• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2018-19386

February 26, 2023 by

SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the ‘Try Again’ Button on the page, aka a /iwc/idcStateError.iwc?page= URI.

CVE-2018-19391

February 26, 2023 by

Cobham Satcom Sailor 250 and 500 devices before 1.25 contained persistent XSS, which could be exploited by an unauthenticated threat actor via the /index.lua?pageID=Phone%20book name field.

CVE-2018-19289

February 26, 2023 by

An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file.

CVE-2018-19301

February 26, 2023 by

tp4a TELEPORT 3.1.0 allows XSS via the login page because a crafted username is mishandled when an administrator later views the system log.

CVE-2018-19311

February 26, 2023 by

Centreon 3.4.x (fixed in Centreon 18.10.0) allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the “Monitoring > Status Details > Services” screen.

CVE-2018-19324

February 26, 2023 by

kimsQ Rb 2.3.0 allows XSS via the second input field to the /?r=home&mod=mypage&page=info URI.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 357
  • Go to page 358
  • Go to page 359
  • Go to page 360
  • Go to page 361
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE