• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2018-10141

February 26, 2023 by

GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8.1.4 allows an unauthenticated attacker to inject arbitrary JavaScript or HTML.

CVE-2018-10164

February 26, 2023 by

Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the implementation of portalPictureUpload functionality. This is fixed in version 2.6.1_Windows.

CVE-2018-10165

February 26, 2023 by

Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the userName parameter in the local user creation functionality. This is fixed in version 2.6.1_Windows.

CVE-2018-10183

February 26, 2023 by

An issue was discovered in BigTree 4.2.22. There is cross-site scripting (XSS) in /core/inc/lib/less.php/test/index.php because of a $_SERVER[‘REQUEST_URI’] echo, as demonstrated by the dir parameter in a file=charsets action.

CVE-2018-10097

February 26, 2023 by

XSS exists in Domain Trader 2.5.3 via the recoverlogin.php email_address parameter.

CVE-2018-10102

February 26, 2023 by

Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 536
  • Go to page 537
  • Go to page 538
  • Go to page 539
  • Go to page 540
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE