Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-16718 1 Nih 1 Ncbi Toolbox 2024-11-21 N/A
An XSS vulnerability exists in wwwblast.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox via a crafted -z1 argument.
CVE-2018-16655 1 Gxlcms 1 Gxlcms 2024-11-21 N/A
Gxlcms 1.0 has XSS via the PATH_INFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php.
CVE-2018-16654 1 Zurmo 1 Zurmo Crm 2024-11-21 N/A
Zurmo 3.2.4 Stable allows XSS via app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1.
CVE-2018-16653 1 Rejucms Project 1 Rejucms 2024-11-21 N/A
rejucms 2.1 has XSS via the ucenter/cms_user_add.php u_name parameter.
CVE-2018-16639 1 Typesettercms 1 Typesetter 2024-11-21 N/A
Typesetter 5.1 allows XSS via the index.php/Admin LABEL parameter during new page creation.
CVE-2018-16638 1 Modx 1 Evolution Cms 2024-11-21 N/A
Evolution CMS 1.4.x allows XSS via the manager/ search parameter.
CVE-2018-16637 1 Modx 1 Evolution Cms 2024-11-21 N/A
Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI.
CVE-2018-16636 1 Nucleuscms 1 Nucleus Cms 2024-11-21 N/A
Nucleus CMS 3.70 allows HTML Injection via the index.php body parameter.
CVE-2018-16635 1 Blackcat-cms 1 Blackcat Cms 2024-11-21 N/A
Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php.
CVE-2018-16633 1 Pluck-cms 1 Pluck 2024-11-21 N/A
Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title.
CVE-2018-16632 1 Jupo 1 Mezzanine 2024-11-21 N/A
Mezzanine CMS v4.3.1 allows XSS via the /admin/blog/blogcategory/add/?_to_field=id&_popup=1 title parameter at admin/blog/blogpost/add/.
CVE-2018-16631 1 Intelliants 1 Subrion Cms 2024-11-21 N/A
Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter.
CVE-2018-16630 1 Getkirby 1 Kirby 2024-11-21 N/A
Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file.
CVE-2018-16629 1 Intelliants 1 Subrion Cms 2024-11-21 N/A
panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element.
CVE-2018-16628 1 Getkirby 1 Kirby 2024-11-21 N/A
panel/login in Kirby v2.5.12 allows XSS via a blog name.
CVE-2018-16626 1 Typesettercms 1 Typesetter 2024-11-21 N/A
index.php/Admin/Classes in Typesetter 5.1 allows XSS via the description of a new class name.
CVE-2018-16625 1 Typesettercms 1 Typesetter 2024-11-21 N/A
index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file with JavaScript in a SCRIPT element.
CVE-2018-16624 1 Getkirby 1 Kirby 2024-11-21 N/A
panel/pages/home/edit in Kirby v2.5.12 allows XSS via the title of a new page.
CVE-2018-16623 1 Getkirby 1 Kirby 2024-11-21 N/A
Kirby V2.5.12 is prone to a Persistent XSS attack via the Title of the "Site options" in the admin panel dashboard dropdown.
CVE-2018-16622 1 Html-js 1 Doracms 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in /api/content/addOne in DoraCMS v2.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) discription or (2) comments field, related to users/userAddContent.