CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6892 matches found

Cvelist•added 2017/11/27 7:0 p.m.•31 views

CVE-2017-15051

Multiple stored cross-site scripting XSS vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the 1 URL value of an item or 2 user log history. To exploit the vulnerability, the attacker must be first authenticated to the...

5.6AI score0.00955EPSS

Exploits1References2

Prion•added 2017/11/22 5:29 p.m.•16 views

Cross site scripting

A stored Cross-site Scripting XSS vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and earlier, allows attackers to inject arbitrary web script or HTML via special crafted malicious certificate import...

3.5CVSS5.2AI score0.00331EPSS

Exploits0References2Affected Software1

Cvelist•added 2017/11/22 5:0 p.m.•28 views

CVE-2017-7736

5.2AI score0.00331EPSS

Exploits0References2

OpenVAS•added 2017/11/21 12:0 a.m.•24 views

Octopus Deploy XSS Vulnerability

Cross-site scripting XSS vulnerability in the All Variables tab in Octopus Deploy allows remote attackers to inject arbitrary web script or HTML via the Variable Set Name parameter. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and...

5.4CVSS5.4AI score0.00779EPSS

Exploits1References1

Prion•added 2017/11/14 5:29 p.m.•14 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Kodak InSite 6.5 to 8.0 allow remote attackers to inject arbitrary web script via the 1 "paramFile" parameter to /Site/Troubleshooting/DiagnosticReport.asp, or 2 "paramFile" parameter to /Site/Troubleshooting/SpeedTest.asp...

4.3CVSS6.1AI score0.00888EPSS

Exploits1References1Affected Software1

Cvelist•added 2017/11/14 5:0 p.m.•13 views

CVE-2017-9085

6.2AI score0.00888EPSS

Exploits1References1

NVD•added 2017/11/14 3:29 a.m.•14 views

CVE-2017-16810

Cross-site scripting XSS vulnerability in the All Variables tab in Octopus Deploy 3.4.0-3.13.6 fixed in 3.13.7 allows remote attackers to inject arbitrary web script or HTML via the Variable Set Name parameter...

5.4CVSS5.4AI score0.00779EPSS

Exploits1References1

Prion•added 2017/11/13 2:29 p.m.•14 views

Cross site scripting

A reflected Cross-site Scripting XSS vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously craft...

4.3CVSS6AI score0.01076EPSS

Exploits0References3Affected Software1

Prion•added 2017/11/13 9:29 a.m.•14 views

Cross site scripting

Stored cross-site scripting XSS vulnerability in "geminabox" Gem in a Box before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb...

4.3CVSS5.8AI score0.01084EPSS

Exploits0References3Affected Software1

NVD•added 2017/11/13 9:29 a.m.•15 views

CVE-2017-16801

Cross-site scripting XSS vulnerability in Octopus Deploy 3.7.0-3.17.13 fixed in 3.17.14 allows remote authenticated users to inject arbitrary web script or HTML via the Step Template Name parameter...

5.4CVSS5.1AI score0.00767EPSS

Exploits0References1

NVD•added 2017/11/10 2:29 a.m.•15 views

CVE-2017-16567

Persistent Cross-Site Scripting XSS vulnerability in Logitech Media Server 7.9.0, affecting the "Favorites" feature. This vulnerability allows remote attackers to inject and permanently store malicious JavaScript payloads, which are executed when users access the affected functionality...

5.4CVSS5.3AI score0.02239EPSS

Exploits3References1

NVD•added 2017/11/10 2:29 a.m.•20 views

CVE-2017-16568

Persistent Cross-Site Scripting XSS vulnerability in Logitech Media Server 7.9.0, affecting the "Radio" functionality. This vulnerability allows attackers to inject malicious JavaScript payloads, which become permanently stored on the server and execute when a user plays the compromised radio...

5.4CVSS5.3AI score0.01985EPSS

Exploits2References1

Prion•added 2017/11/10 2:29 a.m.•11 views

Cross site scripting

Cross-site scripting XSS vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a radio URL...

3.5CVSS5.3AI score0.01985EPSS

Exploits2References1Affected Software1

Prion•added 2017/11/10 2:29 a.m.•10 views

Cross site scripting

Cross-site scripting XSS vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a "favorite."...

3.5CVSS5.3AI score0.02239EPSS

Exploits3References1Affected Software1

RubySec•added 2017/11/10 12:0 a.m.•16 views

Stored XSS in "geminabox" via injection in Gemspec "homepage" value

Stored cross-site scripting XSS vulnerability in "geminabox" Gem in a Box allows attackers to inject arbitrary web script via a crafted JavaScript URL in the "homepage" value of a ".gemspec" file. A ".gemspec" file must be created with a JavaScript URL in the homepage value. This can be used to...

6.1CVSS1.1AI score0.01084EPSS

Exploits0References1Affected Software1

Cvelist•added 2017/11/09 7:0 p.m.•33 views

CVE-2017-16568

5.3AI score0.01985EPSS

Exploits2References1

Prion•added 2017/11/06 5:29 p.m.•7 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Taxonomy Find module 6.x-2.x through 6.x-1.2 and 7.x-2.x through 7.x-1.0 in Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via taxonomy vocabulary and term names...

3.5CVSS5.7AI score0.00609EPSS

Exploits0References1Affected Software1

Prion•added 2017/10/30 4:29 p.m.•10 views

Cross site scripting

Cross-site scripting XSS vulnerability in Apache jUDDI before 2.0 allows remote attackers to inject arbitrary web script or HTML via the dsname parameter to happyjuddi.jsp...

4.3CVSS6.2AI score0.04221EPSS

Exploits0References3Affected Software1

OSV•added 2017/10/26 8:29 p.m.•9 views

CVE-2012-4377

Cross-site scripting XSS vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image...

6.1CVSS6AI score

Exploits0References14

Debian CVE•added 2017/10/26 8:0 p.m.•19 views

CVE-2012-4377

Cross-site scripting XSS vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image...

6.1CVSS6.1AI score0.01562EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by