CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6892 matches found

Prion•added 2022/04/19 1:15 p.m.•16 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of a asset category...

3.5CVSS5.4AI score0.00167EPSS

Exploits0References2Affected Software2

Prion•added 2022/04/15 4:15 p.m.•20 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.5 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allow remote attackers to inject arbitrary web script or HTML via a form field's help text to 1 Forms module's form builder, or 2 App Builder module's object form...

4.3CVSS6AI score0.00257EPSS

Exploits0References2Affected Software1

Cvelist•added 2022/04/15 4:1 p.m.•13 views

CVE-2022-27258

Multiple Cross-Site Scripting XSS vulnerabilities in Hubzilla 7.0.3 and earlier allows remote attacker to include arbitrary web script or HTML via the rpath parameter...

6.2AI score0.00307EPSS

Exploits0References2

Vulnrichment•added 2022/04/14 8:5 p.m.•5 views

CVE-2020-25158 B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

A reflected cross-site scripting XSS vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows remote attackers to inject arbitrary web script or HTML into various locations...

7.6CVSS5.6AI score0.00166EPSS

Exploits0References2

Prion•added 2022/04/06 2:15 a.m.•14 views

Cross site scripting

A stored cross-site scripting XSS vulnerability was identified in Apperta Foundation OpenEyes 3.5.1. Updating a patient's details allows remote attackers to inject arbitrary web script or HTML via the Address1 parameter. This JavaScript then executes when the patient profile is loaded, which coul...

3.5CVSS5.1AI score0.01908EPSS

Exploits1References2Affected Software1

Check Point Advisories•added 2022/04/05 12:0 a.m.•3 views

D-Link DSL-2760U Gateway Cross Site Scripting (CVE-2013-5223)

A cross-site scripting vulnerability exists in D-Link DSL-2760U Gateway. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

3.5CVSS5.1AI score0.30076EPSS

Exploits3

CNVD•added 2022/03/25 12:0 a.m.•22 views

Synology DiskStation Manager Injection Vulnerability (CNVD-2022-67835)

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. This operating system manages information such as data, files, photos, music, and more. An injection vulnerability exists in Synology DiskStation Manager, which...

6.5CVSS6AI score0.00207EPSS

Exploits0References1

Prion•added 2022/03/03 12:15 a.m.•20 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 and 7.4.1 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the keywords parameter. This issue is caused by an incomplete fix in CVE-2021-35463...

4.3CVSS6AI score0.00295EPSS

Exploits0References2Affected Software1

CNVD•added 2022/03/03 12:0 a.m.•26 views

PluXml Cross-Site Scripting Vulnerability (CNVD-2022-73493)

PluXml is a content management system that does not require a database to work.A cross-site scripting vulnerability exists in PluXML version 5.8.7. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a payload in the thumbnail path of a blog post...

3.5CVSS3.4AI score0.00997EPSS

Exploits1Affected Software1

CVE•added 2022/03/02 11:6 p.m.•94 views

CVE-2021-38264

CVE-2021-38264 affects Liferay Portal’s Frontend Taglib module in versions 7.4.0 and 7.4.1 , enabling XSS via the management toolbar search keywords parameter . The issue stems from an incomplete fix in CVE-2021-35463. The Connected documents confirm the affected product/version and the underlyin...

6.1CVSS6AI score0.00295EPSS

Exploits0References2Affected Software1

CNVD•added 2022/03/01 12:0 a.m.•13 views

PaquitoSoftware Notimoo Cross-Site Scripting Vulnerability

Notimoo is a method for web developers to display notifications to users. PaquitoSoftware Notimoo suffers from a cross-site scripting vulnerability that can be exploited by attackers to execute arbitrary web script or HTML via a carefully crafted header or message in a notification...

6.1CVSS3.8AI score0.00305EPSS

Exploits1References1

NVD•added 2022/02/07 3:15 a.m.•11 views

CVE-2021-43929

Improper neutralization of special elements in output used by a downstream component 'Injection' vulnerability in work flow management in Synology DiskStation Manager DSM before 7.0.1-42218-2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

6.5CVSS0.00207EPSS

Exploits0References1

Cvelist•added 2022/02/07 2:15 a.m.•15 views

CVE-2021-43929

6.5CVSS7.5AI score0.00207EPSS

Exploits0References1

OpenVAS•added 2022/01/28 12:0 a.m.•17 views

Mageia: Security Advisory (MGASA-2018-0040)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.6AI score0.00411EPSS

Exploits0References4

NVD•added 2022/01/13 6:15 p.m.•11 views

CVE-2021-40813

A cross-site scripting XSS vulnerability in the "Zip content" feature in Element-IT HTTP Commander 3.1.9 allows remote authenticated users to inject arbitrary web script or HTML via filenames...

5.4CVSS0.00125EPSS

Exploits1References2

Prion•added 2022/01/13 6:15 p.m.•21 views

Cross site scripting

A cross-site scripting XSS vulnerability in the "Zip content" feature in Element-IT HTTP Commander 3.1.9 allows remote authenticated users to inject arbitrary web script or HTML via filenames...

3.5CVSS5AI score0.00125EPSS

Exploits1References2Affected Software1

Cvelist•added 2022/01/13 5:38 p.m.•11 views

CVE-2021-40813

A cross-site scripting XSS vulnerability in the "Zip content" feature in Element-IT HTTP Commander 3.1.9 allows remote authenticated users to inject arbitrary web script or HTML via filenames...

5.2AI score0.00125EPSS

Exploits1References2

Prion•added 2022/01/06 1:15 p.m.•14 views

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in emlog version = pro-1.0.7 allows remote attackers to inject arbitrary web script or HTML via the s parameter...

4.3CVSS6AI score0.00248EPSS

Exploits1References2Affected Software1

Tenable Nessus•added 2021/12/13 12:0 a.m.•36 views

McAfee Policy Auditor Agent < 6.5.2 Multiple Vulnerabilities (SB10372)

The version of McAfee Policy Auditor Agent, installed on the remote host is prior to 6.5.2. It is, therefore, affected by the following vulnerabilities: - A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject...

6.1CVSS6.5AI score0.00912EPSS

Exploits0References3

NVD•added 2021/12/07 1:15 p.m.•6 views

CVE-2021-40093

A cross-site scripting XSS vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via dashboard actions...

5.4CVSS0.00202EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by