Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6892 matches found

NVD
NVDadded 2017/12/28 3:29 p.m.14 views

CVE-2017-15892

Multiple cross-site scripting XSS vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via 1 COMMAND, 2 COMMANDS INSTRUCTION, or 3 DESCRIPTION parameter...

5.4CVSS5.3AI score0.01009EPSS
Exploits0References1
Prion
Prionadded 2017/12/27 7:29 p.m.12 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in helpers/comment.php in the StackIdeas Komento comkomento component before 2.0.5 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the 1 img or 2 url tag of a new comment...

4.3CVSS6AI score0.01777EPSS
Exploits3References3Affected Software1
NVD
NVDadded 2017/12/27 7:29 p.m.19 views

CVE-2015-7324

Multiple cross-site scripting XSS vulnerabilities in helpers/comment.php in the StackIdeas Komento comkomento component before 2.0.5 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the 1 img or 2 url tag of a new comment...

6.1CVSS6.1AI score0.01777EPSS
Exploits3References3
Prion
Prionadded 2017/12/22 2:29 p.m.22 views

Improper access control

An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager DSM before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option...

6.4CVSS6.2AI score0.00743EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2017/12/20 10:0 p.m.13 views

CVE-2011-4955

Multiple cross-site scripting XSS vulnerabilities in uistats.php in the bSuite plugin before 5 alpha 3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 s or 2 p parameters to index.php...

6.2AI score0.0181EPSS
Exploits0References6
Packet Storm
Packet Stormadded 2017/12/20 12:0 a.m.68 views

WordPress Concours 1.1 Cross Site Scripting

Product: WordPress Concours Plugin - https://wordpress.org/plugins/wp-concours/ Vendor: Olyos Tested version: 1.1 CVE ID: CVE-2017-17719 CVE description A cross-site scripting XSS vulnerability in the wp-concours plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web...

6.4AI score0.00938EPSS
Exploits3
0day.today
0day.todayadded 2017/12/20 12:0 a.m.54 views

WordPress Custom Map 1.1 Cross Site Scripting Vulnerability

WordPress Custom Map plugin version 1.1 suffers from a cross site scripting vulnerability. Product: Custom Map WordPress Plugin - https://wordpress.org/plugins/custom-map/ Vendor: webdesi9 Tested version: 1.1 CVE ID: CVE-2017-17744 CVE description A cross-site scripting XSS vulnerability in the...

4.3CVSS6.2AI score0.00938EPSS
Exploits3
Prion
Prionadded 2017/12/19 8:29 p.m.14 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the esb-csv-import-export plugin through 1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 cietype, 2 cieimport, 3 cieupdate, or 4 cieignore parameter to includes/admin/views/esb-cie-import-export-page.ph...

4.3CVSS6.1AI score0.00845EPSS
Exploits2References1Affected Software1
Prion
Prionadded 2017/12/19 8:29 p.m.19 views

Cross site scripting

A cross-site scripting XSS vulnerability in the wp-concours plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the resultmessage parameter to includes/concourspage.php...

4.3CVSS6AI score0.00938EPSS
Exploits3References2Affected Software1
NVD
NVDadded 2017/12/19 8:29 p.m.30 views

CVE-2017-17753

Multiple cross-site scripting XSS vulnerabilities in the esb-csv-import-export plugin through 1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 cietype, 2 cieimport, 3 cieupdate, or 4 cieignore parameter to includes/admin/views/esb-cie-import-export-page.ph...

6.1CVSS6.2AI score0.00845EPSS
Exploits2References1
NVD
NVDadded 2017/12/19 8:29 p.m.25 views

CVE-2017-17719

A cross-site scripting XSS vulnerability in the wp-concours plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the resultmessage parameter to includes/concourspage.php...

6.1CVSS6AI score0.00938EPSS
Exploits3References2
NVD
NVDadded 2017/12/19 7:29 p.m.16 views

CVE-2013-6465

Multiple cross-site scripting XSS vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs...

5.4CVSS5.1AI score0.01056EPSS
Exploits0References3
NVD
NVDadded 2017/12/17 5:29 a.m.21 views

CVE-2017-16950

Cross - site scripting XSS vulnerability in UrBackup Server before 2.1.20 allows remote attackers to inject arbitrary web script or HTML via the action parameter...

6.1CVSS6.1AI score0.00765EPSS
Exploits0References2
Prion
Prionadded 2017/12/15 3:29 p.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter...

3.5CVSS4.7AI score0.00774EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2017/12/11 2:0 a.m.16 views

CVE-2017-16789

Cross-site scripting XSS vulnerability in Integration Matters nJAMS 3 before 3.2.0 Hotfix 7, as used in TIBCO BusinessWorks Process Monitor through 3.0.1.3 and other products, allows remote authenticated administrators to inject arbitrary web script or HTML via the users management panel of the w...

4.9AI score0.00786EPSS
Exploits0References3
Veracode
Veracodeadded 2017/12/04 7:47 a.m.8 views

Cross-Site Scripting (XSS)

dulwich is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as the service name is not properly sanitized, allowing a malicious user to inject and execute arbitrary web script...

6AI score
Exploits0
OSV
OSVadded 2017/11/29 11:19 p.m.14 views

GHSA-X7P2-X2J6-MWHR Gemirro Stored XSS in Gemspec "homepage" value

Stored cross-site scripting XSS vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the "homepage" value of a ".gemspec" file. A ".gemspec" file must be created with a JavaScript URL in the homepage value. This can be used to bui...

6.1CVSS5.8AI score0.00814EPSS
Exploits0References4
Prion
Prionadded 2017/11/29 7:29 p.m.15 views

Cross site scripting

A Cross-site Scripting XSS vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or HTML in the context of the victim's browser via the login redir parameter. An URL Redirection attack...

3.5CVSS5.2AI score0.03718EPSS
Exploits2References3Affected Software1
Cvelist
Cvelistadded 2017/11/29 7:0 p.m.26 views

CVE-2017-14186

A Cross-site Scripting XSS vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or HTML in the context of the victim's browser via the login redir parameter. An URL Redirection attack...

5.2AI score0.03718EPSS
Exploits2References3
OSV
OSVadded 2017/11/27 7:29 p.m.12 views

CVE-2017-15051

Multiple stored cross-site scripting XSS vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the 1 URL value of an item or 2 user log history. To exploit the vulnerability, the attacker must be first authenticated to the...

5.4CVSS5.1AI score
Exploits0References2
Rows per page
Query Builder