CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6892 matches found

Github Security Blog•added 2022/05/24 7:10 p.m.•6 views

Liferay Portal Journal Module and Liferay DXP Vulnerable to Cross-Site Scripting (XSS)

Cross-site scripting XSS vulnerability in the Journal module's add article menu in Liferay Portal 7.3.0 through 7.3.3, and Liferay DXP 7.1 fix pack 18, and 7.2 fix pack 5 through 7, allows remote attackers to inject arbitrary web script or HTML via the comliferayjournalwebportletJournalPortletnam...

5.4CVSS5.8AI score0.00167EPSS

Exploits0References4Affected Software2

OSV•added 2022/05/24 7:9 p.m.•2 views

GHSA-HGJV-7WJR-QWQP Liferay Portal and Liferay DXP Cross-site scripting (XSS) vulnerability in the Frontend JS module

Cross-site scripting XSS vulnerability in the Frontend JS module before version 4.0.18, in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20 and 7.2 before fix pack 9, allows remote attackers to inject arbitrary web script or HTML via the title of a...

6.1CVSS6AI score0.00418EPSS

Exploits0References5

OSV•added 2022/05/24 7:5 p.m.•18 views

GHSA-G5M5-J48G-FR24 Moodle Cross Site Scripting (XSS)

Cross Site Scripting XSS in Moodle 3.10.3 allows remote attackers to execute arbitrary web script or HTML via the "Description" field...

5.4CVSS5.7AI score0.00126EPSS

Exploits1References3

OSV•added 2022/05/24 5:45 p.m.•8 views

GHSA-33JJ-92PX-M4G7 Craft CMS Cross-site Scripting Vulnerability

Cross Site Scripting XSS vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new...

5.4CVSS5.2AI score0.00226EPSS

Exploits1References3

Github Security Blog•added 2022/05/24 5:45 p.m.•12 views

Craft CMS Cross-site Scripting Vulnerability

Cross Site Scripting XSS vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new...

5.4CVSS6.1AI score0.00226EPSS

Exploits1References4Affected Software1

OSV•added 2022/05/24 5:39 p.m.•18 views

GHSA-WMH7-782F-XFW5 Gravity Forms stored Cross-Site Scripting (XSS) vulnerability

A stored Cross-Site Scripting XSS vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role Administrator, Editor, etc...

4.8CVSS4.9AI score0.00242EPSS

Exploits0References3

OSV•added 2022/05/24 5:34 p.m.•19 views

GHSA-4M44-5J2G-XF64 Improper Neutralization of Input During Web Page Generation in CKEditor4

A cross-site scripting XSS vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs...

6.1CVSS6.2AI score0.01007EPSS

Exploits0References8

Github Security Blog•added 2022/05/24 5:34 p.m.•58 views

Improper Neutralization of Input During Web Page Generation in CKEditor4

6.1CVSS6.3AI score0.01007EPSS

Exploits0References8Affected Software1

OSV•added 2022/05/24 5:7 p.m.•5 views

GHSA-4HF3-229W-6H8R Dolibarr cross-site scripting (XSS) vulnerability

Multiple cross-site scripting XSS vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 labellibelle parameter to the /htdocs/admin/dict.php?id=3 page; the 2 nameconstname parameter to the /htdocs/admin/const.php?mainmenu=home page; the 3...

6.1CVSS6.1AI score0.00542EPSS

Exploits1References4

CNVD•added 2022/05/19 12:0 a.m.•20 views

IPPlan Cross-Site Scripting Vulnerability

IPPlan is a web-based multilingual TCP IP address management IPAM software and tracking tool. Simplifying the management of the IP address space, IPPlan version 4.92b is vulnerable to a cross-site scripting vulnerability, which stems from a cross-site scripting XSS vulnerability found in...

3.5CVSS1.4AI score0.00143EPSS

Exploits1

Github Security Blog•added 2022/05/17 7:57 p.m.•23 views

Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability

A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...

9.8CVSS9AI score0.12676EPSS

Exploits0References14Affected Software3

OSV•added 2022/05/17 7:57 p.m.•33 views

GHSA-9FC5-Q25C-R2WR Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability

9.8CVSS9AI score0.12676EPSS

Exploits0References13

Github Security Blog•added 2022/05/17 5:50 a.m.•20 views

Plone Cross-site Scripting vulnerability in PortalTransforms

Cross-site scripting XSS vulnerability in PortalTransforms in Plone 2.1 through 3.3.5 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safehtml transform...

4.3CVSS6AI score0.00392EPSS

Exploits0References6Affected Software1

OSV•added 2022/05/17 5:22 a.m.•21 views

GHSA-V358-RVXR-WFFX Silverstripe XSS Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via 1. a crafted string to the AbsoluteLinks 1. BigSummary 1. ContextSummary 1. EscapeXML 1. FirstParagraph 1. FirstSentence 1...

4.3CVSS5.4AI score0.00295EPSS

Exploits1References9

Github Security Blog•added 2022/05/17 4:46 a.m.•16 views

Review Board Cross-site scripting (XSS) vulnerability in the reviews dropdown

Cross-site scripting XSS vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name...

4.3CVSS5.6AI score0.00407EPSS

Exploits1References9Affected Software1

OSV•added 2022/05/17 4:46 a.m.•14 views

GHSA-6G7X-4C7M-G63M Review Board Cross-site scripting (XSS) vulnerability in the reviews dropdown

6.1CVSS5.3AI score0.00407EPSS

Exploits1References9

OSV•added 2022/05/17 4:45 a.m.•6 views

GHSA-9CRX-P357-5VW8 Ajenti Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in plugins/main/content/js/ajenti.coffee in Ajenti before 1.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the command field in the Cron functionality...

5.4CVSS5.3AI score0.00215EPSS

Exploits1References9

Github Security Blog•added 2022/05/17 4:42 a.m.•26 views

Djblets Cross-site scripting Vulnerability

A cross-site scripting XSS vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or HTML via a user display name...

4.3CVSS5.6AI score0.00407EPSS

Exploits1References10Affected Software1

OSV•added 2022/05/17 4:32 a.m.•19 views

GHSA-HR59-35CR-QF43 Plone Cross-site scripting Vulnerability

Cross-site scripting XSS vulnerability in safehtml.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with permissions to edit content to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS5.1AI score0.00152EPSS

Exploits0References7

Github Security Blog•added 2022/05/17 3:57 a.m.•30 views

phpMyAdmin cross-site scripting Vulnerability via ENUM value

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the 1 table search...

3.5CVSS5.6AI score0.00339EPSS

Exploits0References7Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by