CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

881 matches found

Prion•added 2023/08/11 2:15 p.m.•18 views

Cross site scripting

Cross Site Scripting XSS vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload...

5.8CVSS6.2AI score0.01385EPSS

Exploits0References2Affected Software1

CVE•added 2023/08/11 12:0 a.m.•28 views

CVE-2020-27449

CVE-2020-27449 affects Zoho ManageEngine Password Manager Pro (version 11.0.0.1, Query Report feature). The issue is a Cross-Site Scripting (XSS) vulnerability stemming from insufficient input filtering/escaping in the Query Report function that could allow remote attackers to execute arbitrary w...

6.1CVSS6.1AI score0.01385EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2023/08/11 12:0 a.m.•9 views

CVE-2020-27449

6.5AI score0.01385EPSS

Exploits0References2

Cvelist•added 2023/08/11 12:0 a.m.•12 views

CVE-2020-27449

6.2AI score0.01385EPSS

Exploits0References2

wpexploit•added 2023/07/17 12:0 a.m.•157 views

Bubble Menu < 3.0.5 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. 1. Click on the "Add new" tab. 2...

4.8CVSS4.8AI score0.01787EPSS

Exploits2

WPVulnDB•added 2023/07/17 12:0 a.m.•12 views

Bubble Menu < 3.0.5 - Admin+ Stored XSS

4.8CVSS4.8AI score0.01787EPSS

Exploits2Affected Software1

OSV•added 2023/07/06 7:24 p.m.•23 views

GHSA-7J6X-42MM-P7JM Zinc Cross-site Scripting vulnerability

In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross-Site Scripting when using the delete template functionality. When an authenticated user deletes a template with a XSS payload in the name field, the Javascript payload will be executed and allow an attacker to access the user’...

5.4CVSS4.9AI score0.00442EPSS

Exploits0References4

wpexploit•added 2023/06/26 12:0 a.m.•212 views

Floating Chat Widget < 3.1.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Steps to Reproduce: 1. Open Chaty Plugin Dashboard...

4.8CVSS5.5AI score0.00113EPSS

Exploits2

NVD•added 2023/06/14 5:15 p.m.•11 views

CVE-2023-0010

A reflected cross-site scripting XSS vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted link...

5.4CVSS5.1AI score0.00817EPSS

Exploits0References1

Prion•added 2023/06/14 5:15 p.m.•17 views

Cross site scripting

4.9CVSS5.1AI score0.00817EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2023/06/14 4:31 p.m.•11 views

CVE-2023-0010 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication

5.4CVSS5.2AI score0.00817EPSS

Exploits0References1

Cvelist•added 2023/06/14 4:31 p.m.•11 views

CVE-2023-0010 PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication

5.4CVSS5.3AI score0.00817EPSS

Exploits0References1

CVE•added 2023/06/14 4:31 p.m.•66 views

CVE-2023-0010

CVE-2023-0010 is a reflected XSS in Palo Alto Networks PAN-OS Captive Portal. The vulnerability arises from inadequate filtering/escaping of user data in the Captive Portal page, allowing an attacker to execute JavaScript in the context of an authenticated user when they click a crafted link. Aff...

5.4CVSS5.1AI score0.00817EPSS

Exploits0References1Affected Software1

Palo Alto Networks•added 2023/06/14 4:0 p.m.•22 views

PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in Captive Portal Authentication

5.4CVSS5.6AI score0.00817EPSS

Exploits0References1

NVD•added 2023/05/10 5:15 p.m.•10 views

CVE-2023-0007

A cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser when viewed...

6.5CVSS6AI score0.01096EPSS

Exploits0References1

Prion•added 2023/05/10 5:15 p.m.•17 views

Cross site scripting

4.3CVSS4.7AI score0.01096EPSS

Exploits0References1Affected Software1

Cvelist•added 2023/05/10 4:30 p.m.•17 views

CVE-2023-0007 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface

6.5CVSS6.1AI score0.01096EPSS

Exploits0References1

Vulnrichment•added 2023/05/10 4:30 p.m.•10 views

CVE-2023-0007 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface

6.5CVSS5.5AI score0.01096EPSS

Exploits0References1

CNNVD•added 2023/05/10 12:0 a.m.•2 views

Palo Alto Networks PAN-OS 跨站脚本漏洞

Palo Alto Networks PAN-OS is a next-generation firewall software from Palo Alto Networks, USA. Palo Alto Networks PAN-OS suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an...

6.5CVSS6AI score0.01096EPSS

Exploits0References2

NVD•added 2023/05/01 10:15 p.m.•9 views

CVE-2023-27108

An issue was discovered in KaiOS 3.0. The pre-installed Communications application exposes a Web Activity that returns the user's call log without origin or permission checks. An attacker can inject a JavaScript payload that runs in a browser or app without user interaction or consent. This allow...

5.3CVSS5.2AI score0.0022EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by