CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6892 matches found

Cvelist•added 2015/03/23 4:0 p.m.•21 views

CVE-2015-2678

Multiple cross-site scripting XSS vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 cat parameter in the categories page to gxadmin/index.php or 2 page parameter to index.php...

5.8AI score0.05396EPSS

Exploits2References8

Cvelist•added 2015/03/23 4:0 p.m.•20 views

CVE-2015-2289

Cross-site scripting XSS vulnerability in templates/2k11/admin/entries.tpl in Serendipity before 2.0.1 allows remote authenticated editors to inject arbitrary web script or HTML via the serendipitycatname parameter to serendipityadmin.php, when creating a new category...

5.3AI score0.01654EPSS

Exploits1References6

Cvelist•added 2015/03/23 4:0 p.m.•24 views

CVE-2015-2677

Multiple cross-site scripting XSS vulnerabilities in ocPortal before 9.0.17 allow remote authenticated users to inject arbitrary web script or HTML via the 1 title or 2 text field in the cmscalendar page to cms/index.php; unspecified fields in 3 the cmspolls page to cms/index.php or 4 a new topic...

5.4AI score0.01519EPSS

Exploits1References5

Kaspersky•added 2015/03/23 12:0 a.m.•51 views

KLA10488 Code injection vulnerabilities in IBM BPM

An unspecified vulnerabilities were found in IBM BPM. By exploiting these vulnerabilities malicious users inject arbitrary web script. This vulnerability can be exploited remotely via a specially designed URL or vectors related to data fields. Original advisories - Related products...

4.3CVSS6.7AI score0.01755EPSS

Exploits0References2

Prion•added 2015/03/20 1:59 a.m.•21 views

Cross site scripting

Cross-site scripting XSS vulnerability in the administration portal in Cisco WebEx Meetings Server 2.5 and 2.5.99.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq66737...

4.3CVSS6.2AI score0.0095EPSS

Exploits0References2Affected Software1

Cvelist•added 2015/03/20 1:0 a.m.•22 views

CVE-2015-0668

5.7AI score0.0095EPSS

Exploits0References2

Cvelist•added 2015/03/19 2:0 p.m.•17 views

CVE-2015-2351

Multiple cross-site scripting XSS vulnerabilities in Alkacon OpenCms 9.5.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 homelink parameter to system/modules/org.opencms.workplace.help/jsptemplates/helphead.jsp, 2 workplaceresource parameter to...

5.8AI score0.01906EPSS

Exploits1References5

Prion•added 2015/03/18 11:59 p.m.•11 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in eXtplorer before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.0121EPSS

Exploits0References3Affected Software1

NVD•added 2015/03/18 2:59 p.m.•17 views

CVE-2015-2149

Multiple cross-site scripting XSS vulnerabilities in the administrative backend in MyBB aka MyBulletinBoard before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the 1 MIME-type field in an add action in the config-attachmenttypes module to admin/index.php; 2...

3.5CVSS5.4AI score0.01641EPSS

Exploits1References7

NVD•added 2015/03/13 1:59 a.m.•19 views

CVE-2015-0122

Cross-site scripting XSS vulnerability in IBM Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0123...

3.5CVSS5AI score0.01402EPSS

Exploits0References3

Prion•added 2015/03/12 5:59 p.m.•10 views

Cross site scripting

Cross-site scripting XSS vulnerability in WoltLab Community Gallery 2.0 before 2014-12-26 allows remote attackers to inject arbitrary web script or HTML via the parametersdata7title parameter in a saveImageData action to index.php/AJAXProxy...

4.3CVSS6.1AI score0.0369EPSS

Exploits4References7Affected Software1

CVE•added 2015/03/12 5:0 p.m.•53 views

CVE-2015-2275

WoltLab Community Gallery 2.0 (pre-12/26/2014) is affected by a stored XSS via parameters[data][7][title] in the saveImageData action to index.php/AJAXProxy. The vulnerability enables arbitrary script/HTML injection and is documented with a PoC and public references. Fixed in Community Gallery 2....

4.3CVSS5.7AI score0.0369EPSS

Exploits4References7Affected Software1

NVD•added 2015/03/12 10:59 a.m.•29 views

CVE-2015-0521

Cross-site scripting XSS vulnerability in EMC RSA Certificate Manager RCM before 6.9 build 558 and RSA Registration Manager RRM before 6.9 build 558 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the CMP shared secret parameter...

3.5CVSS5.2AI score0.00938EPSS

Exploits0References3

Prion•added 2015/03/12 10:59 a.m.•23 views

Cross site scripting

3.5CVSS5.6AI score0.00938EPSS

Exploits0References3Affected Software2

Prion•added 2015/03/12 10:59 a.m.•27 views

Cross site scripting

Cross-site scripting XSS vulnerability in EMC RSA Certificate Manager RCM before 6.9 build 558 and RSA Registration Manager RRM before 6.9 build 558 allows remote attackers to inject arbitrary web script or HTML via vectors related to the email address parameter...

4.3CVSS6.1AI score0.01187EPSS

Exploits0References3Affected Software2

Prion•added 2015/03/11 10:59 a.m.•20 views

Cross site scripting

Cross-site scripting XSS vulnerability in Microsoft SharePoint Foundation 2013 Gold and SP1 and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."...

3.5CVSS4.9AI score0.06875EPSS

Exploits0References2Affected Software2

Prion•added 2015/03/11 10:59 a.m.•21 views

Cross site scripting

Cross-site scripting XSS vulnerability in Outlook Web App OWA in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted X-OWA-Canary cookie in an AD.RecipientType.User action, aka "OWA Modified Canary Parameter Cross...

4.3CVSS5.5AI score0.08876EPSS

Exploits0References2Affected Software1

Kaspersky•added 2015/03/10 12:0 a.m.•75 views

KLA10591 Code injection in Microsoft Exchange Server

Multiple XSS vulnerabilities were found in Microsoft Exchange Server. By exploiting these vulnerabilities malicious users can inject arbitrary web script or spoof user interface. These vulnerabilities can be exploited remotely via a specially designed URL, msgParam or other unknown vectors...

5CVSS6.1AI score0.11786EPSS

Exploits0References8

Prion•added 2015/03/09 5:59 p.m.•11 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Webshop hun 1.062S allow remote attackers to inject arbitrary web script or HTML via the 1 param, 2 center, 3 lap, 4 termid, or 5 nyelvid parameter to index.php...

4.3CVSS6AI score0.01927EPSS

Exploits0References3Affected Software1

NVD•added 2015/03/05 4:59 p.m.•17 views

CVE-2015-2218

Multiple cross-site scripting XSS vulnerabilities in the wpajaxsaveitem function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 itemname or 2 itemcustomcss parameter in a...

4.3CVSS5.9AI score0.04186EPSS

Exploits1References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by