CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3221 matches found

Veracode•added 2018/08/30 8:37 a.m.•7 views

Cross-site Scripting (XSS)

EWSoftware.SHFB is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize parameters passed through the URL, allowing a malicious user to inject and execute arbitrary Javascript...

6.1AI score

Exploits0

CNVD•added 2018/08/28 12:0 a.m.•1 views

Pimcore Cross-Site Scripting Vulnerability

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. A cross-site scripting vulnerability exists in...

5.4CVSS5.6AI score0.00006EPSS

Exploits5References1

Veracode•added 2018/08/21 1:57 a.m.•9 views

Cross-Site Scripting (XSS)

marked is vulnerable to cross-site scripting XSS. The HTML output of the demo page is not sanitized and allows remote attackers to inject arbitrary Javascript code into a victim's browser...

6.3AI score

Exploits0

OSV•added 2018/08/16 1:29 p.m.•0 views

CVE-2018-1715

IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

5.4CVSS5.4AI score

Exploits0References2

Veracode•added 2018/08/08 12:45 p.m.•7 views

Cross-site Scripting (XSS)

primefaces is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize the filename when a file is uploaded, allowing a malicious user to inject and execute arbitrary Javascript...

6.1AI score

Exploits0

Prion•added 2018/08/07 1:29 p.m.•16 views

Cross site scripting

IBM Rhapsody Model Manager 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145510...

3.5CVSS5.1AI score0.00182EPSS

Exploits0References2Affected Software1

0day.today•added 2018/08/06 12:0 a.m.•57 views

LAMS < 3.1 - Cross-Site Scripting Vulnerability

Exploit for java platform in category web applications Exploit Title: LAMS 3.1 - Cross-Site Scripting Exploit Author: Nikola Kojic Website: https://ras-it.rs/ Vendor Homepage: https://www.lamsfoundation.org/ Software Link: https://www.lamsfoundation.org/downloadshome.htm Category: Web Application...

4.3CVSS6.4AI score0.0068EPSS

Exploits3

Veracode•added 2018/07/24 2:28 a.m.•17 views

Cross-site Scripting (XSS)

tomee-webapp is vulnerable to cross-site scripting XSS attacks. The library does not properly handle URLs, allowing a malicious user to inject and execute arbitrary Javascript through it...

6.1CVSS6AI score0.02255EPSS

Exploits0References3Affected Software1

OSV•added 2018/07/19 2:29 p.m.•0 views

CVE-2018-1529

IBM Rational DOORS Next Generation 5.0 through 5.0.2, 6.0 through 6.0.5 and IBM Rational Requirements Composer 5.0 through 5.0.2 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...

5.4CVSS5.4AI score

Exploits0References3

Prion•added 2018/07/10 4:29 p.m.•14 views

Cross site scripting

IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

3.5CVSS5.1AI score0.00182EPSS

Exploits0References2Affected Software1

NVD•added 2018/07/10 4:29 p.m.•8 views

CVE-2017-1791

5.4CVSS5.2AI score0.00182EPSS

Exploits0References2

OSV•added 2018/07/10 4:29 p.m.•0 views

CVE-2018-1396

5.4CVSS5.4AI score

Exploits0References2

Veracode•added 2018/07/05 5:21 a.m.•13 views

Cross-site Scripting (XSS)

buttle is vulnerable to cross-site scripting XSS attacks. The library does not sanitize filenames, allowing a malicious user to inject and execute arbitrary Javascript using a iframe tag as a filename...

6.1CVSS6AI score0.00266EPSS

Exploits0References2Affected Software1

Prion•added 2018/07/03 7:29 p.m.•14 views

Cross site scripting

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...

3.5CVSS5.1AI score0.00175EPSS

Exploits0References2Affected Software2

Palo Alto Networks•added 2018/06/29 12:0 a.m.•6 views

Cross-Site Scripting (XSS) in PAN-OS Management Web Interface

A Cross-Site Scripting XSS vulnerability exists in the PAN-OS session browser. Ref. PAN-93244; CVE-2018-9335 Successful exploitation of this issue may allow an attacker to inject arbitrary JavaScript or HTML. An attacker would need to successfully authenticate prior to exploiting this issue. This...

5.4CVSS5.8AI score0.00355EPSS

Exploits0References1

CNVD•added 2018/06/28 12:0 a.m.•2 views

Galaxy server cross-site scripting vulnerability

Galaxy is a web-based open source system for accessing, reproducing, and analyzing biomedicine. galaxy server is one of the servers. A cross-site scripting vulnerability exists in multiple templates of the Galaxy server in Galaxy version 14.10, which stems from the program failing to properly...

6.1CVSS6.2AI score0.00497EPSS

Exploits0References1

OSV•added 2018/06/26 4:29 p.m.•1 views

DEBIAN-CVE-2018-1000557

OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting XSS vulnerability in login form and search functionality that can result in An attacker is able to execute arbitrary javascript code within a victims' browser. This attack appear to be exploitable via Victim mus...

6.1CVSS6.4AI score0.00301EPSS

Exploits1References1

Prion•added 2018/06/26 4:29 p.m.•12 views

Cross site scripting

The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability in Many templates used in the Galaxy server did not properly sanitize user's input, which would allow for cross-site scripting XSS attacks. In this form of attack,...

4.3CVSS6.3AI score0.00497EPSS

Exploits0References1Affected Software1

IBM Security Bulletins•added 2018/06/17 3:46 p.m.•18 views

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server affect IBM Spectrum Protect for Workstations (formerly Tivoli Storage Manger FastBack for Workstations) Central Administration Console (CVE-2017-1380, CVE-2017-1381)

Summary Vulnerabilities in IBM WebSphere Application Server affect IBM Spectrum Protect for Workstations formerly Tivoli Storage Manager FastBack for Workstations Central Administration Console can allow users to embed arbitrary JavaScript code in the Web UI or allow a local attacker to obtain...

5.4CVSS0.9AI score0.00403EPSS

Exploits0Affected Software2

IBM Security Bulletins•added 2018/06/17 5:22 a.m.•46 views

Security Bulletin: Cross-site Scripting vulnerabilities affect IBM Rational products based on IBM Jazz technology

Summary Potential Cross-site scripting vulnerabilities affect the following IBM Rational Products: Rational Engineering Lifecycle Manager RELM, Rational Rhapsody Design Manager Rhapsody DM Vulnerability Details CVEID: CVE-2016-8975 DESCRIPTION: IBM Rhapsody DM and IBM Rational Engineering Lifecyc...

5.4CVSS0.7AI score0.00269EPSS

Exploits0Affected Software2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by