CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2049 matches found

NVD•added 2024/07/10 7:15 a.m.•23 views

CVE-2024-36453

Cross-site scripting vulnerability exists in sessionlogin.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a...

6.1CVSS0.004EPSS

Exploits0References3

OSV•added 2024/07/10 7:15 a.m.•22 views

CVE-2024-36450

Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a session ID may be obtained, a webpage may b...

5.4CVSS6.4AI score

Exploits0References2

Vulnrichment•added 2024/07/10 7:2 a.m.•20 views

CVE-2024-36453

6.2AI score0.004EPSS

Exploits0References3

OSV•added 2024/07/09 6:15 p.m.•15 views

CVE-2024-40738

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/id/edit/...

6.1CVSS5.7AI score

Exploits0References1

Vulnrichment•added 2024/07/09 12:0 a.m.•13 views

CVE-2024-40740

5.8AI score0.00398EPSS

Exploits1References1

CVE•added 2024/07/09 12:0 a.m.•61 views

CVE-2024-40736

NetBox v4.0.3 is affected by an XSS vulnerability in the /dcim/power-outlets/add endpoint where user-supplied data in the Name parameter can be used to inject arbitrary HTML/JS. The root cause is insufficient filtering/escaping of input in that field, enabling attacker-controlled payloads to exec...

6.1CVSS5.6AI score0.00353EPSS

Exploits1References1Affected Software1

Cvelist•added 2024/07/09 12:0 a.m.•28 views

CVE-2024-40736

0.00353EPSS

Exploits1References1

NVD•added 2024/07/08 4:15 p.m.•17 views

CVE-2024-39203

A cross-site scripting XSS vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

6.1CVSS0.00683EPSS

Exploits1References1

Hacker One•added 2024/07/05 10:42 a.m.•3 views

Mars: Reflected HTML Injection via contact (faq) search parameter on ██████████

The report describes a reflected HTML injection vulnerability in the contact faq search parameter on the ██████████. A specific HTML payload entered into this parameter was reflected back in the response without proper sanitization, allowing for the execution of arbitrary HTML and potentially...

7.5AI score

Exploits0

Positive Technologies•added 2024/07/05 12:0 a.m.•3 views

PT-2024-28378 · Yzmcms · Yzmcms

Name of the Vulnerable Software and Affected Versions: yzmcms version 7.1 Description: A cross-site scripting XSS vulnerability in the Publish Article function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a published article. Recommendations: For...

6.1CVSS5.2AI score0.00292EPSS

Exploits1References8

CNNVD•added 2024/06/26 12:0 a.m.•1 views

LumisXP Security Vulnerability

LumisXP is a cloud-based digital experience software from Lumis Inc. It helps users gain insight into various website, blog and landing page metrics on a unified platform. A security vulnerability exists in LumisXP versions v15.0.x through v16.1.x. An attacker can exploit the vulnerability to...

6.1CVSS6.8AI score0.00448EPSS

Exploits1References2

CNNVD•added 2024/06/26 12:0 a.m.•1 views

LumisXP Security Vulnerability

LumisXP is a cloud-based digital experience software from Lumis Inc. It helps users gain insight into various website, blog and landing page metrics on a unified platform. A security vulnerability exists in LumisXP version v15.0.x through v16.1.x. An attacker can exploit the vulnerability to...

6.1CVSS6.8AI score0.00406EPSS

Exploits1References2

OSV•added 2024/06/25 12:15 p.m.•12 views

CVE-2024-28832

Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2.0.0 EOL allows users with permission to change Global Settings to execute arbitrary scripts by injecting HTML elements into the Crash Report URL in the Global Settings...

4.8CVSS6.1AI score

Exploits0References1

CNVD•added 2024/06/18 12:0 a.m.•10 views

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2024-30055)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS7AI score0.00717EPSS

Exploits0References1

CNVD•added 2024/06/18 12:0 a.m.•5 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-36367)

5.4CVSS7AI score0.00534EPSS

Exploits0References1

CNVD•added 2024/06/18 12:0 a.m.•5 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-36363)

5.4CVSS7AI score0.00676EPSS

Exploits0References1

CNVD•added 2024/06/18 12:0 a.m.•6 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-35198)