Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3290 matches found

OSV
OSVadded 2020/08/03 9:15 p.m.1 views

CVE-2020-11583

A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter...

6.1CVSS5.9AI score0.01017EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletinsadded 2020/07/31 2:35 p.m.14 views

Security Bulletin: Financial Transaction Manager for High Value Payments is affected by a potential Cross-Site Scripting (Reflected) vulnerability (CVE-2020-4560)

Summary This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Vulnerability Details CVEID: CVE-2020-4560 DESCRIPTION: IBM Financial Transaction Manager is...

6.1CVSS6.2AI score0.00852EPSS
Exploits0Affected Software1
Veracode
Veracodeadded 2020/07/30 2:4 a.m.19 views

Cross-site Scripting (XSS)

magento is vulnerable to cross-site scripting XSS. The vulnerability exists as it does not sanitize the values of importedfile, 'Download', and $row-getData'errorfile', allowing an attacker to inject and execute arbitrary Javascript in a user's browser...

9.6CVSS3AI score0.06018EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2020/07/29 2:15 p.m.1 views

CVE-2020-4645

IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force I...

5.4CVSS5.4AI score0.00561EPSS
Exploits0References2
NVD
NVDadded 2020/07/23 8:15 p.m.21 views

CVE-2019-18834

Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCSAdminPostTypes in class-wcs-admin-post-types.php...

6.1CVSS6.4AI score0.01628EPSS
Exploits1References3
Prion
Prionadded 2020/07/23 8:15 p.m.12 views

Cross site scripting

Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCSAdminPostTypes in class-wcs-admin-post-types.php...

4.3CVSS6.4AI score0.01628EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2020/07/23 7:42 p.m.29 views

CVE-2019-18834

Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCSAdminPostTypes in class-wcs-admin-post-types.php...

6.4AI score0.01628EPSS
Exploits1References3
NVD
NVDadded 2020/07/21 6:15 p.m.14 views

CVE-2020-14063

A stored Cross-Site Scripting XSS vulnerability in the TC Custom JavaScript plugin before 1.2.2 for WordPress allows unauthenticated remote attackers to inject arbitrary JavaScript via the tccj-content parameter. This is displayed in the page footer of every front-end page and executed in the...

6.1CVSS6AI score0.01367EPSS
Exploits1References2
Prion
Prionadded 2020/07/21 6:15 p.m.22 views

Cross site scripting

A stored Cross-Site Scripting XSS vulnerability in the TC Custom JavaScript plugin before 1.2.2 for WordPress allows unauthenticated remote attackers to inject arbitrary JavaScript via the tccj-content parameter. This is displayed in the page footer of every front-end page and executed in the...

4.3CVSS6AI score0.01367EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2020/07/21 5:12 p.m.13 views

CVE-2020-14063

A stored Cross-Site Scripting XSS vulnerability in the TC Custom JavaScript plugin before 1.2.2 for WordPress allows unauthenticated remote attackers to inject arbitrary JavaScript via the tccj-content parameter. This is displayed in the page footer of every front-end page and executed in the...

6AI score0.01367EPSS
Exploits1References2
Prion
Prionadded 2020/07/20 4:15 p.m.8 views

Cross site scripting

docsify prior to 4.11.4 is susceptible to Cross-site Scripting XSS. Docsify.js uses fragment identifiers parameters after sign to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the // domain.com///attacker.com and render...

4.3CVSS6AI score0.045EPSS
Exploits5References6Affected Software1
Veracode
Veracodeadded 2020/07/16 4:6 a.m.14 views

Cross-Site Scripting (XSS)

francoisjacquet/rosariosis is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the includeinactive parameter in PrintSchedules.php...

6.1CVSS4.3AI score0.06325EPSS
Exploits2References5Affected Software1
Veracode
Veracodeadded 2020/07/08 4:10 a.m.19 views

Cross-Site Scripting (XSS)

teaminmedias-pluswerk/kesearch aka Faceted Search extension of Typo3 is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via parameters such as content,abstract,message,tag, title in the backend module controller...

5.4CVSS4.7AI score0.00555EPSS
Exploits0References3Affected Software1
CNVD
CNVDadded 2020/07/08 12:0 a.m.1 views

NeDi Consulting NeDi Cross-Site Scripting Vulnerability (CNVD-2020-44580)

NeDi Consulting NeDi is a suite of open source software that supports the discovery and mapping of network devices from the Swiss company NeDi Consulting. A cross-site scripting vulnerability exists in NeDi Consulting NeDi version 1.9C. The vulnerability can be exploited to execute arbitrary...

5.4CVSS6.6AI score0.00557EPSS
Exploits0References1
CNVD
CNVDadded 2020/07/08 12:0 a.m.1 views

NeDi Consulting NeDi Cross-Site Scripting Vulnerability (CNVD-2020-44577)

NeDi Consulting NeDi is a suite of open source software that supports the discovery and mapping of network devices from the Swiss company NeDi Consulting. A cross-site scripting vulnerability exists in NeDi Consulting NeDi version 1.9C. The vulnerability can be exploited to execute arbitrary...

5.4CVSS6.7AI score0.00568EPSS
Exploits0References1
CNVD
CNVDadded 2020/07/08 12:0 a.m.1 views

NeDi Consulting NeDi Cross-Site Scripting Vulnerability (CNVD-2020-44573)

NeDi Consulting NeDi is a suite of open source software that supports the discovery and mapping of network devices from the Swiss company NeDi Consulting. A cross-site scripting vulnerability exists in NeDi Consulting NeDi version 1.9C. The vulnerability can be exploited to execute arbitrary...

5.4CVSS6.7AI score0.00545EPSS
Exploits1References1
OSV
OSVadded 2020/07/07 4:15 p.m.1 views

CVE-2020-15032

NeDi 1.9C is vulnerable to cross-site scripting XSS attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Incidents.php id parameter...

5.4CVSS6.2AI score
Exploits0References2
NVD
NVDadded 2020/07/07 4:15 p.m.11 views

CVE-2020-15030

NeDi 1.9C is vulnerable to cross-site scripting XSS attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Routes.php rtr parameter...

5.4CVSS0.00568EPSS
Exploits0References2
NVD
NVDadded 2020/07/07 4:15 p.m.18 views

CVE-2020-15033

NeDi 1.9C is vulnerable to cross-site scripting XSS attack. The application allows an attacker to execute arbitrary JavaScript code via the snmpget.php ip parameter...

5.4CVSS0.00557EPSS
Exploits0References2
Prion
Prionadded 2020/07/07 3:15 p.m.17 views

Cross site scripting

NeDi 1.9C is vulnerable to cross-site scripting XSS attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Linked.php dv parameter...

3.5CVSS5.4AI score0.00545EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder