CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6892 matches found

Prion•added 2020/01/06 8:15 p.m.•15 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 gfm codeblocks language or 2 javascript url's...

4.3CVSS6AI score0.01715EPSS

Exploits0References4Affected Software1

NVD•added 2020/01/06 7:15 p.m.•26 views

CVE-2015-4039

Multiple cross-site scripting XSS vulnerabilities in the WP Membership plugin 1.2.3 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via unspecified 1 profile fields or 2 new post content. NOTE: CVE-2015-4038 can be used to bypass the administrator confirmatio...

5.4CVSS5.2AI score0.02793EPSS

Exploits2References4

Prion•added 2020/01/06 7:15 p.m.•21 views

Cross site scripting

3.5CVSS5.6AI score0.08311EPSS

Exploits5References4Affected Software1

Prion•added 2020/01/06 6:15 a.m.•16 views

Cross site scripting

DOM-based cross-site scripting vulnerability in Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote attackers to inject arbitrary web script or HTML via the Analysis Object Page...

4.3CVSS6.4AI score0.00797EPSS

Exploits1References2Affected Software1

Prion•added 2020/01/06 6:15 a.m.•17 views

Cross site scripting

Stored cross-site scripting vulnerability in Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote attackers to inject arbitrary web script or HTML via the Management Page...

4.3CVSS6.3AI score0.00797EPSS

Exploits1References2Affected Software1

Cvelist•added 2020/01/03 7:40 p.m.•16 views

CVE-2014-4196

Cross-site scripting XSS vulnerability in bsi.dll in Bank Soft Systems BSS RBS BS-Client 3.17.9 allows remote attackers to inject arbitrary web script or HTML via the colorstyle parameter...

6.1AI score0.00806EPSS

Exploits1References1

NVD•added 2020/01/03 5:15 p.m.•27 views

CVE-2012-4451

Multiple cross-site scripting XSS vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to 1 Debug, 2 Feed\PubSubHubbub, 3 Log\Formatter\Xml, 4 Tag\Cloud\Decorator, 5 Uri, 6 View\Helper\HeadStyle, 7...

6.1CVSS6.1AI score0.01367EPSS

Exploits0References8

CVE•added 2020/01/03 4:3 p.m.•126 views

CVE-2012-4451

Zend Framework 2.0.x (before 2.0.1) contains multiple XSS vulnerabilities related to Escaper, exploitable via input to components such as Debug, Feed\PubSubHubbub, Log\Formatter\Xml, Tag\Cloud\Decorator, Uri, View\Helper\HeadStyle, View\Helper\Navigation\Sitemap, and View\Helper\Placeholder\Conta...

6.1CVSS6AI score0.01367EPSS

Exploits0References8Affected Software1

Prion•added 2020/01/02 9:15 p.m.•20 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in GetSimple CMS before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 id parameter to backup-edit.php; 2 title or 3 menu parameter to edit.php; or 4 path or 5 returnid parameter to filebrowser.php in admin/. NOTE: t...

4.3CVSS5.8AI score0.01432EPSS

Exploits9References3Affected Software1

Prion•added 2020/01/02 8:15 p.m.•16 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Jomres comjomres component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to inject arbitrary web script or HTML via the propertyname parameter, related to editing property details...

3.5CVSS5.7AI score0.00971EPSS

Exploits1References3Affected Software1

Prion•added 2020/01/02 8:15 p.m.•9 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in index.php in Shaarli allow remote attackers to inject arbitrary web script or HTML via the URL to the 1 showRSS, 2 showATOM, or 3 showDailyRSS function; a 4 file name to the importFile function; or 5 vectors related to bookmarks...

4.3CVSS6AI score0.02212EPSS

Exploits1References5

NVD•added 2020/01/02 7:15 p.m.•14 views

CVE-2014-4553

Cross-site Scripting XSS in the spreadshirt-rss-3d-cube-flash-gallery plugin 2014 for WordPress allows remote attackers to execute arbitrary web script or HTML via unspecified parameters...

6.1CVSS6.3AI score0.01163EPSS

Exploits1References1

Prion•added 2020/01/02 7:15 p.m.•14 views

Cross site scripting

Cross-site Scripting XSS in the spreadshirt-rss-3d-cube-flash-gallery plugin 2014 for WordPress allows remote attackers to execute arbitrary web script or HTML via unspecified parameters...

4.3CVSS6.7AI score0.01163EPSS

Exploits1References1Affected Software1

Prion•added 2020/01/02 7:15 p.m.•17 views

Cross site scripting

Cross-site scripting XSS vulnerability in the frontend in Open-Xchange OX AppSuite 6.22.3 before 6.22.3-rev5 and 6.22.4 before 6.22.4-rev12 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. NOTE: the vulnerabilities related to the body of the email and th...

4.3CVSS6.2AI score0.01626EPSS

Exploits0References5Affected Software1

Prion•added 2020/01/02 7:15 p.m.•15 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7, and 4.3 through 4.3.2, allow remote attackers to inject arbitrary web script or HTML via unspecified input in the 1 browseridmanager or 2...

4.3CVSS6.1AI score0.01395EPSS

Exploits0References6Affected Software1

Prion•added 2020/01/02 7:15 p.m.•19 views

Cross site scripting

Cross-site scripting XSS vulnerability in the backend in Open-Xchange OX AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or HTML via the body of an email. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects...

4.3CVSS6AI score0.01626EPSS

Exploits0References5Affected Software1

Cvelist•added 2020/01/02 6:5 p.m.•30 views

CVE-2013-6242

6.3AI score0.01626EPSS

Exploits0References5

Prion•added 2019/12/27 8:15 p.m.•18 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php...

4.3CVSS6.3AI score0.03983EPSS

Exploits2References1Affected Software1

NVD•added 2019/12/27 7:15 p.m.•16 views

CVE-2014-4544

Cross-site scripting XSS vulnerability in the Podcast Channels plugin 0.20 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the Filename parameter to getid3/demos/demo.write.php...

6.1CVSS6.2AI score0.03779EPSS

Exploits1References1

Prion•added 2019/12/27 7:15 p.m.•9 views

Cross site scripting

Cross-site scripting XSS vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the apiurl parameter...

4.3CVSS6.3AI score0.04055EPSS

Exploits2References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by