Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6892 matches found

Veracode
Veracodeadded 2017/07/20 8:27 a.m.13 views

Arbitrary Web Script Or HTML Injection

Moodle is susceptible to arbitrary web script or HTML injection attacks. The attacks can be triggered because repository renaming setting for administrator is not filtered, allowing authenticated administrators to inject the arbitrary script through it...

3.5CVSS6.3AI score0.00961EPSS
Exploits0References6Affected Software1
Prion
Prionadded 2017/07/19 1:29 p.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in GLPI 0.90.4 allows remote authenticated attackers to inject arbitrary web script or HTML by attaching a crafted HTML file to a ticket...

3.5CVSS5.7AI score0.00637EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2017/07/19 1:29 p.m.2 views

CVE-2016-7509

Cross-site scripting XSS vulnerability in GLPI 0.90.4 allows remote authenticated attackers to inject arbitrary web script or HTML by attaching a crafted HTML file to a ticket...

5.4CVSS5.7AI score0.00637EPSS
Exploits0References2
OpenVAS
OpenVASadded 2017/07/18 12:0 a.m.22 views

Cybozu Garoon 3.0.0 - 4.2.3 Multiple Vulnerabilities

Cybozu Garoon is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cybozu:garoon"; ifdescription...

5.4CVSS4.9AI score0.01467EPSS
Exploits0
NVD
NVDadded 2017/07/17 9:29 p.m.17 views

CVE-2017-9609

Cross-site scripting XSS vulnerability in Blackcat CMS 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the maplanguage parameter to backend/pages/langsettings.php...

5.4CVSS5.1AI score0.01521EPSS
Exploits2References3
Cvelist
Cvelistadded 2017/07/13 8:0 p.m.24 views

CVE-2017-1000032

Cross-Site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parentid parameter to tree.php and drpaction parameter to datasources.php...

6.7AI score0.00887EPSS
Exploits0References1
Prion
Prionadded 2017/07/13 1:29 a.m.10 views

Cross site scripting

Cross-site scripting XSS vulnerability in /application/lib/ajax/getimage.php in FineCMS through 2017-07-12 allows remote attackers to inject arbitrary web script or HTML via the folder, id, or name parameter...

4.3CVSS6AI score0.00785EPSS
Exploits1References1
Cvelist
Cvelistadded 2017/07/13 1:0 a.m.17 views

CVE-2017-11198

Cross-site scripting XSS vulnerability in /application/lib/ajax/getimage.php in FineCMS through 2017-07-12 allows remote attackers to inject arbitrary web script or HTML via the folder, id, or name parameter...

6.1AI score0.00785EPSS
Exploits1References1
RubySec
RubySecadded 2017/07/11 12:0 a.m.17 views

Stored XSS in "gemirro" via injection in Gemspec "homepage" value

Stored cross-site scripting XSS vulnerability in Gemirro allows attackers to inject arbitrary web script via a crafted JavaScript URL in the "homepage" value of a ".gemspec" file. A ".gemspec" file must be created with a JavaScript URL in the homepage value. This can be used to build a gem for...

6.1CVSS1.4AI score0.00814EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2017/07/07 1:29 p.m.11 views

CVE-2017-2243

Cross-site scripting vulnerability in Responsive Lightbox prior to version 1.7.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS6AI score0.0145EPSS
Exploits0References3
Prion
Prionadded 2017/07/07 1:29 p.m.23 views

Cross site scripting

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu...

3.5CVSS5.1AI score0.00603EPSS
Exploits0References2Affected Software1
Prion
Prionadded 2017/07/07 1:29 p.m.12 views

Cross site scripting

Cross-site scripting vulnerability in Responsive Lightbox prior to version 1.7.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.9AI score0.0145EPSS
Exploits0References3Affected Software1
Prion
Prionadded 2017/07/07 1:29 p.m.11 views

Cross site scripting

Cross-site scripting vulnerability in WordPress Download Manager prior to version 2.9.50 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.01432EPSS
Exploits0References3Affected Software1
NVD
NVDadded 2017/07/07 1:29 p.m.15 views

CVE-2017-2222

Cross-site scripting vulnerability in WP-Members prior to version 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS6.1AI score0.01766EPSS
Exploits0References3
NVD
NVDadded 2017/07/07 1:29 p.m.19 views

CVE-2017-2224

Cross-site scripting vulnerability in Event Calendar WD prior to version 1.0.94 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS6.1AI score0.01466EPSS
Exploits0References5
Cvelist
Cvelistadded 2017/07/07 1:0 p.m.23 views

CVE-2017-2224

Cross-site scripting vulnerability in Event Calendar WD prior to version 1.0.94 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1AI score0.01466EPSS
Exploits0References5
Prion
Prionadded 2017/07/06 2:29 p.m.12 views

Cross site scripting

Cross-site scripting XSS vulnerability in Lutim before 0.8 might allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in an upload notification and in the myfiles component, if the attacker can convince the victim to proceed with an upload despit...

4.3CVSS5.8AI score0.00766EPSS
Exploits1References1Affected Software1
NVD
NVDadded 2017/07/06 2:29 p.m.12 views

CVE-2017-10975

Cross-site scripting XSS vulnerability in Lutim before 0.8 might allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in an upload notification and in the myfiles component, if the attacker can convince the victim to proceed with an upload despit...

6.1CVSS5.9AI score0.00766EPSS
Exploits1References1
Cvelist
Cvelistadded 2017/07/06 2:0 p.m.14 views

CVE-2017-10975

Cross-site scripting XSS vulnerability in Lutim before 0.8 might allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in an upload notification and in the myfiles component, if the attacker can convince the victim to proceed with an upload despit...

5.9AI score0.00766EPSS
Exploits1References1
NVD
NVDadded 2017/07/04 2:29 a.m.14 views

CVE-2017-9313

Multiple Cross-site scripting XSS vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to viewman.cgi, the referers parameter to changereferers.cgi, or the name parameter to saveuser.cgi. NOTE: these issues were not fixed in...

6.1CVSS6.4AI score0.0139EPSS
Exploits3References6
Rows per page
Query Builder