CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3290 matches found

Exploit DB•added 2017/05/25 12:0 a.m.•35 views

Apple WebKit / Safari 10.0.3(12602.4.8) - 'Editor::Command::execute' Universal Cross-Site Scripting

7.4AI score

Exploits0

Prion•added 2017/05/22 8:29 p.m.•14 views

Cross site scripting

IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125732...

3.5CVSS5.2AI score0.00516EPSS

Exploits0References2Affected Software1

Veracode•added 2017/05/09 2:55 a.m.•21 views

Cross-Site Scripting (XSS)

atlas-dashboardv2 is vulnerable to cross-site scripting XSS attacks. The library does not sanitize the user input in the edit-tag function, allowing a malicious user to inject and execute arbitrary javascript...

6.1CVSS5.9AI score0.01919EPSS

Exploits0References5Affected Software1

Veracode•added 2017/05/09 2:29 a.m.•21 views

Cross-Site Scripting (XSS)

atlas-dashboardv2 is vulnerable to reflected cross-site scripting XSS attacks. The search function does not sanitize the search queries that are passed to the application, allowing a malicious user to inject and execute arbitrary javascript...

6.1CVSS6AI score0.01955EPSS

Exploits0References3Affected Software1

Veracode•added 2017/05/09 1:53 a.m.•15 views

Cross Frame Scripting

atlas-dashboardv2 is vulnerable to cross frame scripting. The library allows the use of external frames on the index page, allowing a malicious user to inject and execute arbitrary javascript via an iframe...

6.1CVSS6.4AI score0.01812EPSS

Exploits0References3Affected Software1

Japan Vulnerability Notes•added 2017/05/09 12:0 a.m.•60 views

JVN#87760109: Nessus vulnerable to cross-site scripting

Nessus provided by Tenable Network Security, Inc. contains a stored cross-site scripting vulnerability CVE-2017-2122. An authenticated user may store crafted contents to Nessus. According to the developer, another stored cross-site scripting vulnerability CVE-2017-5179 was found and fixed in Ness...

5.4CVSS5.2AI score0.01242EPSS

Exploits0

OSV•added 2017/04/20 9:59 p.m.•2 views

CVE-2016-9980

IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...

5.4CVSS5.4AI score0.00619EPSS

Exploits0References2

NVD•added 2017/04/11 7:59 p.m.•21 views

CVE-2015-7893

SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript...

8.8CVSS8.9AI score0.07377EPSS

Exploits2References5

Cvelist•added 2017/04/11 7:0 p.m.•24 views

CVE-2015-7893

SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript...

8.5AI score0.07377EPSS

Exploits2References5

OSV•added 2017/04/05 6:59 p.m.•1 views

CVE-2016-3031

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference : 1998887...

5.4CVSS5.4AI score0.00516EPSS

Exploits0References2

OSV•added 2017/03/31 6:59 p.m.•2 views

CVE-2016-9990

IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference : 1998824...

6.1CVSS5.4AI score0.01254EPSS

Exploits0References3

NVD•added 2017/03/10 12:59 a.m.•21 views

CVE-2017-6797

A cross-site scripting XSS vulnerability in bugchangestatuspage.php in MantisBT before 1.3.7 and 2.x before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'actiontype' parameter...

6.1CVSS5.9AI score0.02289EPSS

Exploits1References6

Cvelist•added 2017/03/10 12:0 a.m.•18 views

CVE-2017-6797

5.9AI score0.02289EPSS

Exploits1References6

Veracode•added 2017/03/09 4:36 a.m.•15 views

Stored Cross-Site Scripting (XSS)

Apache Ranger is vulnerable to stored cross-site scripting XSS attacks. When entering custom policy conditions, admin users can store some arbitrary javascript code to be executed when normal users login and access policies...

4.8CVSS5.2AI score0.02133EPSS

Exploits0References2Affected Software1

exploitpack•added 2017/03/08 12:0 a.m.•30 views

ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Cross-Site Scripting

ASUSWRT RT-AC53 3.0.0.4.380.6038 - Cross-Site Scripting Cross-Site Scripting XSS Component: httpd CVE: CVE-2017-6547 Vulnerability: httpd checks in the function handlerequest if the requested file name is longer than 50 chars. It then responds with a redirection which allows an attacker to inject...

4.3CVSS0.01701EPSS

Exploits5

OSV•added 2017/03/01 9:59 p.m.•2 views

CVE-2016-5932

IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference : 1998294...

5.4CVSS5.4AI score0.00516EPSS

Exploits0References2

OSV•added 2017/02/08 7:59 p.m.•1 views

CVE-2017-1128

IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.4CVSS5.4AI score

Exploits0References2

OSV•added 2017/02/01 10:59 p.m.•3 views

CVE-2016-5942

IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.4CVSS5.5AI score0.00553EPSS

Exploits0References2

Prion•added 2017/02/01 10:59 p.m.•10 views

Cross site scripting

IBM Infosphere BigInsights is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

3.5CVSS6.4AI score0.00538EPSS

Exploits0References2Affected Software1

OSV•added 2017/02/01 10:59 p.m.•1 views

CVE-2016-5940

5.4CVSS5.5AI score0.00538EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by