CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Exploit DB•added 2019/02/18 12:0 a.m.•37 views

Apache CouchDB 2.3.0 - Cross-Site Scripting

Exploit Title: Apache CouchDB 2.3.0 | Cross-Site Scripting Date: 17.02.2019 Exploit Author: Ozer Goker Vendor Homepage: http://couchdb.apache.org Software Link: http://couchdb.apache.org/download Version: 2.3.0 Introduction A CouchDB server hosts named databases, which store documents. Each...

7.4AI score

Exploit DB•added 2019/02/18 12:0 a.m.•70 views

ArangoDB Community Edition 3.4.2-1 - Cross-Site Scripting

Exploit Title: ArangoDB Community Edition 3.4.2-1 | Cross-Site Scripting Date: 17.02.2019 Exploit Author: Ozer Goker Vendor Homepage: https://www.arangodb.com Software Link: https://www.arangodb.com/download-major/ Version: 3.4.2-1 Introduction ArangoDB is a native multi-model, open-source databa...

7.4AI score

exploitpack•added 2019/02/13 12:0 a.m.•13 views

Rukovoditel Project Management CRM 2.4.1 - Cross-Site Scripting

Rukovoditel Project Management CRM 2.4.1 - Cross-Site Scripting Exploit Title : Rukovoditel Project Management CRM 2.4.1 - XSS Vulnerability DOM BASED Author Discovered By : Mehmet EMIROGLU Date : 29/01/2019 Vendor Homepage : https://www.rukovoditel.net/ Software Link :...

0.1AI score

Hacker One•added 2019/01/29 1:56 p.m.•15 views

Rockstar Games: Dom based xss on /reddeadredemption2/br/videos

In this report, the researcher identified a DOM-based XSS vulnerability affecting localized versions of the Red Dead Redemption 2 video viewer on our website, e.g. www.rockstargames.com/reddeadredemption2/br/videos. This affected all major modern browsers, and could have been used for cookie or...

3.4AI score

Veracode•added 2019/01/15 9:11 a.m.•25 views

Cross-site Scripting (XSS)

python-django-horizon is vulnerable to cross-site scripting XSS. A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a...

5.4CVSS4.9AI score0.02075EPSS

Exploits0References15Affected Software1

Hacker One•added 2019/01/15 12:53 a.m.•13 views

Rockstar Games: DOM BASED XSS ON https://www.rockstargames.com/GTAOnline/features

In this report, the researcher identified a DOM-based Cross-Site Scripting vulnerability under the GTAOnline section of the main site. This could have left to theft of cookies if left unresolved. Interestingly, a core factor in this vulnerability was a regression of a previously identified and...

0.7AI score

Tenable Nessus•added 2018/11/19 12:0 a.m.•31 views

VMware vRealize Automation 7.0.x / 7.1.x / 7.2.x / 7.3.x < 7.3.1 DOM-based XSS Vulnerability (VMSA-2018-0009)

The version of VMware vRealize Automation installed on the remote host is 7.0.x, 7.1.x, 7.2.x, or 7.3.x 7.3.1. It is, therefore, affected by vulnerability that may allow for a DOM-based cross-site scripting XSS attack. Exploitation of this issue may lead to the compromise of the vRA user's...

6.1CVSS6.9AI score0.01084EPSS

Exploits0References2

NVD•added 2018/11/14 3:29 p.m.•13 views

CVE-2018-6076

Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page...

6.1CVSS6.3AI score0.01159EPSS

Exploits0References5

UbuntuCve•added 2018/11/14 3:29 p.m.•21 views

CVE-2018-6076

Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page...

6.1CVSS6.9AI score0.01159EPSS

Exploits0References2

Prion•added 2018/11/14 3:29 p.m.•14 views

Design/Logic Flaw

Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page...

4.3CVSS6.1AI score0.01159EPSS

Exploits0References5Affected Software5

Cvelist•added 2018/11/14 3:0 p.m.•21 views

CVE-2018-6076

Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page...

6.2AI score0.01159EPSS

Exploits0References5

CVE•added 2018/11/14 3:0 p.m.•135 views

CVE-2018-6076

CVE-2018-6076 affects Google Chrome (Blink) where URL fragment identifiers were not encoded correctly, enabling a remote attacker to trigger a DOM-based XSS via a crafted HTML page. Concrete details in connected records place the vulnerable component in Blink/Chrome prior to version 65.0.3325.146...

6.1CVSS6AI score0.01159EPSS

Exploits0References5Affected Software1

Tenable Nessus•added 2018/11/05 12:0 a.m.•28 views

WordPress 4.7.x < 4.7.5 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A DOM-based cross-site scripting XSS vulnerability exists in the uploadSizeError function within file wp-includes/js/plupload/handlers.js when handling overly large file...

Tenable Nessus•added 2018/11/05 12:0 a.m.•38 views

WordPress 4.4.x < 4.4.10 Multiple Vulnerabilities

Tenable Nessus•added 2018/11/05 12:0 a.m.•37 views

WordPress 3.7.x < 3.7.21 Multiple Vulnerabilities

Tenable Nessus•added 2018/11/05 12:0 a.m.•38 views

WordPress 4.5.x < 4.5.9 Multiple Vulnerabilities

Tenable Nessus•added 2018/11/05 12:0 a.m.•31 views

WordPress 4.1.x < 4.1.18 Multiple Vulnerabilities