CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

451 matches found

CNVD•added 2020/03/19 12:0 a.m.•3 views

pki-core cross-site scripting vulnerability

pki-core is a library that provides an API for PKI operations. A cross-site scripting vulnerability exists in the Token Processing Service TPS of pki-core. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker could exploit the...

6.1CVSS6.4AI score0.00961EPSS

Exploits0

CNVD•added 2020/03/19 12:0 a.m.•1 views

Fortinet FortiWeb Cross-Site Scripting Vulnerability (CNVD-2020-21071)

Fortinet FortiWeb is a Web application layer firewall from the U.S. company Fita Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks to ensure the security of Web applications and protect sensitive database content. A...

5.4CVSS6.8AI score0.00803EPSS

Exploits0

CNVD•added 2020/03/17 12:0 a.m.•3 views

WordPress popup-builder cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Sygnoos Popup Builder is one of the popup plugins used in it. A cross-site scripting vulnerability exists in WordPress popup-builder...

6.1CVSS6.2AI score0.01421EPSS

Exploits1

CNVD•added 2020/03/17 12:0 a.m.•2 views

Wyse Management Suite Cross-Site Scripting Vulnerability

Wyse Management Suite WMS is a scalable solution for managing and optimizing Wyse endpoints from Dell, USA. The product includes centralized management of Wyse endpoints, asset tracking and automated device discovery. A cross-site scripting vulnerability exists in Wyse Management Suite versions...

6.4CVSS6.3AI score0.00672EPSS

Exploits0References1

CNVD•added 2020/03/13 12:0 a.m.•4 views

WordPress RegistrationMagic Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.RegistrationMagic is a user registration plugin used in it. A cross-site scripting vulnerability exists in WordPress RegistrationMagic...

6.1CVSS6.2AI score0.01353EPSS

Exploits2

CNVD•added 2020/03/13 12:0 a.m.•2 views

Chadha Software Technologies PHPKB Standard Multi-Language Cross-Site Scripting Vulnerability (CNVD-2020-17951)

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A cross-site scripting vulnerability exists in the way URIs are handled in the admin/header.php file in Chadha Software Technologies...

4.8CVSS6.4AI score0.00733EPSS

Exploits1References1

CNVD•added 2020/03/13 12:0 a.m.•1 views

Chadha Software Technologies PHPKB Standard Multi-Language Cross-Site Scripting Vulnerability (CNVD-2020-17953)

4.8CVSS6.4AI score0.00733EPSS

Exploits1References1

CNVD•added 2020/03/13 12:0 a.m.•3 views

Chadha Software Technologies PHPKB Standard Multi-Language Cross-Site Scripting Vulnerability (CNVD-2020-17957)

4.8CVSS6.4AI score0.00611EPSS

Exploits1References1

CNVD•added 2020/03/09 12:0 a.m.•1 views

Apache OFBiz Cross-Site Scripting Vulnerability (CNVD-2020-16521)

Apache OFBiz is the United States Apache Apache Software Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. A cross-site scripting vulnerability exists in Apache OFBiz. The vulnerability stems from the WEB...

6.1CVSS6.4AI score0.97253EPSS

Exploits0References1

CNVD•added 2020/03/04 12:0 a.m.•2 views

Mozilla Bleach Cross-Site Scripting Vulnerability

Mozilla Bleach is an HTML cleanup library from the Mozilla Foundation in the United States. A cross-site scripting vulnerability exists in Mozilla Bleach versions prior to 3.11. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can...

6.1CVSS8.9AI score0.01688EPSS

Exploits1References1

CNVD•added 2020/02/28 12:0 a.m.•1 views

Selesta Visual Access Manager Cross-Site Scripting Vulnerability (CNVD-2020-14669)

Selesta Visual Access Manager VAM is the Selesta Visual Access Manager. A cross-site scripting vulnerability exists in Selesta Visual Access Manager VAM versions 4.15.0 through 4.29. The vulnerability stems from a lack of proper validation of client data by the web application. An attacker can...

5.4CVSS6.4AI score0.00856EPSS

Exploits1References1

CNVD•added 2020/02/25 12:0 a.m.•2 views

DNN cross-site scripting vulnerability (CNVD-2020-13479)

DNN also known as DotNetNuke is a set of U.S. DNN by Microsoft support , based on the ASP.NET platform for open source content management system CMS. The system is easy to install , scalable , feature-rich and so on. DNN 9.4.4 and previous versions of cross-site scripting vulnerability. The...

5.4CVSS6.3AI score0.00881EPSS

Exploits2References1

CNVD•added 2020/02/23 12:0 a.m.•1 views

Western Digital My Cloud Cross-Site Scripting Vulnerability

Western Digital My Cloud is a personal cloud storage device from Western Digital. A cross-site scripting vulnerability exists in Western Digital mycloud.com Web version versions prior to 2.2.0-134. The vulnerability stems from the WEB application lacking proper validation of client data. An...

6.1CVSS6.3AI score0.00865EPSS

Exploits0References1

CNVD•added 2020/02/18 12:0 a.m.•4 views

Serendipity freetag cross-site scripting vulnerability

Serendipity is a PHP-based blogging system from the Serendipity team. The system supports the creation of online journals, blogs, web pages and more. A cross-site scripting vulnerability exists in Serendipity freetag plugin versions prior to 3.30. The vulnerability stems from a lack of proper...

6.1CVSS6.4AI score0.01222EPSS

Exploits1References1

CNVD•added 2020/02/17 12:0 a.m.•1 views

Nextcloud iOS Cross-Site Scripting Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A cross-site scripting vulnerability exists in Nextcloud iOS. The vulnerability stems from a lack of proper validation of client-side data by the web...

5.4CVSS6.4AI score0.00783EPSS

Exploits0References1

CNVD•added 2020/02/17 12:0 a.m.•2 views

Pandora FMS Cross-Site Scripting Vulnerability (CNVD-2020-10481)

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A cross-site scripting vulnerability exists in Pandora FMS version 742. The vulnerability stems from a lack of proper...

5.4CVSS6.4AI score0.00804EPSS

Exploits1References1

CNVD•added 2020/02/17 12:0 a.m.•2 views

Bludit Cross-Site Scripting Vulnerability (CNVD-2020-13197)

Bludit is an open source, lightweight blog content management system CMS. A cross-site scripting vulnerability exists in Bludit version 3.10.0. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit the vulnerability to execute...

5.4CVSS6.4AI score0.00606EPSS

Exploits1References1

CNVD•added 2020/02/14 12:0 a.m.•1 views

Wowza Streaming Engine Code Execution Vulnerability

Wowza Streaming Engine is a streaming media server software from Wowza Media Systems. The program supports live streaming, VOD, online video chat, and remote recording. A security vulnerability exists in Wowza Streaming Engine. The vulnerability stems from the lack of proper validation of client...

7.8CVSS7.2AI score0.00451EPSS

Exploits1References1

CNVD•added 2020/02/12 12:0 a.m.•3 views

Apache NiFi Cross-Site Scripting Vulnerability (CNVD-2020-04926)

Apache NiFi is a data-flow based data processing and distribution system of the Apache Apache Software Foundation, USA. The system supports the configuration and transformation of data routing indicator maps and system intermediary logic. A cross-site scripting vulnerability exists in Apache NiFi...

6.1CVSS6.4AI score0.02813EPSS

Exploits0References1

CNVD•added 2020/02/12 12:0 a.m.•2 views

ASUS WRT-AC66U Cross-Site Scripting Vulnerability (CNVD-2020-04914)

The ASUS WRT-AC66U is a product of Asus Taiwan, China. A cross-site scripting vulnerability exists in the ASUS WRT-AC66U. The vulnerability stems from the lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side code...

6.1CVSS6.4AI score0.007EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by