CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7610 matches found

Prion•added 2023/09/27 3:19 p.m.•22 views

Cross site scripting

Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script...

5.8CVSS6.4AI score0.00234EPSS

Exploits0References2Affected Software1

CNNVD•added 2023/09/27 12:0 a.m.•2 views

Subrion Cross-Site Scripting Vulnerability

Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into websites and supports a variety of extensions plug-ins and more. A cross-site scripting vulnerability exists in Subrion v4.2.1, which originates from a cross-site scripting XSS...

5.4CVSS5.8AI score0.0027EPSS

Exploits1References2

Cvelist•added 2023/09/26 8:17 a.m.•21 views

CVE-2023-43484

Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script...

6.9AI score0.00234EPSS

Exploits0References2

Vulnrichment•added 2023/09/26 8:16 a.m.•7 views

CVE-2023-41962

Cross-site scripting vulnerability in Credit Card Payment Setup page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script in the page...

6.6AI score0.0032EPSS

Exploits0References2

Cvelist•added 2023/09/26 8:15 a.m.•16 views

CVE-2023-41233

Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script...

6.9AI score0.00235EPSS

Exploits0References2

OSV•added 2023/09/25 7:15 p.m.•6 views

CVE-2023-43319

Cross Site Scripting XSS vulnerability in the Sign-In page of IceWarp WebClient 10.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter...

6.1CVSS6AI score0.00335EPSS

Exploits0References1

CNNVD•added 2023/09/19 12:0 a.m.•3 views

WordPress plugin Leyka 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

4.8CVSS5.9AI score0.00196EPSS

Exploits2References2

NVD•added 2023/09/16 1:15 a.m.•11 views

CVE-2023-39777

A cross-site scripting XSS vulnerability in the Admin Control Panel of vBulletin 5.7.5 and 6.0.0 allows attackers to execute arbitrary web scripts or HTML via the /login.php?do=login url parameter...

5.4CVSS5.4AI score0.00143EPSS

Exploits1References1

CNNVD•added 2023/09/14 12:0 a.m.•2 views

Webmin Cross-Site Scripting Vulnerability

Webmin is a set of Web-based system administration tools for Unix-like operating systems from the Webmin community. A security vulnerability exists in Webmin version v2.100. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a specially crafted payload injected...

5.4CVSS6.7AI score0.00255EPSS

Exploits1References4

Prion•added 2023/09/13 7:15 p.m.•21 views

Cross site scripting

A stored Cross-site Scripting XSS vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to execute arbitrary script code...

4.9CVSS5.5AI score0.00139EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2023/09/13 6:22 p.m.•12 views

CVE-2023-3588 Stored Cross-site Scripting (XSS) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x

A stored Cross-site Scripting XSS vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to execute arbitrary script code...

5.4CVSS6.2AI score0.00139EPSS

Exploits0References1

Cvelist•added 2023/09/13 6:22 p.m.•17 views

CVE-2023-3588 Stored Cross-site Scripting (XSS) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x

A stored Cross-site Scripting XSS vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to execute arbitrary script code...

5.4CVSS5.6AI score0.00139EPSS

Exploits0References1

CNNVD•added 2023/09/12 12:0 a.m.•2 views

SAP NetWeaver AS 跨站脚本漏洞

SAP NetWeaver AS is a SAP network application server from SAP. It not only provides network services, but also the basic platform for SAP software. SAP NetWeaver AS ABAP cross-site scripting vulnerability, the vulnerability stems from the lack of effective filtering and escaping of user-supplied...

5.5CVSS6.4AI score0.00137EPSS

Exploits0References4

Positive Technologies•added 2023/09/11 12:0 a.m.•4 views

PT-2023-27988 · Unknown · Dairy Farm Shop Management System Using Php/Mysql

Name of the Vulnerable Software and Affected Versions: Dairy Farm Shop Management System Using PHP and MySQL version 1.1 Description: The issue allows attackers to execute arbitrary web scripts and HTML via a crafted payload injected into the Category and Category Field parameters. This enables t...

5.4CVSS6AI score0.00452EPSS

Exploits0References8

Zero Day Initiative•added 2023/09/08 12:0 a.m.•19 views

Visualware MyConnection Server doRTAAccessCTConfig Cross-Site Scripting Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Visualware MyConnection Server. Minimal user interaction is required to exploit this vulnerability. The specific flaw exists within the doRTAAccessCTConfig method. The issue results from the lack of...

8.8CVSS7.4AI score0.0037EPSS

Exploits0References1

Prion•added 2023/09/06 8:15 p.m.•18 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters...

5.8CVSS6AI score0.00227EPSS

Exploits1References2Affected Software1

OSV•added 2023/09/06 1:15 p.m.•2 views

CVE-2023-41150

F-RevoCRM 7.3 series prior to version7.3.8 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product...

5.4CVSS5.8AI score0.00319EPSS

Exploits0References2

Cvelist•added 2023/09/06 12:35 p.m.•16 views

CVE-2023-41150

6.5AI score0.00319EPSS

Exploits0References2

Positive Technologies•added 2023/09/06 12:0 a.m.•3 views

PT-2023-27994 · Csz Cms · Csz Cms

Name of the Vulnerable Software and Affected Versions: CSZ CMS version 1.3.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters in the install/index.php file. This enables the...

6.1CVSS6.8AI score0.00227EPSS

Exploits1References5

OSV•added 2023/09/05 10:15 a.m.•12 views

CVE-2023-36492

Reflected cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product...

6.1CVSS6.8AI score

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by