CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

670 matches found

Veracode•added 2019/07/25 5:48 a.m.•10 views

Cross-site Scripting (XSS)

http-file-server is vulnerable to cross-site scripting XSS attack. It is possible because it does not handle the file name input from the user, allowing a malicious user to inject arbitrary script though it...

5.4CVSS5.1AI score0.0014EPSS

Exploits1References1Affected Software1

Prion•added 2019/07/23 4:15 p.m.•16 views

Design/Logic Flaw

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board head contents" parameter, aka the adm/boardformupdate.php bomobilecontenthead parameter...

4.3CVSS6AI score0.00363EPSS

Exploits0References3Affected Software1

CNVD•added 2019/06/15 12:0 a.m.•1 views

Intelligent website management system has xss vulnerability

Intelligent website system is an intelligent website management system developed by Chongqing Xunmai Science and Technology Development Co. The Intelligent Website Management System has an xss vulnerability that can be exploited by attackers to inject arbitrary Web scripts or HTML...

7.1AI score

Exploits0

CNVD•added 2019/05/14 12:0 a.m.•2 views

XSS Vulnerability at JEESNS Groups

JEESNS is an open source social management system developed on the JAVA enterprise level platform. JEESNS groups at the existence of an XSS vulnerability can be exploited by an attacker to inject arbitrary Web script or HTML...

6.3AI score

Exploits0

CNVD•added 2019/05/14 12:0 a.m.•2 views

XSS Vulnerability at JEESNS Articles

JEESNS is an open source social management system developed on the JAVA enterprise level platform. JEESNS articles at the existence of XSS vulnerability , an attacker can exploit the vulnerability to inject arbitrary Web script or HTML...

6.3AI score

Exploits0

CNVD•added 2019/05/14 12:0 a.m.•1 views

WellCMS X has an xss vulnerability

WellCMS X is a mobile-oriented content management product. An xss vulnerability exists in WellCMS X, which can be exploited to inject arbitrary web script or HTML...

6.8AI score

Exploits0

CNVD•added 2019/05/06 12:0 a.m.•4 views

HumHub Cross-Site Scripting Vulnerability (CNVD-2019-13252)

Humhub is an open source PHP-based social networking system. A cross-site scripting vulnerability exists in HumHub version 1.3.12, which can be exploited by an attacker to inject arbitrary Web script or HTML...

6.1CVSS6.3AI score0.01718EPSS

Exploits5References1

CNVD•added 2019/04/16 12:0 a.m.•1 views

iCMS has an xss vulnerability

iCMS is a content management system CMS built with PHP and MySQL databases. iCMS suffers from an xss vulnerability that can be exploited by attackers to inject arbitrary web script or HTML...

6.7AI score

Exploits0

OSV•added 2019/04/01 3:29 p.m.•2 views

CVE-2017-16774

Cross-site scripting XSS vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager DSM before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter...

5.4CVSS5.9AI score0.00187EPSS

Exploits0References1

CNVD•added 2019/03/29 12:0 a.m.•2 views

Total.js CMS Cross-Site Scripting Vulnerability

Total.js CMS is a content management system CMS based on a NoSQL database. A cross-site scripting vulnerability exists in Total.js CMS version 12.0.0. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

6.1CVSS6.2AI score0.00328EPSS

Exploits0References1

OSV•added 2019/03/12 10:29 p.m.•1 views

CVE-2019-5925

Cross-site scripting vulnerability in Dradis Community Edition Dradis Community Edition v3.11 and earlier and Dradis Professional Edition v3.1.1 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors...

5.4CVSS6AI score

Exploits0References2

NVD•added 2019/01/09 11:29 p.m.•8 views

CVE-2018-16181

HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors...

6.1CVSS6.3AI score0.00272EPSS

Exploits0References2

Prion•added 2019/01/09 11:29 p.m.•10 views

Design/Logic Flaw

5.8CVSS6.3AI score0.00272EPSS

Exploits0References2Affected Software1

Prion•added 2019/01/09 11:29 p.m.•14 views

Cross site scripting

Cross-site scripting vulnerability in Google XML Sitemaps Version 4.0.9 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS4.5AI score0.0015EPSS

Exploits0References2Affected Software1

Cvelist•added 2019/01/09 10:0 p.m.•9 views

CVE-2018-16181

6.3AI score0.00272EPSS

Exploits0References2

CVE•added 2019/01/09 10:0 p.m.•42 views

CVE-2018-16181

Summary: CVE-2018-16181 is an HTTP header injection vulnerability in Digital Arts i-FILTER (Ver. 9.50R05 and earlier) that can enable remote attackers to inject headers and trigger HTTP response splitting, potentially causing arbitrary script execution or cookie manipulation. Affected software: i...

6.1CVSS6.2AI score0.00272EPSS

Exploits0References2Affected Software1

Prion•added 2019/01/03 7:29 p.m.•13 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" POST or "town" POST parameter to user/card.php...

3.5CVSS5AI score0.00132EPSS

Exploits0References2Affected Software1

CNVD•added 2018/12/29 12:0 a.m.•1 views

DouCo DouPHP Cross-Site Scripting Vulnerability (CNVD-2019-01001)

DouCo DouPHP is a lightweight open source CMS Content Management System based on PHP and MySQL. A cross-site scripting vulnerability exists in admin/mobile.php?rec=system&act=update in DouCo DouPHP version 1.5 20181221. A remote attacker can exploit this vulnerability to inject arbitrary web scri...

4.8CVSS6AI score0.00235EPSS

Exploits1References1

CNVD•added 2018/12/24 12:0 a.m.•2 views

Chamilo LMS Cross-Site Scripting Vulnerability (CNVD-2018-26468)

Chamilo LMS is an open source online learning and collaboration system developed by the Chamilo Association. The system supports the creation of instructional content, distance training and online question and answer sessions. A cross-site scripting vulnerability exists in the...

5.4CVSS6.2AI score0.00191EPSS

Exploits0References1

CNVD•added 2018/10/16 12:0 a.m.•4 views

Camaleon CMS Cross-Site Scripting Vulnerability

Camaleon CMS is an advanced dynamic content management system CMS based on Ruby on Rails. A cross-site scripting vulnerability exists in Camaleon CMS version 2.4. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

6.1CVSS5.9AI score0.00211EPSS

Exploits2References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by