CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5057 matches found

UbuntuCve•added 2022/01/15 5:15 p.m.•19 views

CVE-2020-28919

A stored cross site scripting XSS vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an authenticated remote attacker to inject arbitrary JavaScript via a javascript: URL in a view title...

5.4CVSS5.6AI score0.00229EPSS

Exploits1References5

0day.today•added 2022/01/13 12:0 a.m.•298 views

Hospitals Patient Records Management System 1.0 - (room_list) Stored XSS Vulnerability

Exploit Title: Hospitals Patient Records Management System 1.0 - 'roomlist' Stored Cross Site Scripting XSS Exploit Author: Sant268 Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

7.4AI score

Exploits0

Packet Storm•added 2022/01/13 12:0 a.m.•254 views

Hospitals Patient Records Management System 1.0 Cross Site Scripting

Exploit Title: Hospitals Patient Records Management System 1.0 - 'doctors' Stored Cross Site Scripting XSS Exploit Author: Sant268 Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

7.4AI score

Exploits0

SonarSource Blog•added 2022/01/11 12:0 a.m.•115 views

WordPress 5.8.2 Stored XSS Vulnerability

WordPress is the world’s most popular content management system that, according to w3techs, is used by over 40% of all websites. This wide adoption makes it a top target for cyber criminals who seek to compromise high-traffic websites or infect as many web servers as possible. Its code is heavily...

3.5CVSS7.4AI score0.14241EPSS

Exploits0

Veracode•added 2022/01/10 3:29 a.m.•19 views

Cross-site Scripting (XSS)

mvcbean-jsp-portlet-archetype is vulnerable to cross-site scripting. The library does not properly escape the user input firstName and lastName parameters in greeting.jspx, allowing an attacker to inject and execute malicious javascript...

6.1CVSS4.9AI score0.0601EPSS

Exploits0References3Affected Software1

Cvelist•added 2022/01/04 2:40 a.m.•16 views

CVE-2021-43942

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting XSS vulnerability in the /rest/collectors/1.0/template/custom endpoint. To exploit this issue, the attacker must trick a user into visiting...

6.1AI score0.00456EPSS

Exploits0References1

CNNVD•added 2022/01/04 12:0 a.m.•4 views

OroPlatform 注入漏洞

OroPlatform is a PHP Business Application Platform BAP designed to make the development of custom business applications easier and faster. OroPlatform suffers from a security vulnerability that stems from the software's lack of effective filtering and escaping of JavaScript attributes. By sending...

8.8CVSS8.4AI score0.00626EPSS

Exploits0References3

Huntr•added 2021/12/30 11:24 p.m.•8 views

Cross-site Scripting (XSS) - Stored in zikula/core

Description When inputting a name for a module category whether editing an existing one or adding a new one, you're able to inject your own Javascript, leading to it being executed. An example payload that you can enter is: xss and then each time that you click the category to expand it, your...

Exploits0

Prion•added 2021/12/28 2:15 p.m.•23 views

Cross site scripting

A persistent cross-site scripting XSS issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268...

4.3CVSS5.9AI score0.00723EPSS

Exploits2References3Affected Software1

OSV•added 2021/12/21 7:15 p.m.•1 views

CVE-2021-38966

IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 212357...

5.4CVSS6.9AI score

Exploits0References2

Veracode•added 2021/12/21 1:33 p.m.•20 views

Cross-site Scripting (XSS)

epiphany is vulnerable to cross-site scripting. An attacker is able to exploit the vulnerability by getting a user to visit an XSS payload page often enough to place that page on the most visited list to inject and execute arbitrary javascript...

6.1CVSS2AI score0.00288EPSS

Exploits1References5Affected Software2

CNNVD•added 2021/12/21 12:0 a.m.•2 views

Fresenius Kabi Agilia Connect Infusion System 跨站脚本漏洞

Fresenius Kabi Agilia Connect Infusion System is an infusion system from the German company Fresenius Kabi.A cross-site scripting vulnerability exists in Fresenius Kabi Agilia Connect Infusion System, which can be exploited by attackers to inject JavaScript into the GET parameter of HTTP request'...

6.1CVSS5.2AI score0.00171EPSS

Exploits0References5

NVD•added 2021/12/20 3:15 a.m.•7 views

CVE-2021-44163

Chain Sea ai chatbot backend has improper filtering of special characters in URL parameters, which allows a remote attacker to perform JavaScript injection for XSS reflected Cross-site scripting attack without authentication...

6.1CVSS0.00192EPSS

Exploits0References1

Prion•added 2021/12/20 3:15 a.m.•14 views

Cross site scripting

4.3CVSS6.1AI score0.00192EPSS

Exploits0References1

CNNVD•added 2021/12/20 12:0 a.m.•2 views

Chain Sea Ai Chatbot System跨站脚本漏洞

Chain Sea Ai Chatbot System is an intelligent human customer service software from Chain Sea, China. Chain Sea Ai Chatbot System is vulnerable to a cross-site scripting vulnerability, which is caused by the product not filtering special characters in URL parameters and can be exploited for JS...

6.1CVSS5.2AI score0.00192EPSS

Exploits0References1

CNNVD•added 2021/12/14 12:0 a.m.•2 views

UiPath Assistant 注入漏洞

UiPath Assistant is a specialized tool for UiPath designed to make it easy and fun for users to interact with bots from the desktop. UiPath Assistant 21.4.4 suffers from a security vulnerability that stems from user control data provided to the --process-start parameter of the uipath-assistant://...

9.8CVSS8.4AI score0.00607EPSS

Exploits0References2

CNVD•added 2021/12/13 12:0 a.m.•20 views

Fortinet FortiWeb Cross-Site Scripting Vulnerability (CNVD-2021-99662)

Fortinet FortiWeb is a Web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures Web applications and protects sensitive database content. A cross-site scripting vulnerability exists,...

6.1CVSS0.6AI score0.00374EPSS

Exploits0References1

Snyk•added 2021/12/08 3:18 p.m.•1 views

Malicious Package

Overview discordjs-lofy is a malicious package. This package injecting malicious Javascript code into the Discord client. Remediation Avoid using all malicious instances of the discordjs-lofy package...

9.8CVSS7.1AI score

Exploits0References2

Veracode•added 2021/12/02 2:16 p.m.•14 views

Cross-Site Scripting (XSS)

kevinpapst/kimai2 is vulnerable to cross-site scripting. The vulnerability exists in commentContent function of MarkdownExtension.php because the markdown doesn't use safe mode which allows an attacker to inject and execute arbitrary javascript...

9CVSS3.3AI score0.00433EPSS

Exploits1References4Affected Software1

Veracode•added 2021/12/02 2:48 a.m.•18 views

Cross-site Scripting (XSS)

kevinpapst/kimai2 is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the project, customer, and activity attributes in the setEntries function of KimaiRecentActivities.js as it does not properly escape the user inputs...

6.1CVSS2.8AI score0.00206EPSS

Exploits1References4Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by