CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6892 matches found

NVD•added 2015/01/09 6:59 p.m.•13 views

CVE-2014-9498

Cross-site scripting XSS vulnerability in the Webform Invitation module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.4 for Drupal allows remote authenticated users with the Webform: Create new content, Webform: Edit own content, or Webform: Edit any content permission to inject arbitrary web...

3.5CVSS5.3AI score0.00946EPSS

Exploits0References5

NVD•added 2015/01/09 6:59 p.m.•19 views

CVE-2014-9271

Cross-site scripting XSS vulnerability in filedownload.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extension, related to inline attachments, as demonstrated by a .swf.jpeg filename...

5.4CVSS5.1AI score0.01522EPSS

Exploits1References7

Prion•added 2015/01/09 6:59 p.m.•18 views

Cross site scripting

3.5CVSS5.7AI score0.00946EPSS

Exploits0References5Affected Software1

Prion•added 2015/01/09 6:59 p.m.•15 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Godwin's Law module before 7.x-1.1 for Drupal, when using the dblog module, allows remote authenticated users to inject arbitrary web script or HTML via a Watchdog message...

3.5CVSS5.7AI score0.00946EPSS

Exploits0References5Affected Software1

Prion•added 2015/01/09 6:59 p.m.•18 views

Cross site scripting

4.3CVSS5.6AI score0.01522EPSS

Exploits1References7Affected Software2

Cvelist•added 2015/01/09 6:0 p.m.•28 views

CVE-2014-9269

Cross-site scripting XSS vulnerability in helperapi.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web script or HTML via the project cookie...

5.4AI score0.01985EPSS

Exploits0References6

Cvelist•added 2015/01/09 6:0 p.m.•15 views

CVE-2014-9498

5.3AI score0.00946EPSS

Exploits0References5

Prion•added 2015/01/08 8:59 p.m.•15 views

Cross site scripting

Cross-site scripting XSS vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the shortname parameter in a rename action. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for mor...

4.3CVSS5.8AI score0.01474EPSS

Exploits9References1Affected Software1

NVD•added 2015/01/07 2:59 a.m.•15 views

CVE-2014-4635

Multiple cross-site scripting XSS vulnerabilities in EMC Documentum Web Development Kit WDK before 6.8 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.8AI score0.01915EPSS

Exploits0References3

Prion•added 2015/01/07 2:59 a.m.•15 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in EMC Documentum Web Development Kit WDK before 6.8 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.01915EPSS

Exploits0References3Affected Software1

Prion•added 2015/01/06 3:59 p.m.•18 views

Cross site scripting

Cross-site scripting XSS vulnerability in the web-based device management interface in Palo Alto Networks PAN-OS before 5.0.15, 5.1.x before 5.1.10, and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Ref ID 64563...

4.3CVSS6.2AI score0.01362EPSS

Exploits0References2Affected Software1

UbuntuCve•added 2015/01/06 3:59 p.m.•28 views

CVE-2014-3628

Cross-site scripting XSS vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object...

4.3CVSS5.9AI score0.04702EPSS

Exploits0References4

Prion•added 2015/01/05 9:59 p.m.•20 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in concrete5 5.7.2.1, 5.7.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 gName parameter in singlepages/dashboard/users/groups/bulkupdate.php or 2 instanceid parameter in tools/dashboard/sitemapdragrequest.p...

4.3CVSS6.1AI score0.01872EPSS

Exploits1References5Affected Software2

Prion•added 2015/01/05 8:59 p.m.•14 views

Cross site scripting

Cross-site scripting XSS vulnerability in Social Microblogging PRO 1.5 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the default URI, related to the "Web Site" input in the Profile section...

4.3CVSS6.2AI score0.01465EPSS

Exploits1References2Affected Software1

Prion•added 2015/01/05 8:59 p.m.•17 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in CMS Papoo Light 6.0.0 Rev 4701 allow remote attackers to inject arbitrary web script or HTML via the 1 author field to guestbook.php or 2 username field to account.php...

4.3CVSS6.1AI score0.03501EPSS

Exploits1References6Affected Software1

Prion•added 2015/01/03 11:59 a.m.•12 views

Cross site scripting

Cross-site scripting XSS vulnerability in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to inject arbitrary web script or HTML via a topheight cookie...

4.3CVSS6.1AI score0.00966EPSS

Exploits1References1Affected Software1

NVD•added 2015/01/02 8:59 p.m.•21 views

CVE-2014-9444

Cross-site scripting XSS vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the errorsfu-disallowed-mime-type0name parameter to the default URI...

4.3CVSS5.8AI score0.06701EPSS

Exploits2References3

Prion•added 2015/01/02 8:59 p.m.•19 views

Cross site scripting

4.3CVSS6.3AI score0.06701EPSS

Exploits2References3Affected Software1

Cvelist•added 2015/01/02 8:0 p.m.•18 views

CVE-2014-9446

Multiple cross-site scripting XSS vulnerabilities in the Staff client in Koha before 3.16.6 and 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sortby parameter to the 1 opac parameter in opac-search.pl or 2 intranet parameter in catalogue/search.pl...

5.8AI score0.0122EPSS

Exploits1References5

Prion•added 2015/01/02 7:59 p.m.•15 views

Cross site scripting

Cross-site scripting XSS vulnerability in cgi-bin/ipinfo.cgi in IPCop aka IPCop Firewall before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the QUERYSTRING. NOTE: this can be used to bypass the cross-site request forgery CSRF protection mechanism by setting the Refere...

4.3CVSS6.5AI score0.01343EPSS

Exploits1References4Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by