• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2018-12241

February 26, 2023 by

The Symantec Security Analytics (SA) 7.x prior to 7.3.4 Web UI is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker with knowledge of the SA web UI hostname or IP address can craft a malicious URL for the SA web UI and target SA web UI users with phishing attacks or other social engineering techniques. A successful attack allows injecting malicious JavaScript code into the SA web UI client application.

CVE-2018-12246

February 26, 2023 by

Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker can target end users protected by WI with social engineering attacks using crafted URLs for legitimate web sites. A successful attack allows injecting malicious JavaScript code into the website’s rendered copy running inside the end user’s web browser. It does not allow injecting code into the real (isolated) copy of the website running on the WI Threat Isolation Engine.

CVE-2018-12255

February 26, 2023 by

An XSS issue was discovered in InvoicePlane 1.5.10 via the “Quote PDF Password(Optional)” field.

CVE-2018-12266

February 26, 2023 by

systemerrors404.php in HongCMS 3.0.0 has XSS via crafted input that triggers a 404 HTTP status code.

CVE-2018-12272

February 26, 2023 by

xowl/request.php in Ximdex 4.0 has XSS via the content parameter.

CVE-2018-12273

February 26, 2023 by

The /edit URI in the DMS component in Ximdex 4.0 has XSS via the Ciudad or Nombre parameter.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 502
  • Go to page 503
  • Go to page 504
  • Go to page 505
  • Go to page 506
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE