CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5059 matches found

Prion•added 2018/08/25 7:29 p.m.•10 views

Cross site scripting

Cross-site scripting XSS vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status - Active Client Table" page via the hostname field in a DHCP request...

4.3CVSS6AI score0.00299EPSS

Exploits0References1Affected Software1

NVD•added 2018/08/25 7:29 p.m.•7 views

CVE-2018-15874

Cross-site scripting XSS vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status - Active Client Table" page via the hostname field in a DHCP request...

6.1CVSS6AI score0.00299EPSS

Exploits0References1

NVD•added 2018/08/25 7:29 p.m.•11 views

CVE-2018-15875

Cross-site scripting XSS vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request...

6.1CVSS6.1AI score0.00299EPSS

Exploits0References1

CVE•added 2018/08/25 7:0 p.m.•46 views

CVE-2018-15874

The connected CNVD entry describes a Cross-Site Scripting (XSS) vulnerability in D-Link DIR-615 routers using version 20.07, exploitable by injecting JavaScript into the Status → Active Client Table via the hostname field in DHCP requests. Affected component: the DHCP hostname handling on DIR-615...

6.1CVSS6AI score0.00299EPSS

Exploits0References1Affected Software1

CNVD•added 2018/08/22 12:0 a.m.•1 views

Cross-site scripting vulnerability in multiple IBM products (CNVD-2018-24626)

IBM Rational Collaborative Lifecycle Management CLM is a set of collaborative lifecycle management solutions.Rational Quality Manager RQM is a set of collaborative, web-based quality management solutions. IBM Rational Collaborative Lifecycle Management CLM is a collaborative lifecycle management...

5.4CVSS5.5AI score0.00105EPSS

Exploits0References1

Veracode•added 2018/08/20 7:17 a.m.•29 views

Cross-Site Scripting (XSS)

This is Due to the unescaped quotes in dojox/Grid/DataGrid when editing rows, which would allow an attacker to inject arbitrary HTML and Javascript into a victim's browser. Which makes dojox vulnerable to cross-site scripting...

9.8CVSS8.9AI score0.00704EPSS

Exploits2References4Affected Software2

NVD•added 2018/08/16 6:29 p.m.•17 views

CVE-2018-10139

The PAN-OS response for GlobalProtect Gateway in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. PAN-OS 8.1 is NOT affected...

6.1CVSS6.3AI score0.00764EPSS

Exploits0References3

OSV•added 2018/08/16 6:29 p.m.•2 views

CVE-2018-10139

6.1CVSS5.9AI score0.00764EPSS

Exploits0References3

Cvelist•added 2018/08/16 6:0 p.m.•20 views

CVE-2018-10139

6.3AI score0.00764EPSS

Exploits0References3

CNVD•added 2018/08/09 12:0 a.m.•2 views

IBM Rhapsody Model Manager Cross-Site Scripting Vulnerability

IBM Rhapsody Model Manager is a suite of collaborative design model management software from IBM. The software supports the use of centralized system repositories for storing, sharing, searching and managing design models, as well as automated software design reviews. A cross-site scripting...

5.4CVSS5.6AI score0.00182EPSS

Exploits0References1

CNVD•added 2018/08/03 12:0 a.m.•2 views

IBM Maximo Asset Management Cross-Site Scripting Vulnerability (CNVD-2018-14693)

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. A cross-site...

5.4CVSS5.6AI score0.00216EPSS

Exploits0References1

CNVD•added 2018/07/27 12:0 a.m.•5 views

WordPress Mondula Multi Step Form Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . Mondula Multi Step Form is used in one of the drag-and-drop form builder plugin . A cross-site scripting...

6.1CVSS6.2AI score0.00826EPSS

Exploits2References1

CNVD•added 2018/07/24 12:0 a.m.•1 views

IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2018-13986)

IBM Sterling B2B Integrator is a suite of software from IBM USA that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A cross-site scripting vulnerability exists in IBM Sterling B...

5.4CVSS5.4AI score0.02374EPSS

Exploits4References1

CNVD•added 2018/07/23 12:0 a.m.•1 views

Storage-based Cross-site Scripting Vulnerability in School Worry-free Enterprise Website System v1.7

School carefree enterprise website system Xiao5uCompany is a set of company and enterprise-oriented website building system. A stored cross-site scripting vulnerability exists in XiaowuCompany v1.7. An attacker can use the vulnerability to insert malicious js code into the page, obtain user cooki...

6.1CVSS6AI score0.0024EPSS

Exploits1References1

CNVD•added 2018/07/20 12:0 a.m.•1 views

IBM Rational Rhapsody Design Manager and IBM Rational Software Architect Design Manager Cross-Site Scripting Vulnerabilities

IBM Rational Rhapsody Design Manager is collaborative design management software built on the IBM Jazz platform that helps design team members and stakeholders share, track, review, and manage designs.IBM Rational Software Architect Design Manager is a IBM Rational Software Architect Design Manag...

5.4CVSS5.4AI score0.00158EPSS

Exploits0References1

CNVD•added 2018/07/18 12:0 a.m.•3 views

Atlassian JIRA Server Cross-Site Scripting Vulnerability (CNVD-2018-18120)

Atlassian JIRA Server is a defect tracking management system from Atlassian Australia. The system is mainly used to track and manage all kinds of problems and defects in the work. A cross-site scripting vulnerability exists in the IncomingMailServers resource in Atlassian JIRA Server. A remote...

6.1CVSS5.9AI score0.00191EPSS

Exploits0References1

OSV•added 2018/07/16 8:29 p.m.•2 views

CVE-2017-17541

A Cross-site Scripting XSS vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature...

6.1CVSS5.8AI score

Exploits0References3

NVD•added 2018/07/16 1:29 p.m.•23 views

CVE-2018-5229

The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the name of user submitted add-on names...

5.4CVSS5.2AI score0.00175EPSS

Exploits0References1

Exploit DB•added 2018/07/16 12:0 a.m.•29 views

macOS/iOS - JavaScript Injection Bug in OfficeImporter

QuickLook is a widely used feature in macOS/iOS which allows you to preview various formats such as pdf, docx, pptx, etc. The way it uses to show office files is quite interesting. First it parses the office file and converts it to HTML code using OfficeImport and renders it using WebKit. The...

7AI score

Exploits0

exploitpack•added 2018/07/16 12:0 a.m.•19 views

macOSiOS - JavaScript Injection Bug in OfficeImporter

macOSiOS - JavaScript Injection Bug in OfficeImporter QuickLook is a widely used feature in macOS/iOS which allows you to preview various formats such as pdf, docx, pptx, etc. The way it uses to show office files is quite interesting. First it parses the office file and converts it to HTML code...

0.2AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by