CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3221 matches found

OSV•added 2019/09/03 8:15 p.m.•1 views

CVE-2019-5479

An unintended require vulnerability in v0.5.5 larvitbase-api may allow an attacker to load arbitrary non-production code JavaScript file...

7.5CVSS7.3AI score

Exploits0References1

0day.today•added 2019/09/02 12:0 a.m.•31 views

Opencart 3.x - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Opencart 3.x.x Authenticated Stored XSS Exploit Author: Nipun Somani Author Web: http://thehackerstore.net Vendor Homepage: https://www.opencart.com/ Software Link: https://github.com/opencart/opencart Version: 3.x.x Tested on:...

3.5CVSS5.2AI score0.00172EPSS

Exploits5

exploitpack•added 2019/09/02 12:0 a.m.•24 views

Opencart 3.x - Cross-Site Scripting

Opencart 3.x - Cross-Site Scripting Exploit Title: Opencart 3.x.x Authenticated Stored XSS Date: 08/15/2019 Exploit Author: Nipun Somani Author Web: http://thehackerstore.net Vendor Homepage: https://www.opencart.com/ Software Link: https://github.com/opencart/opencart Version: 3.x.x Tested on:...

3.5CVSS0.00172EPSS

Exploits5

Exploit DB•added 2019/09/02 12:0 a.m.•369 views

Opencart 3.x - Cross-Site Scripting

Exploit Title: Opencart 3.x.x Authenticated Stored XSS Date: 08/15/2019 Exploit Author: Nipun Somani Author Web: http://thehackerstore.net Vendor Homepage: https://www.opencart.com/ Software Link: https://github.com/opencart/opencart Version: 3.x.x Tested on: Debian 9, Windows 10 x64 CVE :...

4.8CVSS5.5AI score0.00172EPSS

Exploits5

Packet Storm•added 2019/09/02 12:0 a.m.•260 views

Opencart 3.x Cross Site Scripting

3.5CVSS5.2AI score0.00172EPSS

Exploits5

Veracode•added 2019/08/26 9:26 a.m.•14 views

Cross-site Scripting (XSS)

Bolt is vulnerable to cross-site scripting XSS. The vulnerability exists due to lack of proper handling of Create file for system log in file manager, allowing a remote attacker to inject arbitrary Javascript into a victim's browser through the affected parameters...

6.1CVSS3.7AI score0.00223EPSS

Exploits0References4Affected Software1

Node.js•added 2019/08/07 7:39 p.m.•18 views

Cross-Site Scripting

Overview All versions of http-file-server are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently availabl...

3.5CVSS4.1AI score0.0014EPSS

Exploits1Affected Software1

NVD•added 2019/07/30 9:15 p.m.•10 views

CVE-2019-5458

Cross-site scripting XSS vulnerability in http-file-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...

5.4CVSS5.4AI score0.0014EPSS

Exploits1References1

NVD•added 2019/07/30 9:15 p.m.•8 views

CVE-2019-5457

Cross-site scripting XSS vulnerability in min-http-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...

5.4CVSS5.4AI score0.0014EPSS

Exploits1References1

Prion•added 2019/07/30 9:15 p.m.•10 views

Cross site scripting

Cross-site scripting XSS vulnerability in min-http-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...

3.5CVSS5.5AI score0.0014EPSS

Exploits1References1Affected Software1

Veracode•added 2019/07/23 8:58 a.m.•11 views

Cross-site Scripting (XSS)

PrimeFaces is vulnerable to cross-site scripting XSS. The vulnerability exists due to the lack of validation for the parameter inputTextarea.getMaxlength on the server side, allowing an attacker to inject arbitrary Javascript into a victim's browser through the affected parameter...

6.1AI score

Exploits0

Veracode•added 2019/07/22 2:28 a.m.•11 views

Cross-Site Scripting (XSS)

ovidentia/ovidentia is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser through multiple parameters within the application...

5.4CVSS5.4AI score0.00768EPSS

Exploits5References2Affected Software1

NVD•added 2019/07/17 8:15 p.m.•12 views

CVE-2019-13493

In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript...

5.4CVSS5.2AI score0.00188EPSS

Exploits5References1

Cvelist•added 2019/07/17 7:10 p.m.•14 views

CVE-2019-13493

5.2AI score0.00188EPSS

Exploits5References1

CNVD•added 2019/07/16 12:0 a.m.•1 views

IBM InfoSphere Information Server Cross-Site Scripting Vulnerability (CNVD-2019-23521)

IBM InfoSphere Information Server is a set of data integration platforms from IBM in the United States. The platform can be used to integrate data information obtained from various sources. A cross-site scripting vulnerability exists in IBM InfoSphere Information Server, which can be exploited by...

6.2AI score

Exploits0References1

Veracode•added 2019/07/08 2:48 p.m.•21 views

Cross-site Scripting (XSS)

nifi-web-utils is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the request attribute value...

6.1CVSS5.9AI score0.0159EPSS

Exploits0References2Affected Software1

Veracode•added 2019/07/08 1:43 p.m.•36 views

Cross-Site Scripting (XSS)

apache tomcat is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the time parameter in sp/cal/cal2.jsp in the calendar application in the examples application...

4.3CVSS4.6AI score0.37304EPSS

Exploits1References46Affected Software2

Veracode•added 2019/07/08 12:28 p.m.•15 views

Cross-Site Scripting (XSS)

The mndpsingh287 file manager plugin is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the publicpath parameter in the wpfilemanagerroot page...

6.1CVSS6AI score0.00341EPSS

Exploits2References3Affected Software1

Veracode•added 2019/07/08 11:48 a.m.•13 views

Cross-Site Scripting (XSS)

uima-ducc-web is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via multiple parameters due to the lack of output encoding...

6.1CVSS6AI score0.03617EPSS

Exploits0References4Affected Software1

Veracode•added 2019/07/08 11:22 a.m.•25 views

Cross-Site Scripting (XSS)

geronimo is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the name, ip, username or description parameters in console/portal/Server/Monitoring, and PATHINFO parameter to the default URI under console/portal/...

4.3CVSS5.7AI score0.23675EPSS

Exploits2References8Affected Software2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by