CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6892 matches found

NVD•added 2014/04/25 5:12 p.m.•12 views

CVE-2013-4722

Multiple cross-site scripting XSS vulnerabilities in Admin/login/default.asp in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the 1 username, 2 url, 3 qstr parameter...

4.3CVSS5.8AI score0.01854EPSS

Exploits3References3

Prion•added 2014/04/25 5:12 p.m.•19 views

Cross site scripting

Cross-site scripting XSS vulnerability in Ushahidi Platform 2.5.x through 2.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6.1AI score0.01925EPSS

Exploits1References5Affected Software1

Cvelist•added 2014/04/25 10:0 a.m.•26 views

CVE-2014-2729

Cross-site scripting XSS vulnerability in content.aspx in Ektron CMS 8.7 before 8.7.0.055 allows remote authenticated users to inject arbitrary web script or HTML via the category0 parameter, which is not properly handled when displaying the Subjects tab in the View Properties menu option...

5.2AI score0.00972EPSS

Exploits3References3

Prion•added 2014/04/24 5:6 a.m.•22 views

Cross site scripting

Cross-site scripting XSS vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the composer to add an e-mail attachment...

4.3CVSS6.1AI score0.00942EPSS

Exploits1References1Affected Software1

Patchstack•added 2014/04/24 12:0 a.m.•16 views

WordPress Twitget Plugin <= 3.3.2 - Multiple XSS

Because of these vulnerabilities in twitget.php, authenticated administrators can inject arbitrary web script or HTML via unspecified vectors. Solution Update the plugin...

3.5CVSS2.2AI score0.03577EPSS

Exploits1References1Affected Software1

NVD•added 2014/04/23 11:52 a.m.•16 views

CVE-2014-1648

Cross-site scripting XSS vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab parameter...

4.3CVSS5.6AI score0.02071EPSS

Exploits2References4

Prion•added 2014/04/23 11:52 a.m.•18 views

Cross site scripting

4.3CVSS6.1AI score0.02071EPSS

Exploits2References4Affected Software1

Prion•added 2014/04/22 2:23 p.m.•11 views

Cross site scripting

Cross-site scripting XSS vulnerability in the wraphtml function in MyID.php in phpMyID 0.9 allows remote attackers to inject arbitrary web script or HTML via the openiderror parameter to MyID.config.php when the openid.mode parameter is set to error, which is not properly handled in an error...

4.3CVSS6.2AI score0.01193EPSS

Exploits1References3Affected Software1

Cvelist•added 2014/04/22 2:0 p.m.•18 views

CVE-2013-2105

The Show In Browser showinbrowser gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html...

6.1AI score0.00391EPSS

Exploits1References3

Cvelist•added 2014/04/22 2:0 p.m.•27 views

CVE-2013-2187

Cross-site scripting XSS vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page...

5.7AI score0.05484EPSS

Exploits0References4

NVD•added 2014/04/18 2:55 p.m.•13 views

CVE-2014-2856

Cross-site scripting XSS vulnerability in scheduler/client.c in Common Unix Printing System CUPS before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the ispathabsolute function...

4.3CVSS7.2AI score0.01626EPSS

Exploits0References10

Debian CVE•added 2014/04/18 2:0 p.m.•22 views

CVE-2014-2856

4.3CVSS7AI score0.01626EPSS

Exploits0

Prion•added 2014/04/17 2:55 p.m.•12 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via 1 the uploadPatch parameter to the System/Advanced page settingsadvanced.html or 2 the uploadLicenses parameter...

4.3CVSS5.7AI score0.04847EPSS

Exploits3References6Affected Software1

Cvelist•added 2014/04/17 2:0 p.m.•19 views

CVE-2014-2879

5.5AI score0.04847EPSS

Exploits3References6

Cvelist•added 2014/04/16 6:0 p.m.•23 views

CVE-2011-4193

Cross-site scripting XSS vulnerability in the overlay files tab in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted application, related to cloning...

5.7AI score0.00942EPSS

Exploits0References1

Cvelist•added 2014/04/15 5:0 p.m.•29 views

CVE-2013-7368

Multiple cross-site scripting XSS vulnerabilities in Gnew 2013.1 allow remote attackers to inject arbitrary web script or HTML via the gnewtemplate parameter to 1 users/profile.php, 2 articles/index.php, or 3 admin/polls.php; 4 categoryid parameter to news/submit.php; newsid parameter to 5...

5.8AI score0.03217EPSS

Exploits1References4

Prion•added 2014/04/15 2:55 p.m.•17 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard aka Horizon 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat template...

4.3CVSS6AI score0.01206EPSS

Exploits1References4Affected Software2

Prion•added 2014/04/15 10:55 a.m.•11 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in PivotX before 2.3.9 allow remote authenticated users to inject arbitrary web script or HTML via the title field to 1 templatesinternal/pages.tpl, 2 templatesinternal/home.tpl, or 3 templatesinternal/entries.tpl; 4 an event field to objects.php;...

3.5CVSS5.6AI score0.01894EPSS

Exploits2References6Affected Software1

Prion•added 2014/04/14 3:9 p.m.•20 views

Cross site scripting

Cross-site scripting XSS vulnerability in J-Web in Juniper Junos before 10.0S25, 10.4 before 10.4R10, 11.4 before 11.4R11, 12.1 before 12.1R9, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, and 12.2 before 12.2R1 allows remote attackers to inject arbitrary web...

4.3CVSS6.2AI score0.01788EPSS

Exploits1References3Affected Software1

Prion•added 2014/04/11 3:55 p.m.•10 views

Cross site scripting

Cross-site scripting XSS vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1...

4.3CVSS6.1AI score0.01983EPSS

Exploits0References6Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by