CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

359 matches found

ATTACKERKB•added 2024/02/13 2:15 a.m.•0 views

CVE-2024-22128

SAP NWBC for HTML - versions SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPBASIS 700, SAPBASIS 701, SAPBASIS 702, SAPBASIS 731, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. An unauthenticated attacker can inject malicious javascript to...

6.1CVSS5.4AI score0.01258EPSS

Exploits0References3

OSV•added 2024/02/13 2:15 a.m.•0 views

CVE-2024-22128

6.1CVSS5.8AI score0.01258EPSS

Exploits0References2

Prion•added 2024/02/13 2:15 a.m.•13 views

Cross site scripting

SAP NWBC for HTML - versions SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, SAPBASIS 700, SAPBASIS 701, SAPBASIS 702, SAPBASIS 731, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. An unauthenticated attacker can inject malicious...

4CVSS6.2AI score0.01258EPSS

Exploits0References2

Positive Technologies•added 2024/02/12 12:0 a.m.•2 views

PT-2024-3898 · Sap · Sap Crm Webclient Ui

Name of the Vulnerable Software and Affected Versions: SAP CRM WebClient UI versions S4FND 102 through S4FND 106 SAP CRM WebClient UI versions WEBCUIF 701 through WEBCUIF 801 Description: The SAP CRM WebClient UI does not sufficiently encode user-controlled inputs, resulting in a Cross-Site...

4.1CVSS5.8AI score0.00222EPSS

Exploits0References7

Positive Technologies•added 2024/02/12 12:0 a.m.•1 views

PT-2024-4069 · Sap · Sap Nwbc For Html

Name of the Vulnerable Software and Affected Versions: SAP NWBC for HTML - versions SAP UI 754 through SAP UI 758 SAP NWBC for HTML - versions SAP BASIS 700 through SAP BASIS 702 SAP NWBC for HTML - version SAP BASIS 731 Description: The issue arises from insufficient encoding of user-controlled...

6.1CVSS5.7AI score0.01258EPSS

Exploits0References8

Github Security Blog•added 2024/02/08 6:46 p.m.•38 views

Rancher API Server Cross-site Scripting Vulnerability

Impact A vulnerability has been identified in which unauthenticated cross-site scripting XSS in the API Server's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely. The attack vector was identifi...

8.3CVSS6.1AI score0.00347EPSS

Exploits0References10Affected Software1

Vulnrichment•added 2024/01/26 10:18 a.m.•7 views

CVE-2024-23894 Cross-Site Scripting (XSS) vulnerability in Cups Easy

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/stockissuancecreate.php, in the issuancedate parameter. Exploitation of this...

8.2CVSS7.1AI score0.00051EPSS

Exploits0References1

NVD•added 2024/01/26 10:15 a.m.•7 views

CVE-2024-23889

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/itemgroupcreate.php, in the itemgroupid parameter. Exploitation of this...

8.2CVSS7.2AI score0.0007EPSS

Exploits0References1

NVD•added 2024/01/26 9:15 a.m.•10 views

CVE-2024-23860

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/currencylist.php, in the description parameter. Exploitation of this vulnerability...

8.2CVSS7.2AI score0.00051EPSS

Exploits0References1

Vulnrichment•added 2024/01/26 9:13 a.m.•2 views

CVE-2024-23874 Cross-Site Scripting (XSS) vulnerability in Cups Easy

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/companymodify.php, in the address1 parameter. Exploitation of this vulnerability...

8.2CVSS7.1AI score0.00051EPSS

Exploits0References1

NVD•added 2024/01/25 2:15 p.m.•12 views

CVE-2024-23855

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/taxcodemodify.php, in multiple parameters. Exploitation of this vulnerability coul...

8.2CVSS7.2AI score0.00051EPSS

Exploits0References1

OSV•added 2024/01/25 12:15 p.m.•4 views

CVE-2023-6282

IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, which creates a Cross-Site Scripting XSS vulnerability via /icehrm/app/fileuploadpage.php, in multiple parameters. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload and partially...

6.1CVSS5.7AI score

Exploits0References1

Vulnrichment•added 2024/01/25 11:37 a.m.•9 views

CVE-2023-6282 Cross-Site Scripting vulnerability in IceHrm

5.4CVSS5.9AI score0.00076EPSS

Exploits0References1

Positive Technologies•added 2024/01/25 12:0 a.m.•3 views

PT-2024-14924 · Ice Hrm · Ice Hrm

Name of the Vulnerable Software and Affected Versions: IceHrm version 23.0.0.OS Description: The issue arises from insufficient encoding of user-controlled input, leading to a Cross-Site Scripting XSS vulnerability. This vulnerability can be exploited via the /icehrm/app/fileupload page.php...

6.1CVSS5.9AI score0.00076EPSS

Exploits0References5

CNNVD•added 2024/01/25 12:0 a.m.•1 views

Cups Easy Cross-Site Scripting Vulnerability

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. A cross-site scripting vulnerability exists in Cups Easy version 1.0, which stems from insufficiently encoded user-controlled input that results in multiple parameters in...

8.2CVSS6.3AI score0.00051EPSS

Exploits0References2

OSV•added 2024/01/09 2:15 a.m.•0 views

CVE-2024-21738

SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation...

5.4CVSS5.8AI score

Exploits0References2

CNNVD•added 2024/01/09 12:0 a.m.•1 views

SAP NetWeaver ABAP Server 跨站脚本漏洞

SAP NetWeaver ABAP Server is a German SAP SAP company used as a Web application server for SAP products. A cross-site scripting vulnerability exists in SAP NetWeaver ABAP Server, which stems from a cross-site scripting XSS vulnerability due to insufficient encoding of user-controlled input. An...

5.4CVSS5.5AI score0.00198EPSS

Exploits0References3

OSV•added 2023/12/12 2:15 a.m.•0 views

CVE-2023-49577

The SAP HCM SMART PAYE solution - versions S4HCMCIE 100, SAPHRCIE 600, SAPHRCIE 604, SAPHRCIE 608, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and...

6.1CVSS5.8AI score

Exploits0References2

OSV•added 2023/11/30 2:15 p.m.•12 views

CVE-2023-6428

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/itemsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...

5.4CVSS5.9AI score

Exploits0References1

OSV•added 2023/11/30 2:15 p.m.•0 views

CVE-2023-6422

A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/patientsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking use...

5.4CVSS5.7AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by