CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6892 matches found

NVD•added 2019/04/26 8:29 p.m.•14 views

CVE-2018-15582

Cross-Site Scripting XSS vulnerability in adm/smsadmin/numbookwrite.php and adm/smsadmin/numbookupdate.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML...

6.1CVSS6AI score0.01118EPSS

Exploits0References2

Prion•added 2019/04/23 6:29 p.m.•15 views

Cross site request forgery (csrf)

The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowing a remote attacker to inject arbitrary web script or HTML via the Referer header of a GET request...

4.3CVSS6.3AI score0.01391EPSS

Exploits0References2Affected Software1

OSV•added 2019/04/20 12:29 a.m.•16 views

CVE-2019-11359

Cross-site scripting XSS vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter...

6.1CVSS5.9AI score

Exploits0References1

NVD•added 2019/04/20 12:29 a.m.•19 views

CVE-2019-11359

Cross-site scripting XSS vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter...

6.1CVSS6.1AI score0.01095EPSS

Exploits1References1

Prion•added 2019/04/09 4:29 p.m.•11 views

Cross site scripting

Cross-site scripting vulnerability in the Discuss App of Odoo Community 12.0 and earlier, and Odoo Enterprise 12.0 and earlier allows remote attackers to inject arbitrary web script in the browser of an internal user of the system by tricking them into inviting a follower on a document with a...

4.3CVSS6AI score0.01004EPSS

Exploits0References1Affected Software1

Cvelist•added 2019/04/09 3:41 p.m.•14 views

CVE-2018-15635

5.9CVSS6.1AI score0.01004EPSS

Exploits0References1

Check Point Advisories•added 2019/04/03 12:0 a.m.•2 views

Google Search Closure JavaScript Library Cross-Site Scripting

A cross-site scripting vulnerability exists in Closure JavaScript library in Google search. Successful exploitation of this vulnerability could allow remote attackers to inject arbitrary web script into the affected system...

4.6AI score

Exploits0

Cvelist•added 2019/04/01 2:28 p.m.•25 views

CVE-2018-13293

Cross-site scripting XSS vulnerability in Control Panel SSO Settings in Synology DiskStation Manager DSM before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter...

5.9CVSS5.3AI score0.00818EPSS

Exploits0References1

Cvelist•added 2019/04/01 2:24 p.m.•23 views

CVE-2017-16774

Cross-site scripting XSS vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager DSM before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter...

6.5CVSS6AI score0.00825EPSS

Exploits0References1

Prion•added 2019/03/21 4:1 p.m.•7 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in the submitticket.php module in the WP Support Plus Responsive Ticket System plugin 9.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the subject parameter in...

4.3CVSS6AI score0.01662EPSS

Exploits1References3Affected Software1

Cvelist•added 2019/03/12 9:0 p.m.•16 views

CVE-2019-5925

Cross-site scripting vulnerability in Dradis Community Edition Dradis Community Edition v3.11 and earlier and Dradis Professional Edition v3.1.1 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors...

5.1AI score0.00835EPSS

Exploits0References2

Prion•added 2019/03/06 4:29 p.m.•13 views

Cross site scripting

A reflected Cross-site scripting XSS vulnerability in ShoreTel Connect ONSITE before 19.49.1500.0 allows remote attackers to inject arbitrary web script or HTML via the brandUrl parameter...

4.3CVSS6AI score0.05348EPSS

Exploits5References3Affected Software1

NVD•added 2019/03/06 4:29 p.m.•19 views

CVE-2019-9592

A reflected Cross-site scripting XSS vulnerability in ShoreTel Connect ONSITE 19.45.1602.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter...

6.1CVSS6.1AI score0.05304EPSS

Exploits5References3

CVE•added 2019/03/06 4:0 p.m.•55 views

CVE-2019-9592

CVE-2019-9592 affects ShoreTel Connect ONSITE 19.45.1602.0 with a reflected XSS via the url parameter in the signin flow. The root cause is improper handling of the url parameter allowing arbitrary script execution in the victim’s browser. Public references consistently cite the affected version ...

6.1CVSS6AI score0.05304EPSS

Exploits5References3Affected Software1

Cvelist•added 2019/03/06 4:0 p.m.•31 views

CVE-2019-9592

A reflected Cross-site scripting XSS vulnerability in ShoreTel Connect ONSITE 19.45.1602.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter...

6AI score0.05304EPSS

Exploits5References3

NVD•added 2019/02/22 4:29 p.m.•19 views

CVE-2019-9016

An XSS vulnerability was discovered in MOPCMS through 2018-11-30. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the formname parameter in a mod=column request, as demonstrated by the...

6.1CVSS6AI score0.01105EPSS

Exploits1References1

Check Point Advisories•added 2019/02/04 12:0 a.m.•4 views

Oracle Reports Developer Component Cross-site Scripting (CVE-2019-2413)

A cross-site scripting vulnerability exists in Oracle Reports component. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

5.8CVSS6AI score0.06466EPSS

Exploits5

Veracode•added 2019/01/15 9:7 a.m.•18 views

Cross-site Scripting (XSS)

python-django-horizon is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as the Orchestration/Stack section in OpenStack Dashboard Horizon 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the descriptio...

4.3CVSS5.1AI score0.02758EPSS

Exploits1References12Affected Software1

Prion•added 2019/01/13 12:29 a.m.•16 views

Cross site scripting

Cross-site scripting vulnerability in WordPress plugin spam-byebye 2.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.00952EPSS

Exploits0References2Affected Software1

Cvelist•added 2019/01/13 12:0 a.m.•19 views

CVE-2018-16206

Cross-site scripting vulnerability in WordPress plugin spam-byebye 2.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1AI score0.00952EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by