• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2018-7834

February 26, 2023 by

A CWE-79 Cross-Site Scripting vulnerability exists in all versions of the TSXETG100 allowing an attacker to send a specially crafted URL with an embedded script to a user that would then be executed within the context of that user.

CVE-2018-7786

February 26, 2023 by

In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting (XSS) vulnerability exists which could allow injection of malicious scripts.

CVE-2018-7795

February 26, 2023 by

A Cross Protocol Injection vulnerability exists in Schneider Electric’s PowerLogic (PM5560 prior to FW version 2.5.4) product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code.

CVE-2018-7736

February 26, 2023 by

** DISPUTED ** In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the ZC_BLOG_SUBNAME parameter or ZC_UPLOAD_FILETYPE parameter. NOTE: the software maintainer disputes that this is a vulnerability.

CVE-2018-7741

February 26, 2023 by

Eramba e1.0.6.033 has Reflected XSS in the Date Filter via the created parameter to the /crons URI.

CVE-2018-7746

February 26, 2023 by

An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/manage/channel/modifychannel. For example, with a crafted channel name, stored XSS is triggered during a later /index.php?/manage/channel request by an admin.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 251
  • Go to page 252
  • Go to page 253
  • Go to page 254
  • Go to page 255
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE