CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6892 matches found

Prion•added 2014/03/09 1:16 p.m.•15 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Thank You Counter Button plugin 1.8.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 thankscaption, 2 thankscaptionstyle, or 3 thanksstyle parameter to wp-admin/options.php...

4.3CVSS6.2AI score0.02041EPSS

Exploits1References3Affected Software1

Prion•added 2014/03/09 1:16 p.m.•11 views

Cross site scripting

Cross-site scripting XSS vulnerability in the administration page in Airvana HubBub C1-600-RT and Sprint AIRAVE 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6.1AI score0.01254EPSS

Exploits0References5Affected Software1

Prion•added 2014/03/09 1:16 p.m.•22 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the SFR Box router with firmware NB6-MAIN-R3.3.4 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 dns, 2 dhcp, 3 nat, 4 route, or 5 lan in network/; or 6 wifi/config...

4.3CVSS6.1AI score0.00931EPSS

Exploits1References2Affected Software1

UbuntuCve•added 2014/03/09 1:16 p.m.•21 views

CVE-2013-1890

Multiple cross-site scripting XSS vulnerabilities in ownCloud Server before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the 1 newname parameter to apps/bookmarks/ajax/renameTag.php or 2 multiple unspecified parameters to unknown files in apps/contacts/ajax/...

4.3CVSS5.9AI score0.01187EPSS

Exploits0References3

Cvelist•added 2014/03/07 8:0 p.m.•20 views

CVE-2013-2270

5.7AI score0.01254EPSS

Exploits0References5

NVD•added 2014/03/06 3:55 p.m.•24 views

CVE-2014-1906

Multiple cross-site scripting XSS vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 m parameter to lbstatus.php; 2 msg parameter to vcchatlog.php; n parameter to 3 channel.php, ...

4.3CVSS6.2AI score0.04509EPSS

Exploits6References3

Prion•added 2014/03/06 3:55 p.m.•19 views

Cross site scripting

4.3CVSS6.1AI score0.04509EPSS

Exploits6References3Affected Software1

Cvelist•added 2014/03/06 11:0 a.m.•18 views

CVE-2013-6314

Cross-site scripting XSS vulnerability in IBM InfoSphere Enterprise Records 4.5.1 before 4.5.1.7-IER-IF001 and Enterprise Records 5.1.1 before 5.1.1.1-IER-IF003 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

5.1AI score0.00936EPSS

Exploits1References3

Prion•added 2014/03/05 11:55 a.m.•29 views

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject arbitrary web script or HTML...

3.5CVSS5.3AI score0.00765EPSS

Exploits1References2Affected Software1

Cvelist•added 2014/03/05 11:0 a.m.•29 views

CVE-2013-6320

5AI score0.00765EPSS

Exploits1References2

Cvelist•added 2014/03/05 11:0 a.m.•24 views

CVE-2013-6318

Cross-site scripting XSS vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote attackers to inject arbitrary web script or HTML via...

5.6AI score0.00939EPSS

Exploits1References2

NVD•added 2014/03/03 6:55 p.m.•15 views

CVE-2014-2040

Multiple cross-site scripting XSS vulnerabilities in the 1 callbackmulticheck, 2 callbackradio, and 3 callbackwysiwygin functions in mfrhclass.settings-api.php in the Media File Renamer plugin 1.7.0 for WordPress allow remote authenticated users with permissions to add media or edit media to inje...

2.1CVSS5.5AI score0.01593EPSS

Exploits3References3

CVE•added 2014/03/03 6:0 p.m.•53 views

CVE-2014-2040

CVE-2014-2040 corresponds to multiple stored XSS vulnerabilities in the WordPress Media File Renamer plugin (v1.7.0). The issues affect the plugin’s settings API callbacks (callback_multicheck, callback_radio, callback_wysiwygin) in mfrh_class.settings-api.php, allowing remote authenticated users...

2.1CVSS5.5AI score0.01593EPSS

Exploits3References3Affected Software1

Cvelist•added 2014/03/03 4:0 p.m.•45 views

CVE-2013-1409

Cross-site scripting XSS vulnerability in the CommentLuv plugin before 2.92.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ajaxnonce parameter to wp-admin/admin-ajax.php...

5.7AI score0.04546EPSS

Exploits3References5

Check Point Advisories•added 2014/03/03 12:0 a.m.•1 views

Internet Explorer Navigation Cancel Page XSS - Ver2 (CVE-2007-1499)

A cross-site scripting vulnerability has been reported in Microsoft Internet Explorer. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

4.3CVSS5.7AI score0.2978EPSS

Exploits1

Prion•added 2014/03/02 5:55 p.m.•21 views

Cross site scripting

Cross-site scripting XSS vulnerability in lib/filemanager/ImageManager/editorFrame.php in CMS Made Simple 1.11.10 allows remote attackers to inject arbitrary web script or HTML via the action parameter, a different issue than CVE-2014-0334. NOTE: the original disclosure also reported issues that...

4.3CVSS6.1AI score0.0152EPSS

Exploits4References2Affected Software1

Prion•added 2014/03/02 5:55 p.m.•20 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in CMS Made Simple allow remote authenticated users to inject arbitrary web script or HTML via 1 the group parameter to admin/addgroup.php, 2 the htmlblob parameter to admin/addhtmlblob.php, the 3 title or 4 url parameter to admin/addbookmark.php,...

3.5CVSS5.5AI score0.0152EPSS

Exploits4References2

Prion•added 2014/03/02 4:57 a.m.•18 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Business Voice Services Manager BVSM page in Cisco Unified Communications Domain Manager 9.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCum78536, CSCum78526, CSCum69809, and...

4.3CVSS6.1AI score0.01158EPSS

Exploits1References3Affected Software1

NVD•added 2014/03/01 12:1 a.m.•13 views

CVE-2014-2080

Cross-site scripting XSS vulnerability in manager/templates/default/header.tpl in ModX Revolution before 2.2.11 allows remote attackers to inject arbitrary web script or HTML via the "a" parameter...

4.3CVSS5.6AI score0.01899EPSS

Exploits1References5

Cvelist•added 2014/02/28 5:0 p.m.•25 views

CVE-2014-2080

Cross-site scripting XSS vulnerability in manager/templates/default/header.tpl in ModX Revolution before 2.2.11 allows remote attackers to inject arbitrary web script or HTML via the "a" parameter...

5.6AI score0.01899EPSS

Exploits1References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by