Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5782 matches found

Veeam
Veeamadded 2018/12/24 12:0 a.m.10 views

Veeam Explorer for Microsoft Exchange Javascript Execution Vulnerability

Challenge The vulnerability allows execution of arbitrary code in emails containing inline Javascript. NOTE: This has been corrected in Veeam Backup for MIcrosoft Office 365 version 3 and Veeam Backup & Replication version U4a. Cause The affected component is Veeam Explorer for Microsoft Exchange...

7.1AI score
Exploits0
CNVD
CNVDadded 2018/12/24 12:0 a.m.0 views

LimeSurvey cross-site scripting vulnerability (CNVD-2018-26471)

LimeSurvey formerly known as PHPSurveyor is a set of open source online survey program developed by the LimeSurvey team, which supports survey program development, questionnaire distribution and data collection. A cross-site scripting vulnerability exists in LimeSurvey. A remote attacker can...

6.1CVSS6.5AI score0.00408EPSS
Exploits0References1
OSV
OSVadded 2018/12/21 11:29 p.m.12 views

CVE-2018-20322

LimeSurvey version 3.15.5 contains a Cross-site scripting XSS vulnerability in Survey Resource zip upload, resulting in Javascript code execution against LimeSurvey administrators. Fixed in version 3.15.6...

6.1CVSS6.4AI score
Exploits0References2
CVE
CVEadded 2018/12/21 10:0 p.m.40 views

CVE-2018-20322

LimeSurvey 3.15.5 contains a cross-site scripting (XSS) vulnerability in the Survey Resource ZIP upload, allowing potentially executable JavaScript against LimeSurvey administrators. The issue is caused by insufficient input sanitization during ZIP upload of survey resources. The vulnerability is...

6.1CVSS6.3AI score0.00408EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessusadded 2018/12/21 12:0 a.m.25 views

Foxit PhantomPDF < 7.3.13 Multiple Vulnerabilities

According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 7.3.13. It is, therefore, affected by multiple vulnerabilities: - Unauthorized javascript execution when disabled. - Arbitrary Write supporting remote code...

5.9AI score
Exploits0References1
OSV
OSVadded 2018/12/20 10:1 p.m.12 views

GHSA-J5RJ-G695-342R Fat Free CRM vulnerable to Cross-site Scripting

FatFreeCRM version =0.15.0 =0.16.0 =0.17.0 =0.17.2, and ==0.18.0 contains a Cross Site Scripting XSS vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appears to be exploitable via Content with Javascript payload will be executed...

6.1CVSS6.1AI score0.00436EPSS
Exploits0References7
Github Security Blog
Github Security Blogadded 2018/12/20 10:1 p.m.30 views

Fat Free CRM vulnerable to Cross-site Scripting

FatFreeCRM version =0.15.0 =0.16.0 =0.17.0 =0.17.2, and ==0.18.0 contains a Cross Site Scripting XSS vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appears to be exploitable via Content with Javascript payload will be executed...

6.1CVSS6AI score0.00436EPSS
Exploits0References7Affected Software1
NVD
NVDadded 2018/12/20 5:29 p.m.12 views

CVE-2018-1000868

WeBid version up to current version 1.2.2 contains a Cross Site Scripting XSS vulnerability in userlogin.php, register.php that can result in Javascript execution in the user's browser, injection of malicious markup into the page. This attack appear to be exploitable via The victim user must clic...

6.1CVSS6.3AI score0.00482EPSS
Exploits1References3
Prion
Prionadded 2018/12/20 5:29 p.m.11 views

Cross site scripting

WeBid version up to current version 1.2.2 contains a Cross Site Scripting XSS vulnerability in userlogin.php, register.php that can result in Javascript execution in the user's browser, injection of malicious markup into the page. This attack appear to be exploitable via The victim user must clic...

4.3CVSS6.3AI score0.00482EPSS
Exploits1References3Affected Software1
OSV
OSVadded 2018/12/20 5:29 p.m.14 views

CVE-2018-1000868

WeBid version up to current version 1.2.2 contains a Cross Site Scripting XSS vulnerability in userlogin.php, register.php that can result in Javascript execution in the user's browser, injection of malicious markup into the page. This attack appear to be exploitable via The victim user must clic...

6.1CVSS6.3AI score
Exploits0References3
Cvelist
Cvelistadded 2018/12/20 5:0 p.m.12 views

CVE-2018-1000868

WeBid version up to current version 1.2.2 contains a Cross Site Scripting XSS vulnerability in userlogin.php, register.php that can result in Javascript execution in the user's browser, injection of malicious markup into the page. This attack appear to be exploitable via The victim user must clic...

6.3AI score0.00482EPSS
Exploits1References3
OSV
OSVadded 2018/12/20 3:29 p.m.11 views

CVE-2018-1000842

FatFreeCRM version =0.15.0 =0.16.0 =0.17.0 =0.17.2, ==0.18.0 contains a Cross Site Scripting XSS vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appear to be exploitable via Content with Javascript payload will be executed on e...

6.1CVSS6.2AI score
Exploits0References4
NVD
NVDadded 2018/12/20 3:29 p.m.8 views

CVE-2018-1000842

FatFreeCRM version =0.15.0 =0.16.0 =0.17.0 =0.17.2, ==0.18.0 contains a Cross Site Scripting XSS vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appear to be exploitable via Content with Javascript payload will be executed on e...

6.1CVSS6.2AI score0.00436EPSS
Exploits0References4
Prion
Prionadded 2018/12/20 3:29 p.m.11 views

Improper access control

Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains a Other/Unknown vulnerability in function ContentSettingsObserver::AllowScript in contentsettingsobserver.cc that can result in Websites can run inline JavaScript even if script is blocked, making attackers easier to track user...

4.3CVSS4.8AI score0.00291EPSS
Exploits0References3Affected Software1
Prion
Prionadded 2018/12/20 3:29 p.m.10 views

Cross site scripting

FatFreeCRM version =0.15.0 =0.16.0 =0.17.0 =0.17.2, ==0.18.0 contains a Cross Site Scripting XSS vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appear to be exploitable via Content with Javascript payload will be executed on e...

4.3CVSS6.1AI score0.00436EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2018/12/20 3:0 p.m.11 views

CVE-2018-1000813

Backdrop CMS version 1.11.0 and earlier contains a Cross Site Scripting XSS vulnerability in Sanitization of custom class names used on blocks and layouts. that can result in Execution of JavaScript from an unexpected source.. This attack appear to be exploitable via A user must be directed to an...

5.1AI score0.00457EPSS
Exploits0References1
CNVD
CNVDadded 2018/12/17 12:0 a.m.1 views

Pixars Tractor Cross-Site Scripting Vulnerability

Pixars Tractor is a web rendering solution. The product includes features such as resource sharing controls, Python module extensions, and more. A cross-site scripting vulnerability exists in Pixars Tractor 2.2 and prior versions, which can be exploited by remote attackers to inject and execute...

5.4CVSS6.7AI score0.00215EPSS
Exploits0References1
OSV
OSVadded 2018/12/11 4:29 p.m.4 views

CVE-2018-18342

Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

8.8CVSS8.9AI score
Exploits0References6
Prion
Prionadded 2018/12/11 4:29 p.m.15 views

Design/Logic Flaw

Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

6.8CVSS8.7AI score0.01886EPSS
Exploits0References6Affected Software5
UbuntuCve
UbuntuCveadded 2018/12/11 4:29 p.m.19 views

CVE-2018-18347

Incorrect handling of failed navigations with invalid URLs in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to trick a user into executing javascript in an arbitrary origin via a crafted HTML page...

8.8CVSS7.3AI score0.01563EPSS
Exploits0References1
Rows per page
Query Builder