CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

57680 matches found

Jira < 8.1.1 - Cross-Site Scripting

Jira before 8.1.1 contains a cross-site scripting vulnerability via ConfigurePortalPages.jspa resource in the searchOwnerUserName parameter. id: CVE-2019-3402 info: name: Jira 8.1.1 - Cross-Site Scripting author: pdteam severity: medium description: | Jira before 8.1.1 contains a cross-site...

6.1CVSS6.2AI score0.03358EPSS

Exploits0References5

Nuclei•added 16 hours ago•20 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /admin/ssl-fields/add.php Display Name, Description & Notes field parameters. id: CVE-2018-19751 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 contains...

4.8CVSS6AI score0.00236EPSS

Exploits6References4

Nuclei•added 16 hours ago•58 views

Gogs <= 0.13.3 - Remote Code Execution

Gogs self-hosted Git service versions 0.13.3 and earlier contain a critical symlink bypass vulnerability that circumvents the fix for CVE-2024-55947. Authenticated users can exploit improper symbolic link handling in the PutContents API to overwrite files outside the repository by committing a...

8.8CVSS7.7AI score0.75675EPSS

Exploits17References4

Nuclei•added 16 hours ago•29 views

Microweber < 1.2.17 - Cross-Site Scripting

Cross-site Scripting XSS vulnerability in the /demo/editortools/module endpoint via the 'type' parameter. id: CVE-2022-2130 info: name: Microweber 1.2.17 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Cross-site Scripting XSS vulnerability in the...

6.5CVSS6.5AI score0.43672EPSS

Exploits1References2

Nuclei•added 16 hours ago•22 views

SolarView 6.00 - Remote Command Execution

SolarView Compact 6.00 is vulnerable to a command injection via networktest.php. id: CVE-2022-40881 info: name: SolarView 6.00 - Remote Command Execution author: For3stCo1d severity: critical description: | SolarView Compact 6.00 is vulnerable to a command injection via networktest.php. impact: |...

9.8CVSS7.3AI score0.93672EPSS

Exploits2References5

Nuclei•added 16 hours ago•20 views

CandidATS 3.0.0 - Cross-Site Scripting

CandidATS 3.0.0 contains a cross-site scripting vulnerability via the page parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

6.1CVSS6.4AI score0.02714EPSS

Exploits1References5

Nuclei•added 16 hours ago•22 views

Fortra FileCatalyst Workflow <= v5.1.6 - SQL Injection

A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this...

9.8CVSS7.6AI score0.87417EPSS

Exploits5References4

Nuclei•added 16 hours ago•22 views

Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting

Tiki Wiki CMS Groupware 7.0 is vulnerable to cross-site scripting via the GET "ajax" parameter to snarfajax.php. id: CVE-2011-4336 info: name: Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting author: pikpikcu severity: medium description: Tiki Wiki CMS Groupware 7.0 is vulnerable to cross-site...

6.1CVSS6.2AI score0.00927EPSS

Exploits1References3

Nuclei•added 16 hours ago•61 views

WSO2 Carbon Management Console <=5.10 - Cross-Site Scripting

WSO2 Management Console through 5.10 is susceptible to reflected cross-site scripting which can be exploited by tampering a request parameter in Management Console. This can be performed in both authenticated and unauthenticated requests. id: CVE-2020-17453 info: name: WSO2 Carbon Management...

6.1CVSS6.2AI score0.57847EPSS

Exploits2References5

Nuclei•added 16 hours ago•24 views

Xinuo Openserver 5/6 - Cross-Site scripting

Xinuo formerly SCO Openserver versions 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section' and is vulnerable to reflected cross-site scripting. id: CVE-2020-25495 info: name: Xinuo Openserver 5/6 - Cross-Site scripting author: 0xAkoko severity:...

6.1CVSS6.2AI score0.01051EPSS

Exploits3References5

Nuclei•added 16 hours ago•72 views

H3C SSL VPN <=2022-07-10 - Cross-Site Scripting

H3C SSL VPN 2022-07-10 and prior contains a cookie-based cross-site scripting vulnerability in wnm/login/login.json svpnlang. id: CVE-2022-35416 info: name: H3C SSL VPN =2022-07-10 - Cross-Site Scripting author: 0x240x23elu severity: medium description: | H3C SSL VPN 2022-07-10 and prior contains...

6.1CVSS6.2AI score0.06631EPSS

Exploits1References5

Nuclei•added 16 hours ago•51 views

InstaWP Connect < 0.1.0.86 - Local PHP File Inclusion

The InstaWP Connect - 1-click WP Staging & Migration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.1.0.85 via the 'instawp-database-manager' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files ...

8.1CVSS7.9AI score0.07369EPSS

Exploits0References3

Nuclei•added 16 hours ago•22 views

WordPress Japanized for WooCommerce <2.5.8 - Cross-Site Scripting

WordPress Japanized for WooCommerce plugin before 2.5.8 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This...

6.1CVSS6.9AI score0.21417EPSS

Exploits2References3

Nuclei•added 16 hours ago•23 views

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

5.4CVSS5.9AI score0.02329EPSS

Exploits1References2

Nuclei•added 16 hours ago•19 views

Zend Server <9.13 - Cross-Site Scripting

Zend Server before version 9.13 is vulnerable to cross-site scripting via the debughost parameter. id: CVE-2018-10230 info: name: Zend Server 9.13 - Cross-Site Scripting author: marcosiaf severity: medium description: | Zend Server before version 9.13 is vulnerable to cross-site scripting via the...

6.1CVSS6.2AI score0.03364EPSS

Exploits0References4

Nuclei•added 16 hours ago•35 views

XWiki < 4.10.15 - Email Disclosure

The Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for objcontent:email using XWiki's regular search interface. id: CVE-2023-50720 info: name: XWiki 4.10.15 - Email Disclosure author:...

5.3CVSS6AI score0.49722EPSS

Exploits0References2

Nuclei•added 16 hours ago•50 views

HPE Edgeline Infrastructure Manager <1.22 - Authentication Bypass

HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22 contains an authentication bypass vulnerability which could be remotely exploited to bypass remote authentication and possibly lead to execution of arbitrary commands, gaining...

10CVSS7.5AI score0.89853EPSS

Exploits1References5

Nuclei•added 16 hours ago•25 views

OpenCATS 0.9.6 - Cross-Site Scripting

OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the joborderID parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch...

6.1CVSS6.4AI score0.01677EPSS

Exploits2References5

Nuclei•added 16 hours ago•18 views

SmarterTools SmarterTrack - Cross-Site Scripting

Cross-site Scripting XSS vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. id: CVE-2022-24384 info: name: SmarterTools SmarterTrack - Cross-Site Scripting author: E1A severity: medium description: | Cross-site Scripting XSS vulnerability in...

8.8CVSS6.4AI score0.4803EPSS

Exploits0References2

Nuclei•added 16 hours ago•23 views

kkFileView 4.1.0 - Cross-Site Scripting

kkFileView 4.1.0 contains multiple cross-site scripting vulnerabilities via the errorMsg parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and...

6.1CVSS6.4AI score0.02352EPSS

Exploits1References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by