CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3237 matches found

Cvelist•added 2020/07/23 7:42 p.m.•11 views

CVE-2019-18834

Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCSAdminPostTypes in class-wcs-admin-post-types.php...

6.4AI score0.00461EPSS

Exploits1References3

NVD•added 2020/07/21 6:15 p.m.•11 views

CVE-2020-14063

A stored Cross-Site Scripting XSS vulnerability in the TC Custom JavaScript plugin before 1.2.2 for WordPress allows unauthenticated remote attackers to inject arbitrary JavaScript via the tccj-content parameter. This is displayed in the page footer of every front-end page and executed in the...

6.1CVSS6AI score0.00604EPSS

Exploits1References2

Prion•added 2020/07/21 6:15 p.m.•11 views

Cross site scripting

4.3CVSS6AI score0.00604EPSS

Exploits1References2Affected Software1

Cvelist•added 2020/07/21 5:12 p.m.•12 views

CVE-2020-14063

6AI score0.00604EPSS

Exploits1References2

Prion•added 2020/07/20 4:15 p.m.•8 views

Cross site scripting

docsify prior to 4.11.4 is susceptible to Cross-site Scripting XSS. Docsify.js uses fragment identifiers parameters after sign to load resources from server-side .md files. Due to lack of validation here, it is possible to provide external URLs after the // domain.com///attacker.com and render...

4.3CVSS6AI score0.03162EPSS

Exploits5References6Affected Software1

Veracode•added 2020/07/16 4:6 a.m.•14 views

Cross-Site Scripting (XSS)

francoisjacquet/rosariosis is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the includeinactive parameter in PrintSchedules.php...

6.1CVSS4.3AI score0.10197EPSS

Exploits2References5Affected Software1

Veracode•added 2020/07/08 4:10 a.m.•17 views

Cross-Site Scripting (XSS)

teaminmedias-pluswerk/kesearch aka Faceted Search extension of Typo3 is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via parameters such as content,abstract,message,tag, title in the backend module controller...

5.4CVSS4.7AI score0.00206EPSS

Exploits0References3Affected Software1

CNVD•added 2020/07/08 12:0 a.m.•1 views

NeDi Consulting NeDi Cross-Site Scripting Vulnerability (CNVD-2020-44580)

NeDi Consulting NeDi is a suite of open source software that supports the discovery and mapping of network devices from the Swiss company NeDi Consulting. A cross-site scripting vulnerability exists in NeDi Consulting NeDi version 1.9C. The vulnerability can be exploited to execute arbitrary...

5.4CVSS6.6AI score0.00343EPSS

Exploits0References1

CNVD•added 2020/07/08 12:0 a.m.•1 views

NeDi Consulting NeDi Cross-Site Scripting Vulnerability (CNVD-2020-44573)

5.4CVSS6.7AI score0.00206EPSS

Exploits1References1

CNVD•added 2020/07/08 12:0 a.m.•1 views

NeDi Consulting NeDi Cross-Site Scripting Vulnerability (CNVD-2020-44577)

5.4CVSS6.7AI score0.00343EPSS

Exploits0References1

OSV•added 2020/07/07 4:15 p.m.•0 views

CVE-2020-15032

NeDi 1.9C is vulnerable to cross-site scripting XSS attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Incidents.php id parameter...

5.4CVSS6.2AI score

Exploits0References2

NVD•added 2020/07/07 4:15 p.m.•9 views

CVE-2020-15033

NeDi 1.9C is vulnerable to cross-site scripting XSS attack. The application allows an attacker to execute arbitrary JavaScript code via the snmpget.php ip parameter...

5.4CVSS0.00343EPSS

Exploits0References2

NVD•added 2020/07/07 4:15 p.m.•9 views

CVE-2020-15030

NeDi 1.9C is vulnerable to cross-site scripting XSS attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Routes.php rtr parameter...

5.4CVSS0.00343EPSS

Exploits0References2

Prion•added 2020/07/07 3:15 p.m.•13 views

Cross site scripting

NeDi 1.9C is vulnerable to cross-site scripting XSS attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Linked.php dv parameter...

3.5CVSS5.4AI score0.00206EPSS

Exploits1References2Affected Software1

Veracode•added 2020/07/07 3:34 a.m.•29 views

Cross-Site Scripting (XSS)

jspdf is vulnerable to cross-site scripting. An attacker is able to inject and execute arbitrary Javascript in a user's browser by bypassing the filtering regex using...

6.3CVSS3.3AI score0.00228EPSS

Exploits1References1Affected Software1

Veracode•added 2020/07/03 3:50 a.m.•15 views

Cross-Site Scripting (XSS)

jspdf is vulnerable to cross-site scripting. An attacker is able to inject and execute arbitrary Javascript in a user's browser via the HTML method...

6.1CVSS2.5AI score0.00234EPSS

Exploits1References3Affected Software1

Positive Technologies•added 2020/07/03 12:0 a.m.•2 views

PT-2020-10296 · Froala · Froala Editor

Name of the Vulnerable Software and Affected Versions: Froala Editor versions prior to 3.2.3 Description: A DOM-based cross-site scripting XSS issue exists because HTML code in the editor is not correctly sanitized when inserted into the DOM. This allows an attacker that can control the editor...

6.1CVSS5.9AI score0.02161EPSS

Exploits3References16

CNVD•added 2020/07/02 12:0 a.m.•2 views

F5 BIG-IP Cross-Site Scripting Vulnerability (CNVD-2020-61639)

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A cross-site scripting vulnerability exists in the configuration tool in F5 BIG-IP. An attacker could exploit this vulnerabili...

6.1CVSS6.5AI score0.09081EPSS

Exploits1References1

CNVD•added 2020/06/30 12:0 a.m.•4 views

MK-AUTH cross-site scripting vulnerability (CNVD-2021-17430)

MK-AUTH is an access control system from the Brazilian software developer Pedro Filho. A cross-site scripting vulnerability exists in the admin and client scripts in MK-AUTH version 19.01, which can be exploited by an attacker to execute arbitrary JavaScript code...

6.1CVSS6.6AI score0.00421EPSS

Exploits0References1

Cvelist•added 2020/06/26 1:9 p.m.•12 views

CVE-2020-15016

NeDi 1.9C is vulnerable to reflected cross-site scripting. The Other-Converter.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the txt GET parameter...

6AI score0.0024EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by