CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6892 matches found

Prion•added 2018/05/14 1:29 p.m.•16 views

Cross site scripting

Cross-site scripting vulnerability in PixelYourSite plugin prior to version 5.3.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.3AI score0.00766EPSS

Exploits0References2Affected Software1

Cvelist•added 2018/05/14 1:0 p.m.•13 views

CVE-2018-0576

Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.4AI score0.01517EPSS

Exploits0References3

Cvelist•added 2018/05/14 1:0 p.m.•13 views

CVE-2018-0579

Cross-site scripting vulnerability in Open Graph for Facebook, Google+ and Twitter Card Tags plugin prior to version 2.2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1AI score0.01085EPSS

Exploits1References2

Cvelist•added 2018/05/14 1:0 p.m.•19 views

CVE-2018-0577

Cross-site scripting vulnerability in WP Google Map Plugin prior to version 4.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.4AI score0.01066EPSS

Exploits0References3

NVD•added 2018/05/10 2:29 p.m.•27 views

CVE-2018-10803

Cross-site scripting XSS vulnerability in the add credentials functionality in Zoho ManageEngine NetFlow Analyzer v12.3 before 12.3.125 build 123125 allows remote attackers to inject arbitrary web script or HTML via a crafted description value. This can be exploited through CSRF...

6.1CVSS6AI score0.00719EPSS

Exploits0References2

Cvelist•added 2018/05/10 2:0 p.m.•22 views

CVE-2018-10803

6AI score0.00719EPSS

Exploits0References2

Prion•added 2018/05/10 1:29 p.m.•12 views

Cross site scripting

Cross-site scripting XSS vulnerability in Attachment Preview in Synology Drive before 1.0.1-10253 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments...

3.5CVSS5.1AI score0.00803EPSS

Exploits0References1Affected Software1

Prion•added 2018/05/10 3:29 a.m.•16 views

Cross site scripting

Cross-site scripting XSS vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover - Audit Scripts - List Scripts - Download section...

3.5CVSS5.3AI score0.01867EPSS

Exploits5References2Affected Software1

Cvelist•added 2018/05/10 3:0 a.m.•30 views

CVE-2018-10314

5.3AI score0.01867EPSS

Exploits5References2

Prion•added 2018/05/09 1:29 p.m.•16 views

Cross site scripting

Cross-site scripting XSS vulnerability in SYNO.NoteStation.Note in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via the commitmsg parameter...

3.5CVSS5.1AI score0.01029EPSS

Exploits0References1Affected Software1

Prion•added 2018/05/03 6:29 p.m.•16 views

Cross site scripting

Stored Cross-site scripting XSS vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4Windows/2.6.0Windows allows authenticated attackers to inject arbitrary web script or HTML via the userName parameter in the local user creation functionality. This is fixed in version...

3.5CVSS5.4AI score0.00607EPSS

Exploits3References2Affected Software1

Cvelist•added 2018/04/30 5:0 p.m.•20 views

CVE-2018-10571

Multiple reflected cross-site scripting XSS vulnerabilities in OpenEMR before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the 1 patient parameter to interface/main/finder/findernavigation.php; 2 key parameter to interface/billing/getclaimfile.php; 3 formid or 4 formseq...

6.6AI score0.01528EPSS

Exploits0References5

Prion•added 2018/04/30 1:29 p.m.•16 views

Cross site scripting

Cross-site scripting XSS vulnerability in QNAP QTS 4.3.3 build 20180126, QTS 4.3.4 build 20180315, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML...

4.3CVSS6.1AI score0.00899EPSS

Exploits0References2Affected Software1

Prion•added 2018/04/24 2:29 a.m.•15 views

Cross site scripting

A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tagpinyin parameter to the /index.php?m=tags&f=index&v=add URI...

4.3CVSS5.9AI score0.02582EPSS

Exploits5References2Affected Software1

OSV•added 2018/04/24 2:29 a.m.•14 views

CVE-2018-10311

6.1CVSS6.1AI score

Exploits0References2

Cvelist•added 2018/04/24 2:0 a.m.•28 views

CVE-2018-10311

6AI score0.02582EPSS

Exploits5References2

Prion•added 2018/04/23 6:29 p.m.•25 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 Premium for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in a comment on an Instagram post...

4.3CVSS6.1AI score0.00957EPSS

Exploits2References2Affected Software1

NVD•added 2018/04/23 6:29 p.m.•25 views

CVE-2018-10301

6.1CVSS6.1AI score0.00957EPSS

Exploits2References2

Prion•added 2018/04/20 9:29 p.m.•12 views

Cross site scripting

Cross-site scripting XSS vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a server description...

3.5CVSS5.1AI score0.02071EPSS

Exploits5References2Affected Software1

Prion•added 2018/04/19 5:29 p.m.•17 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Enhanced Image aka image2 plugin for CKEditor in versions 4.5.10 through 4.9.1; fixed in 4.9.2, as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, allows remote attackers to inject arbitrary web script through a crafted IMG...

4.3CVSS6AI score0.0178EPSS

Exploits0References4Affected Software2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by