CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6892 matches found

Prion•added 2014/10/21 3:55 p.m.•12 views

Cross site scripting

Cross-site scripting XSS vulnerability in Webasyst Shop-Script 5.2.2.30933 allows remote attackers to inject arbitrary web script or HTML via the phone number field in a new contact to phpecom/index.php/webasyst/contacts/...

4.3CVSS6.1AI score0.01427EPSS

Exploits1References2Affected Software1

Prion•added 2014/10/21 3:55 p.m.•15 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Web UI before 2.3.4 Build 85 for Tenable Nessus 5.x allows remote web servers to inject arbitrary web script or HTML via the server header...

4.3CVSS6.1AI score0.03269EPSS

Exploits6References7Affected Software1

Prion•added 2014/10/21 2:55 p.m.•14 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the 1 callback parameter in a colorselector action, 2 field parameter in a dateformat action, or 3 companyname parameter in an addedit action to index.php...

4.3CVSS5.8AI score0.02081EPSS

Exploits4References6Affected Software1

Prion•added 2014/10/20 6:55 p.m.•9 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Xornic Contact Us allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 email parameter to contact.php or 3 PATHINFO to setup.php, related to the "PHPSELF" variable...

4.3CVSS6.1AI score0.01423EPSS

Exploits0References2Affected Software1

OSV•added 2014/10/20 5:55 p.m.•6 views

CVE-2014-5026

Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a 1 Graph Tree Title in a delete or 2 edit action; 3 CDEF Name, 4 Data Input Method Name, or 5 Host Templates Name in a delete action; ...

7.2AI score

Exploits0References12

UbuntuCve•added 2014/10/20 5:55 p.m.•34 views

CVE-2014-5025

Cross-site scripting XSS vulnerability in datasources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrary web script or HTML via the namecache parameter in a dsedit action...

3.5CVSS7.2AI score0.01778EPSS

Exploits1References2

Prion•added 2014/10/20 5:55 p.m.•12 views

Cross site scripting

Cross-site scripting XSS vulnerability in sshandler.php in the WordPress Spreadsheet wpSS plugin 0.62 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ssid parameter...

4.3CVSS6.2AI score0.01633EPSS

Exploits1References2Affected Software1

Prion•added 2014/10/20 5:55 p.m.•21 views

Cross site scripting

3.5CVSS5.5AI score0.01914EPSS

Exploits1References8Affected Software3

AlpineLinux•added 2014/10/20 5:55 p.m.•25 views

CVE-2014-5169

Cross-site scripting XSS vulnerability in the Date module before 7.x-2.8 for Drupal allows remote authenticated users with the permission to create a date field to inject arbitrary web script or HTML via the date field title...

3.5CVSS3AI score0.01417EPSS

Exploits0

Cvelist•added 2014/10/20 5:0 p.m.•27 views

CVE-2014-5169

5.2AI score0.01417EPSS

Exploits0References5

Cvelist•added 2014/10/20 5:0 p.m.•27 views

CVE-2014-5025

7.1AI score0.01778EPSS

Exploits1References7

NVD•added 2014/10/20 3:55 p.m.•17 views

CVE-2012-5866

Cross-site scripting XSS vulnerability in include.php in Achievo 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter...

4.3CVSS5.6AI score0.01201EPSS

Exploits5References4

Cvelist•added 2014/10/20 3:0 p.m.•18 views

CVE-2012-5866

Cross-site scripting XSS vulnerability in include.php in Achievo 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter...

5.6AI score0.01201EPSS

Exploits5References4

NVD•added 2014/10/20 2:55 p.m.•27 views

CVE-2014-6280

Multiple cross-site scripting XSS vulnerabilities in OSClass before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the 1 action or 2 nsextt parameter to oc-admin/index.php or the 3 nsextt parameter in an itemsreported action to oc-admin/index.php...

4.3CVSS6.1AI score0.01892EPSS

Exploits2References5

CVE•added 2014/10/19 1:0 a.m.•38 views

CVE-2014-3408

Cisco Prime Optical 10’s web framework is affected by CVE-2014-3408, a reflected XSS in the web framework via an unspecified parameter (Bug ID CSCuq80763). The NVD entry lists a CVSSv2 base score of 6.8 (Network, medium complexity, no auth, partial impacts). Cisco’s advisory states that software ...

6.8CVSS5.9AI score0.01274EPSS

Exploits0References3Affected Software1

Cvelist•added 2014/10/19 1:0 a.m.•26 views

CVE-2014-5330

Cross-site scripting XSS vulnerability in BirdBlog allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.7AI score0.01148EPSS

Exploits0References3

NVD•added 2014/10/17 10:55 p.m.•11 views

CVE-2014-2995

Multiple cross-site scripting XSS vulnerabilities in twitget.php in the Twitget plugin before 3.3.3 for WordPress allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors, as demonstrated by the twitgetconsumerkey parameter to...

3.5CVSS5.6AI score0.03577EPSS

Exploits1References5

Prion•added 2014/10/17 10:55 p.m.•17 views

Cross site scripting

3.5CVSS5.8AI score0.03577EPSS

Exploits1References5Affected Software1

Cvelist•added 2014/10/17 10:0 p.m.•17 views

CVE-2014-2995

5.6AI score0.03577EPSS

Exploits1References5

Prion•added 2014/10/17 3:55 p.m.•19 views

Cross site scripting

Cross-site scripting XSS vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie...

4.3CVSS6.1AI score0.01773EPSS

Exploits0References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by