CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6892 matches found

OSV•added 2021/06/28 8:15 p.m.•17 views

CVE-2021-35298

Cross Site Scripting XSS in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via multiple models that contain a 'note' field to store additional information...

6.1CVSS6.3AI score

Exploits0References1

Prion•added 2021/06/28 8:15 p.m.•11 views

Cross site scripting

Cross Site Scripting XSS in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via the User Avatar attribute...

4.3CVSS6.2AI score0.00284EPSS

Exploits0References1Affected Software1

UbuntuCve•added 2021/06/16 9:15 p.m.•29 views

CVE-2021-32244

Cross Site Scripting XSS in Moodle 3.10.3 allows remote attackers to execute arbitrary web script or HTML via the "Description" field...

5.4CVSS6.8AI score0.00126EPSS

Exploits1References2

Prion•added 2021/06/16 9:15 p.m.•10 views

Cross site scripting

Cross Site Scripting XSS in Moodle 3.10.3 allows remote attackers to execute arbitrary web script or HTML via the "Description" field...

3.5CVSS5.5AI score0.00126EPSS

Exploits1References1Affected Software1

Cvelist•added 2021/06/16 8:37 p.m.•20 views

CVE-2021-32244

Cross Site Scripting XSS in Moodle 3.10.3 allows remote attackers to execute arbitrary web script or HTML via the "Description" field...

6AI score0.00126EPSS

Exploits1References1

Prion•added 2021/06/15 8:15 p.m.•21 views

Cross site scripting

A Cross-site scripting XSS vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel...

4.3CVSS6.2AI score0.00857EPSS

Exploits0References3Affected Software1

Cvelist•added 2021/06/15 5:15 p.m.•11 views

CVE-2020-21316

6.2AI score0.00857EPSS

Exploits0References3

Github Security Blog•added 2021/06/08 11:10 p.m.•52 views

Cross-site scripting in Shopizer

A stored cross-site scripting XSS vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via customername in various forms of store administration. It is saved in the database. The code is executed for any user of store administration when informati...

4.8CVSS5.1AI score0.00715EPSS

Exploits2References5Affected Software1

Github Security Blog•added 2021/06/08 11:8 p.m.•51 views

Cross-site scripting in Shopizer

A reflected cross-site scripting XSS vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via the ref parameter to a page about an arbitrary product, e.g., a product/insert-product-name-here.html/ref= URL...

4.8CVSS4.1AI score0.00316EPSS

Exploits2References5Affected Software1

Cvelist•added 2021/06/02 4:31 p.m.•18 views

CVE-2011-3656

Cross-site scripting XSS vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP 0.9 errors, non-default ports, and content-sniffing...

6AI score0.00371EPSS

Exploits0References1

Prion•added 2021/05/24 11:15 p.m.•16 views

Cross site scripting

3.5CVSS5AI score0.00715EPSS

Exploits2References3Affected Software1

Cvelist•added 2021/05/24 10:33 p.m.•15 views

CVE-2021-33561

5.2AI score0.00715EPSS

Exploits2References3

NVD•added 2021/05/24 6:15 p.m.•7 views

CVE-2021-30082

An issue was discovered in Gris CMS v0.1. There is a Persistent XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via admin/dashboard...

6.1CVSS0.00182EPSS

Exploits1References1

Cvelist•added 2021/05/20 3:31 p.m.•11 views

CVE-2020-21054

Cross Site Scripting XSS vulnerability in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "f" variable in app\vars\varstextarea.php...

6AI score0.00328EPSS

Exploits0References2

OSV•added 2021/05/17 12:15 p.m.•15 views

CVE-2021-29048

Cross-site scripting XSS vulnerability in the Layout module's page administration page in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.2 before fix pack 11 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the...

6.1CVSS5.9AI score

Exploits0References2

Prion•added 2021/05/17 12:15 p.m.•20 views

Cross site scripting

4.3CVSS6AI score0.00474EPSS

Exploits0References2Affected Software2

Prion•added 2021/05/17 12:15 p.m.•20 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Asset module's Asset Publisher app in Liferay Portal 7.2.1 through 7.3.5, and Liferay DXP 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the...

4.3CVSS6AI score0.00317EPSS

Exploits0References2Affected Software2

OSV•added 2021/05/17 11:15 a.m.•15 views

CVE-2021-29044

Cross-site scripting XSS vulnerability in the Site module's membership request administration pages in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary w...

6.1CVSS5.9AI score

Exploits0References2

Prion•added 2021/05/17 11:15 a.m.•13 views

Cross site scripting

4.3CVSS6AI score0.00474EPSS

Exploits0References2Affected Software2

Cvelist•added 2021/05/17 11:8 a.m.•18 views

CVE-2021-29048

6.2AI score0.00474EPSS

Exploits0References2

Rows per page