CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

670 matches found

Cvelist•added 2016/01/08 9:0 p.m.•19 views

CVE-2014-6444

Multiple cross-site scripting XSS vulnerabilities in the Titan Framework plugin before 1.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 t parameter to iframe-googlefont-preview.php or the 2 text parameter to iframe-font-preview.php...

6.2AI score0.0034EPSS

Exploits0References2

Prion•added 2015/12/17 7:59 p.m.•15 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via 1 global parameters, 2 smart class parameters, or 3 smart variables in the a host or b hostgroup edit forms...

4.3CVSS5.9AI score0.00256EPSS

Exploits0References4Affected Software1

Prion•added 2015/12/15 9:59 p.m.•6 views

Cross site scripting

Cross-site scripting XSS vulnerability in synnefoclient in Synnefo Internet Management Software IMS 2015 allows remote attackers to inject arbitrary web script or HTML via the planname parameter to packagehistory/listusagesdata...

4.3CVSS6.1AI score0.00254EPSS

Exploits2References3Affected Software1

CNVD•added 2015/10/13 12:0 a.m.•4 views

Dojo Toolkit Cross-Site Scripting Vulnerability

Dojo Toolkit is the Dojo Foundation a JavaScript language implementation of open source DHTML toolkit . A cross-site scripting vulnerability exists in versions of Dojo Toolkit prior to 1.2. A remote attacker can exploit this vulnerability to inject arbitrary Web script or HTML...

4.3CVSS6.2AI score0.00297EPSS

Exploits0References1

Prion•added 2015/09/29 7:59 p.m.•17 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in X2Engine X2CRM before 5.0.9 allow remote attackers to inject arbitrary web script or HTML via the 1 version parameter in protected/views/admin/formEditor.php; the 2 importId parameter in protected/views/admin/rollbackImport.php; the 3 bc, 4 fg,...

4.3CVSS6.1AI score0.00305EPSS

Exploits2References5Affected Software1

Cvelist•added 2015/09/29 7:0 p.m.•27 views

CVE-2015-7320

Multiple cross-site scripting XSS vulnerabilities in cpabcappointmentsadminintbookingslist.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.8AI score0.00225EPSS

Exploits2References5

NVD•added 2015/09/11 8:59 p.m.•10 views

CVE-2015-6921

Cross-site scripting XSS vulnerability in the Zendesk Feedback Tab module 7.x-1.x before 7.x-1.1 for Drupal allows remote administrators with the "Configure Zendesk Feedback Tab" permission to inject arbitrary web script or HTML via unspecified vectors...

2.6CVSS5.7AI score0.00316EPSS

Exploits0References2

CVE•added 2015/09/11 3:0 p.m.•87 views

CVE-2015-6584

CVE-2015-6584 is a cross-site scripting (XSS) vulnerability in the DataTables jQuery plugin (1.10.8 and earlier). The issue allows remote attackers to inject arbitrary script/HTML via the scripts parameter in media/unit_testing/templates/6776.php. Affected product: DataTables jQuery plugin (versi...

4.3CVSS5.7AI score0.00238EPSS

Exploits2References4Affected Software1

OSV•added 2015/09/01 2:59 p.m.•5 views

CVE-2015-6730

Cross-site scripting XSS vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to "ForeignAPI images."...

5.7AI score

Exploits0References6

CNVD•added 2015/08/21 12:0 a.m.•1 views

Electric Sheep Fencing pfsense cross-site scripting vulnerability (CNVD-2015-05674)

Electric Sheep Fencing pfsense is a free and open source FreeBSD-based firewall and router software from Electric Sheep Fencing. A cross-site scripting vulnerability exists in Electric Sheep Fencing pfSense versions prior to 2.2.3, which stems from the servicesntpd.php script not adequately...

4.3CVSS6.1AI score0.00087EPSS

Exploits0References1

Patchstack•added 2015/07/16 12:0 a.m.•33 views

WordPress qTranslate Plugin <= 2.5.39 - XSS

This vulnerability allows an attacker to inject arbitrary web script or HTML via the "edit" parameter. Solution Update the plugin...

4.3CVSS2.2AI score0.0027EPSS

Exploits3References1Affected Software1

NVD•added 2015/05/29 2:59 p.m.•6 views

CVE-2015-3904

Multiple cross-site scripting XSS vulnerabilities in roomcloud.php in the Roomcloud plugin before 1.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 pin, 2 startday, 3 startmonth, 4 startyear, 5 endday, 6 endmonth, 7 endyear, 8 lang, 9 adults, or 10 children...

4.3CVSS5.9AI score0.00606EPSS

Exploits1References5

NVD•added 2015/05/20 6:59 p.m.•19 views

CVE-2012-1664

Multiple cross-site scripting XSS vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the 1 username parameter in a process action to admin/login.php; 2 pageTitle, 3 currentproductid, or 4 cPath parameter to...

4.3CVSS5.7AI score0.00979EPSS

Exploits2References14

Prion•added 2015/05/15 6:59 p.m.•18 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via the 1 bannedword parameter to index.php/dashboard/system/conversations/bannedwords/success, 2 channel parameter to index.php/dashboard/reports/logs/view, 3...

4.3CVSS6AI score0.00393EPSS

Exploits2References6Affected Software1

Cvelist•added 2015/05/15 6:0 p.m.•22 views

CVE-2015-2250

5.7AI score0.00393EPSS

Exploits2References6

NVD•added 2015/04/14 2:59 p.m.•22 views

CVE-2014-9146

Multiple cross-site scripting XSS vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to inject arbitrary web script or HTML via the 1 view, 2 id, 3 page, or 4 app parameter to the default URI or the 5 act parameter to dapur/index.php...

4.3CVSS5.7AI score0.00434EPSS

Exploits5References1

NVD•added 2015/04/06 3:59 p.m.•11 views

CVE-2015-2165

Multiple cross-site scripting XSS vulnerabilities in the Report Viewer in Ericsson Drutt Mobile Service Delivery Platform MSDP 4.x, 5.x, and 6.x allow remote attackers to inject arbitrary web script or HTML via the 1 portal, 2 fromDate, 3 toDate, 4 fromTime, 5 toTime, 6 kword, 7 uname, 8 pname, 9...

4.3CVSS5.8AI score0.00284EPSS

Exploits2References2

CNVD•added 2015/04/01 12:0 a.m.•1 views

WordPress duwasai flashy theme cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. duwasai flashy is one of the Chinese theme. A cross-site scripting vulnerability exists in WordPress duwasai flas...

4.3CVSS6AI score0.00437EPSS

Exploits0References1

Prion•added 2015/03/10 2:59 p.m.•9 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Ultimate PHP Board aka myUPB before 2.2.8 allow remote attackers to inject arbitrary web script or HTML via the 1 q parameter to search.php or 2 avatar parameter to profile.php...

4.3CVSS6.1AI score0.00295EPSS

Exploits3References5Affected Software1

Patchstack•added 2015/03/05 12:0 a.m.•23 views

WordPress Ninja Forms Plugin <= 2.8.8 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the "ninjaformsfield1" parameter in a ninjaformsajaxsubmit action to wp-admin/admin-ajax.php. Also, multiple cross site scripting vulnerabilities allow the administrators to inject arbitrary web script or...

4.3CVSS3.2AI score0.00198EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by