• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2018-1921

February 26, 2023 by

IBM Campaign 9.1.0, 9.1.2, 10.1, and 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152857.

CVE-2018-19222

February 26, 2023 by

An issue was discovered in LAOBANCMS 2.0. It allows a /install/mysql_hy.php?riqi=0&i=0 attack to reset the admin password, even if install.txt exists.

CVE-2018-19223

February 26, 2023 by

An issue was discovered in LAOBANCMS 2.0. It allows XSS via the first input field to the admin/type.php?id=1 URI.

CVE-2018-1916

February 26, 2023 by

IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152740.

CVE-2018-19170

February 26, 2023 by

In JPress v1.0-rc.5, there is stored XSS via each of the first three input fields to the starter-tomcat-1.0/admin/setting URI, as demonstrated by the web_name parameter.

CVE-2018-19178

February 26, 2023 by

In JEESNS 1.3, com/lxinet/jeesns/core/utils/XssHttpServletRequestWrapper.java allows stored XSS via an HTML EMBED element, a different vulnerability than CVE-2018-17886.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 360
  • Go to page 361
  • Go to page 362
  • Go to page 363
  • Go to page 364
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE