack.
CVE-2018-14952 1 Squirrelmail 1 Squirrelmail 2024-11-21 N/A
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack.
CVE-2018-14951 1 Squirrelmail 1 Squirrelmail 2024-11-21 N/A
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack.
CVE-2018-14950 1 Squirrelmail 1 Squirrelmail 2024-11-21 N/A
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<svg><a xlink:href=" attack.
CVE-2018-14943 1 Harmonicinc 2 Nsg 9000, Nsg 9000 Firmware 2024-11-21 N/A
Harmonic NSG 9000 devices have a default password of nsgadmin for the admin account, a default password of nsgguest for the guest account, and a default password of nsgconfig for the config account.
CVE-2018-14937 1 Mylittleforum 1 My Little Forum 2024-11-21 N/A
The Add page option in my little forum 2.4.12 allows XSS via the Menu Link field.
CVE-2018-14936 1 Mylittleforum 1 My Little Forum 2024-11-21 N/A
The Add page option in my little forum 2.4.12 allows XSS via the Title field.
CVE-2018-14935 1 Polycom 2 Trio 8500, Trio 8500 Firmware 2024-11-21 N/A
The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS.
CVE-2018-14929 1 Matera 1 Banco 2024-11-21 N/A
Matera Banco 1.0.0 is vulnerable to multiple reflected XSS, as demonstrated by the /contingency/web/index.jsp (aka home page) url parameter.
CVE-2018-14924 1 Matera 1 Banco 2024-11-21 N/A
Matera Banco 1.0.0 is vulnerable to multiple stored XSS, as demonstrated by the sca/privilegio/consultarUsuario.jsf "Nome Completo" (aka user fullname) field.
CVE-2018-14922 1 Monstra 1 Monstra 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Monstra CMS 3.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name field in the edit profile page.
CVE-2018-14919 1 Loytec 2 Lgate-902, Lgate-902 Firmware 2024-11-21 N/A
LOYTEC LGATE-902 6.3.2 devices allow XSS.
CVE-2018-14906 1 3cx 1 3cx Web Server 2024-11-21 N/A
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces' propertyPath parameters.
CVE-2018-14905 1 3cx 1 3cx Web Server 2024-11-21 N/A
The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter.
CVE-2018-14904 1 Samsung 1 Syncthru Web Service 2024-11-21 N/A
Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on several parameters, as demonstrated by ruiFw_pid.
CVE-2018-14901 1 Epson 1 Iprint 2024-11-21 N/A
The EPSON iPrint application 6.6.3 for Android contains hard-coded API and Secret keys for the Dropbox, Box, Evernote and OneDrive services.
CVE-2018-14899 1 Epson 2 Wf-2750, Wf-2750 Firmware 2024-11-21 N/A
On the EPSON WF-2750 printer with firmware JP02I2, the Web interface AirPrint Setup page is vulnerable to HTML Injection that can redirect users to malicious sites.