CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6892 matches found

Prion•added 2014/10/17 2:55 p.m.•12 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Webform Validation module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a component name text...

3.5CVSS5.7AI score0.01046EPSS

Exploits0References6Affected Software1

Prion•added 2014/10/17 2:55 p.m.•14 views

Cross site scripting

Cross-site scripting XSS vulnerability in the easysocialadminsummary function in the Easy Social module 7.x-2.x before 7.x-2.11 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a block title...

3.5CVSS5.7AI score0.01046EPSS

Exploits0References6Affected Software1

NVD•added 2014/10/16 7:55 p.m.•10 views

CVE-2014-8304

Cross-site scripting XSS vulnerability in In-Portal CMS 5.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the nexttemplate parameter to admin/index.php...

4.3CVSS5.7AI score0.00931EPSS

Exploits0References2

Prion•added 2014/10/16 7:55 p.m.•22 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in SAP HANA Developer Edition Revision 70 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to 1 epm/admin/DataGen.xsjs or 2 epm/services/multiply.xsjs in the democontent...

4.3CVSS6AI score0.02227EPSS

Exploits0References8

Prion•added 2014/10/16 7:55 p.m.•22 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in skins/default/outline.tpl in C97net Cart Engine before 4.0 allow remote attackers to inject arbitrary web script or HTML via the 1 path parameter in the "drop down TOP menu with path" section or 2 printthispage variable in the footercontentbloc...

4.3CVSS6.1AI score0.01489EPSS

Exploits1References2Affected Software1

Prion•added 2014/10/16 7:55 p.m.•20 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Max Foundry MaxButtons plugin before 1.26.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in a button action on the maxbuttons-controller page to wp-admin/admin.php, related to the button creation pa...

4.3CVSS6.2AI score0.02053EPSS

Exploits3References4Affected Software1

Cvelist•added 2014/10/16 7:0 p.m.•23 views

CVE-2014-8307

5.8AI score0.01489EPSS

Exploits1References2

Cvelist•added 2014/10/16 7:0 p.m.•53 views

CVE-2014-7181

5.7AI score0.02053EPSS

Exploits3References4

Cvelist•added 2014/10/16 7:0 p.m.•40 views

CVE-2014-7138

Cross-site scripting XSS vulnerability in the Google Calendar Events plugin before 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gcefeedids parameter in a gceajax action to wp-admin/admin-ajax.php...

5.7AI score0.02388EPSS

Exploits3References7

Cvelist•added 2014/10/16 2:0 p.m.•18 views

CVE-2014-8296

Cross-site scripting XSS vulnerability in the Modal Frame API module 6.x-1.x before 6.x-1.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.7AI score0.01792EPSS

Exploits0References4

NVD•added 2014/10/15 2:55 p.m.•14 views

CVE-2014-8293

Cross-site scripting XSS vulnerability in Voice Of Web AllMyGuests 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the AMGsignintopic parameter to index.php...

4.3CVSS5.7AI score0.00988EPSS

Exploits0References1

NVD•added 2014/10/15 2:55 p.m.•23 views

CVE-2014-3681

Cross-site scripting XSS vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.5AI score0.02132EPSS

Exploits0References4

Prion•added 2014/10/15 2:55 p.m.•10 views

Cross site scripting

Cross-site scripting XSS vulnerability in Voice Of Web AllMyGuests 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the AMGsignintopic parameter to index.php...

4.3CVSS6.2AI score0.00988EPSS

Exploits0References1Affected Software1

Prion•added 2014/10/15 10:55 a.m.•22 views

Cross site scripting

Cross-site scripting XSS vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6.1AI score0.02732EPSS

Exploits0References2Affected Software1

NVD•added 2014/10/14 2:55 p.m.•15 views

CVE-2014-6313

Cross-site scripting XSS vulnerability in the WooCommerce plugin before 2.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the range parameter on the wc-reports page to wp-admin/admin.php...

4.3CVSS5.8AI score0.02023EPSS

Exploits1References4

Prion•added 2014/10/14 2:55 p.m.•21 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Project Issue File Review module PIFR module 6.x-2.x before 6.x-2.17 for Drupal allow 1 remote attackers to inject arbitrary web script or HTML via a crafted patch, which triggers a PIFR client to test the patch and return the results to th...

4.3CVSS5.6AI score0.01161EPSS

Exploits0References4Affected Software1

Prion•added 2014/10/13 6:55 p.m.•18 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Custom Search module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.15 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a taxonomy vocabulary label...

3.5CVSS5.7AI score0.01046EPSS

Exploits0References6Affected Software1

Prion•added 2014/10/13 6:55 p.m.•16 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Nivo Slider module 7.x-2.x before 7.x-1.11 for Drupal allows remote authenticated users with the "administer nivo slider" permission to inject arbitrary web script or HTML via an image title...

3.5CVSS5.7AI score0.01417EPSS

Exploits0References5Affected Software1

Cvelist•added 2014/10/13 6:0 p.m.•30 views

CVE-2014-8746

Cross-site scripting XSS vulnerability in the Skeleton theme 7.x-1.2 through 7.x-1.3 before 7.x-1.4, for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings...

5.2AI score0.00946EPSS

Exploits0References4

NVD•added 2014/10/10 2:55 p.m.•16 views

CVE-2014-7139

Multiple cross-site scripting XSS vulnerabilities in the Contact Form DB aka CFDB and contact-form-7-to-database-extension plugin before 2.8.16 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 form or 2 enc parameter in the CF7DBPluginShortCodeBuilder page to...

4.3CVSS5.8AI score0.02041EPSS

Exploits3References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by