CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

359 matches found

NVD•added 2024/05/14 4:17 p.m.•6 views

CVE-2024-34687

SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. An attacker can control code that is executed within a user’s browser, which could result in modification, deletion of data, includin...

9CVSS6.4AI score0.0013EPSS

Exploits0References2

CNNVD•added 2024/05/14 12:0 a.m.•1 views

SAP S/4 HANA 跨站脚本漏洞

SAP S/4 HANA is an intelligent, integrated ERP software for large enterprises from SAP, Germany. A cross-site scripting vulnerability exists in SAP S/4 HANA that stems from failure to adequately encode user-controlled inputs, resulting in a cross-site scripting XSS vulnerability...

6.1CVSS5.8AI score0.00182EPSS

Exploits0References4

CNNVD•added 2024/05/14 12:0 a.m.•1 views

SAP NetWeaver Application Server 跨站脚本漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server ABAP Platform, which stems from a cross-site scripting XSS vulnerability due to failure to adequately encode user-controlled input...

9CVSS5.5AI score0.0013EPSS

Exploits0References4

Positive Technologies•added 2024/05/14 12:0 a.m.•1 views

PT-2024-26107 · Sap · Sap Netweaver Application Server For Abap/Abap Platform

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server for ABAP and ABAP Platform affected versions not specified Description: The issue arises from insufficient encoding of user-controlled inputs, leading to a Cross-Site Scripting XSS issue. An attacker can execu...

6.5CVSS6.4AI score0.0013EPSS

Exploits0References3

NVD•added 2024/04/30 10:15 a.m.•6 views

CVE-2024-4337

Adive Framework 2.0.8, does not sufficiently encode user-controlled inputs, resulting in a persistent Cross-Site Scripting XSS vulnerability via the /adive/admin/nav/add, in multiple parameters. This vulnerability allows an attacker to retrieve the session details of an authenticated user...

7.6CVSS6.7AI score0.00168EPSS

Exploits0References1

Positive Technologies•added 2024/04/30 12:0 a.m.•4 views

PT-2024-30528 · Unknown · Adive Framework

Name of the Vulnerable Software and Affected Versions: Adive Framework version 2.0.8 Description: The issue is related to insufficient encoding of user-controlled inputs, resulting in a persistent Cross-Site Scripting XSS vulnerability. This vulnerability can be exploited via the...

7.6CVSS5.1AI score0.00168EPSS

Exploits0References7

CNNVD•added 2024/04/30 12:0 a.m.•2 views

Adive Framework 跨站脚本漏洞

Adive Framework is a PHP-based MySQL database management framework. A cross-site scripting vulnerability exists in Adive Framework version 2.0.8, which stems from a failure to adequately encode user-controlled input, leading to a cross-site scripting XSS vulnerability that allows an attacker to...

7.6CVSS5.6AI score0.00168EPSS

Exploits0References2

OSV•added 2024/03/18 2:15 p.m.•0 views

CVE-2024-2597

Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through /amssplus/modules/book/main/bookdetailschoolperson.php, in the 'bid' parameter. This vulnerability could allow a remote attacker to send a...

6.1CVSS5.8AI score0.00035EPSS

Exploits0References1

OSV•added 2024/03/18 2:15 p.m.•2 views

CVE-2024-2596

Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through /amssplus/modules/mail/main/selectsend.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially...

6.1CVSS5.8AI score0.00035EPSS

Exploits0References1

OSV•added 2024/03/18 2:15 p.m.•1 views

CVE-2024-2594

Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through /amssplus/admin/index.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an...

6.1CVSS5.8AI score

Exploits0References1

OSV•added 2024/03/18 2:15 p.m.•1 views

CVE-2024-2595

Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through /amssplus/modules/book/main/bookdetailkhetperson.php, in the 'bid' parameter. This vulnerability could allow a remote attacker to send a...

6.1CVSS5.8AI score

Exploits0References1

Vulnrichment•added 2024/03/18 2:1 p.m.•13 views

CVE-2024-2596 Cross-Site Scripting (XSS) in AMSS++

Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through /amssplus/modules/mail/main/selectsend.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially...

7.1CVSS5.9AI score0.00035EPSS

Exploits0References1

Positive Technologies•added 2024/03/18 12:0 a.m.•1 views

PT-2024-21243 · Amss++ · Amss++

Name of the Vulnerable Software and Affected Versions: AMSS++ version 4.31 Description: The issue is related to insufficient encoding of user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through the "/amssplus/modules/mail/main/select send.php" endpoint, in multiple...

7.1CVSS5.7AI score0.00035EPSS

Exploits0References6

Positive Technologies•added 2024/03/18 12:0 a.m.•2 views

PT-2024-21233 · Amss++ · Amss++

Name of the Vulnerable Software and Affected Versions: AMSS++ version 4.31 Description: The issue is related to insufficient encoding of user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability. This vulnerability can be exploited through the /amssplus/admin/index.php endpoint...

7.1CVSS6.2AI score0.00035EPSS

Exploits0References5

0day.today•added 2024/03/18 12:0 a.m.•260 views

WEBIGniter v28.7.23 - Stored XSS Vulnerability

Title: WEBIGniter v28.7.23 XSS Author: RedTeamer IT Security, Mesut Cetin Vendor: https://webigniter.net/ Software: https://webigniter.net/demo Reference: https://portswigger.net/web-security/cross-site-scripting/stored Description: During the user creation process, the 'yourname' parameter fails...

7.4AI score

Exploits0

Positive Technologies•added 2024/03/18 12:0 a.m.•2 views

PT-2024-21245 · Amss++ · Amss++

Name of the Vulnerable Software and Affected Versions: AMSS++ version 4.31 Description: The issue is related to insufficient encoding of user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability. This vulnerability can be exploited through the...

7.1CVSS5.8AI score0.00035EPSS

Exploits0References5

Positive Technologies•added 2024/03/18 12:0 a.m.•1 views

PT-2024-21239 · Amss++ · Amss++

Name of the Vulnerable Software and Affected Versions: AMSS++ version 4.31 Description: The issue is related to insufficient encoding of user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through the "/amssplus/modules/book/main/bookdetail khet person.php" API endpoint,...

7.1CVSS5.8AI score0.00035EPSS

Exploits0References6

Prion•added 2024/03/12 1:15 a.m.•36 views

Cross site scripting

Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - versions 7.89, 7.93, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. A successful attack can allow a malicious attacker to access and modify data through their ability to...

4.9CVSS5.4AI score0.00781EPSS

Exploits0References2

Positive Technologies•added 2024/03/11 12:0 a.m.•4 views

PT-2024-22122 · Sap · Sap Netweaver As Abap

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS ABAP versions 7.89, 7.93 Description: The issue is related to Cross-Site Scripting XSS due to insufficient encoding of user-controlled inputs in applications based on SAP GUI for HTML. This allows a malicious attacker to...

6.1CVSS6.2AI score0.00781EPSS

Exploits0References5

OSV•added 2024/02/13 3:15 a.m.•1 views

CVE-2024-24742

SAP CRM WebClient UI - version S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. An attacker wi...

4.1CVSS5.8AI score

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by