• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2018-19146

February 26, 2023 by

Concrete5 8.4.3 has XSS because config/concrete.php allows uploads (by administrators) of SVG files that may contain HTML data with a SCRIPT element.

CVE-2018-1908

February 26, 2023 by

IBM Robotic Process Automation with Automation Anywhere 11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152671.

CVE-2018-19080

February 26, 2023 by

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetHostname method allows unauthenticated persistent XSS.

CVE-2018-19083

February 26, 2023 by

WeCenter 3.2.0 through 3.2.2 has XSS in the views/default/question/index.tpl.html htmlspecialchars_decode function via the /?/publish/ajax/publish_question/ question_content parameter.

CVE-2018-19089

February 26, 2023 by

tianti 2.3 has stored XSS in the userlist module via the tianti-module-admin/user/ajax/save_role name parameter, which is mishandled in tianti-module-adminsrcmainwebappWEB-INFviewsuseruser_list.jsp.

CVE-2018-19090

February 26, 2023 by

tianti 2.3 has stored XSS in the article management module via an article title.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 364
  • Go to page 365
  • Go to page 366
  • Go to page 367
  • Go to page 368
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE