CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

335 matches found

CNNVD•added 2022/09/15 12:0 a.m.•2 views

EC-CUBE 跨站脚本漏洞

EC-CUBE is an open source e-commerce system from the Japanese company EC-CUBE. A security vulnerability exists in EC-CUBE versions 4.0.0 through 4.1.2, which stems from a DOM-based cross-site scripting vulnerability that could allow a remote attacker to execute arbitrary script on the...

5.4CVSS5.4AI score0.00217EPSS

Exploits0References4

ATTACKERKB•added 2022/08/09 12:15 p.m.•0 views

CVE-2022-2729

Cross-site Scripting XSS - DOM in GitHub repository openemr/openemr prior to 7.0.0.1...

5.4CVSS6.1AI score0.03478EPSS

Exploits1References3

Positive Technologies•added 2022/08/09 12:0 a.m.•2 views

PT-2022-4147 · Siemens · Scalance W-700 +9

Name of the Vulnerable Software and Affected Versions: SCALANCE M-800 / S615 versions prior to V2.3.1 SCALANCE SC-600 family versions prior to V2.3.1 SCALANCE W-1700 IEEE 802.11ac family versions prior to V2.3.1 SCALANCE W-700 IEEE 802.11ax family versions prior to V2.3.1 SCALANCE W-700 IEEE...

9CVSS5.4AI score0.00434EPSS

Exploits0References4

OSV•added 2021/08/03 4:15 p.m.•0 views

CVE-2021-21576

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link...

6.1CVSS6.3AI score

Exploits0References1

OSV•added 2021/08/03 4:15 p.m.•0 views

CVE-2021-21577

6.1CVSS6.3AI score

Exploits0References1

CNNVD•added 2021/05/19 12:0 a.m.•2 views

BMC Remedy Mid Tier 9.1SP3 跨站脚本漏洞

BMC Software BMC Remedy 9.1SP3 is an application from BMC Software, Inc. It provides off-the-shelf IT Information Library ITIL service support functionality. A cross-site scripting vulnerability exists in BMC Remedy Mid Tier 9.1SP3, which stems from a dom-based cross-site scripting vulnerability...

6.1CVSS5.9AI score0.00465EPSS

Exploits0References4

Positive Technologies•added 2021/05/11 12:0 a.m.•2 views

PT-2021-3404 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.2 and earlier Magento versions 2.4.1-p1 and earlier Magento versions 2.3.6-p1 and earlier Description: The issue is related to a DOM-based Cross-Site Scripting vulnerability on mage-messages cookies. Successful exploitati...

6.9CVSS5.2AI score0.23863EPSS

Exploits0References10

RedHat Linux•added 2021/03/23 4:57 p.m.•2 views

pki-core: XSS in the certificate search results

A flaw was found in pki-core. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting XSS attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity...

6.1CVSS6.3AI score0.00364EPSS

Exploits1References4

Gitee•added 2021/01/24 7:1 p.m.•1 views

XSS_Bypass_Payload

It is an offensive tool for XSS. The repository contains a collection of XSS bypass payloads, which are used to exploit vulnerabilities in web applications to inject malicious code. The payloads are designed to bypass various security measures, such as Content Security Policy CSP and XSS filters...

7.6AI score

Exploits0

OSV•added 2020/09/03 3:50 p.m.•0 views

GHSA-F8RQ-M28H-8HXJ Cross-Site Scripting in htmr

Versions of htmr prior to 0.8.7 are vulnerable to Cross-Site Scripting XSS. The package uses innerHTML to unescape HTML entities. This may lead to DOM-based XSS through HTML-encoded XSS payloads. This may allow an attacker to execute arbitrary JavaScript in a victim's browser. Recommendation...

6.1AI score

Exploits0References2

OSV•added 2019/09/11 11:2 p.m.•0 views

GHSA-536Q-8GXX-M782 Cross-Site Scripting in dojo

Versions of dojo prior to 1.4.2 are vulnerable to DOM-based Cross-Site Scripting XSS. The package does not sanitize URL parameters in the testCommon.js and runner.html test files, allowing attackers to execute arbitrary JavaScript in the victim's browser. Recommendation Upgrade to version 1.4.2 o...

4.3CVSS7.4AI score0.43247EPSS

Exploits1References19

Japan Vulnerability Notes•added 2019/07/05 6:28 a.m.•1 views

Multiple vulnerabilities in Access analysis CGI An-Analyzer

Overview Access analysis CGI An-Analyzer provided by ANGLERSNET Co,.Ltd. contains multiple vulnerabilities listed below. OS command injection in the Management Page CWE-78 - CVE-2019-5987 Stored cross-site scripting in the Management Page CWE-79 - CVE-2019-5988 DOM-based cross-site scripting in t...

9CVSS7AI score0.01859EPSS

Exploits3References13

CNVD•added 2018/05/18 12:0 a.m.•0 views

DOM-type cross-site scripting vulnerabilities in the front-end of Xingyunhai CMS (XYHcms)

Xing Yunhai CMS XYHcms is a completely open source CMS content management system. Xing Yunhai CMS XYHcms front-end DOM-type cross-site scripting vulnerabilities. Attackers can use the vulnerability to insert js code in the packet to obtain user cookies and other information...

6.5AI score

Exploits0

OSV•added 2017/08/29 8:29 p.m.•1 views

CVE-2017-3152

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality...

6.1CVSS5.8AI score

Exploits0References2

OSV•added 2017/01/24 7:59 a.m.•0 views

CVE-2017-2929

Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a DOM-based cross-site scripting vulnerability. Successful exploitation could lead to JavaScript code execution...

6.1CVSS5.8AI score0.06126EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by