CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5058 matches found

Hacker One•added 2018/07/13 10:22 a.m.•83 views

Shopify: Preview bar: Incomplete message origin validation results in XSS

The JavaScript code at https://cdn.shopify.com/s/assets/storefront/bars/previewbarinjector-73a4756a265c637c998799750759ae548e7f68b136e8e93e83132904afc3d30d.js loaded by the shop front when a theme is previewed installs a message event listener. The following check is used to reject invalid event...

5.9AI score

Exploits0

CNVD•added 2018/07/11 12:0 a.m.•1 views

IBM Rational Team Concert Cross-Site Scripting Vulnerability (CNVD-2018-23254)

IBM Rational Team Concert RTC is the U.S. IBM's set of Jazz-based platform and support for decentralized teams for real-time collaboration related to software lifecycle management solutions. A cross-site scripting vulnerability exists in IBM RTC versions 5.0 through 5.0.2 and 6.0 through 6.0.5. A...

5.4CVSS5.5AI score0.0018EPSS

Exploits0References1

CNVD•added 2018/07/11 12:0 a.m.•1 views

IBM Rational Quality Manager Cross-Site Scripting Vulnerability (CNVD-2018-23251)

IBM Rational Quality Manager is the collaborative center for business-driven software and system quality across virtually any platform and any type of test. The software helps teams seamlessly share information, use automation to accelerate projects, and report metrics for targeted release...

5.4CVSS5.5AI score0.00182EPSS

Exploits0References1

CNVD•added 2018/07/11 12:0 a.m.•2 views

Fortinet FortiAnalyzer Cross-Site Scripting Vulnerability (CNVD-2018-13761)

Fortinet FortiManager and FortiAnalyzer are both products of Fortinet, Inc. Fortinet FortiManager is a centralized network security management solution.FortiAnalyzer is a centralized network security reporting solution. A cross-site scripting vulnerability exists in Fortinet FortiManager version...

6.1CVSS6.1AI score0.00166EPSS

Exploits0References1

CNVD•added 2018/07/11 12:0 a.m.•1 views

IBM Rational Quality Manager Cross-Site Scripting Vulnerability (CNVD-2018-23248)

5.4CVSS5.5AI score0.00182EPSS

Exploits0References1

Hacker One•added 2018/07/10 4:20 p.m.•2219 views

Pornhub: Stored XSS on the https://www.redtube.com/users/[profile]/collections

Researcher successfully closed the image 'alt' attribute and injected javascript by submitting an XSS payload as the collection title. This led to stored cross-site scripting on the user's collections page, executed against any users who visited the user's collections. The user's favorites page w...

5.8AI score

Exploits0

CNVD•added 2018/07/10 12:0 a.m.•1 views

Stored Cross-site Scripting Vulnerabilities in Qingdao Easoft Tianchuang Ranzhi Collaboration Management System (QDTMS)

Ranch Coworking Management System is an enterprise coworking system. A stored cross-site scripting vulnerability exists in several places in Ranzhi Collaboration Management System. Attackers can insert malicious js code in the page to get user cookies and other information, resulting in user...

6.3AI score

Exploits0

CNVD•added 2018/07/09 12:0 a.m.•1 views

IBM FileNet Content Manager Cross-Site Scripting Vulnerability (CNVD-2018-13447)

IBM FileNet Content Manager is a content management solution for the FileNet P8 platform from IBM USA. The solution combines document management with ready-to-use workflow tools to manage images, video, Web content, compliance documents, and more. A cross-site scripting vulnerability exists in IB...

5.4CVSS5.6AI score0.00216EPSS

Exploits0References1

CNVD•added 2018/07/09 12:0 a.m.•0 views

Jirafeau cross-site scripting vulnerability (CNVD-2018-13451)

Jirafeau is a file sharing website system. A cross-site scripting vulnerability exists in the search file by name form in Jirafeau versions prior to 3.4.1. A remote attacker can exploit this vulnerability to inject JavaScript and manipulate the user session...

6.1CVSS6AI score0.00353EPSS

Exploits1References1

CNVD•added 2018/07/09 12:0 a.m.•1 views

IBM Planning Analytics Cross-Site Scripting Vulnerability

IBM Planning Analytics is a suite of business planning and analytics solutions from IBM USA. The solution supports automated execution of processes such as business planning, budgeting and analysis. A cross-site scripting vulnerability exists in IBM Planning Analytics versions 2.0.0 through 2.0.4...

6.1CVSS6.7AI score0.00166EPSS

Exploits0References1

CNVD•added 2018/07/05 12:0 a.m.•1 views

IBM RQM/RCLM Cross-Site Scripting Vulnerability (CNVD-2018-12635)

IBM Rational Quality Manager is a Web-based collaborative quality management solution.IBM Rational Collaborative Lifecycle Management is an application lifecycle management solution. A cross-site scripting vulnerability exists in the implementation of IBM Rational Quality Manager and IBM Rational...

5.4CVSS5.4AI score0.00162EPSS

Exploits0References1

CNVD•added 2018/07/04 12:0 a.m.•1 views

PAN-OS cross-site scripting vulnerability (CNVD-2018-13464)

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. A cross-site scripting vulnerability exists in the PAN-OS session browser in Palo Alto Networks PAN-OS. An attacker could exploit this vulnerability to inject arbitrary JavaScript...

5.4CVSS5.4AI score0.00355EPSS

Exploits0References1

CNVD•added 2018/07/04 12:0 a.m.•1 views

PAN-OS cross-site scripting vulnerability (CNVD-2018-13468)

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. A cross-site scripting vulnerability exists in the PAN-OS Web interface administration page in Palo Alto Networks PAN-OS. An attacker could exploit this vulnerability to inject...

5.4CVSS5.4AI score0.00355EPSS

Exploits0References1

OSV•added 2018/07/03 9:29 p.m.•3 views

CVE-2018-9337

The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML...

5.4CVSS5.9AI score0.00355EPSS

Exploits0References3

OSV•added 2018/07/03 9:29 p.m.•3 views

CVE-2018-7636

The URL filtering "continue page" hosted by PAN-OS 8.0.10 and earlier may allow an attacker to inject arbitrary JavaScript or HTML via specially crafted URLs...

6.1CVSS5.9AI score0.00348EPSS

Exploits0References3

OSV•added 2018/07/03 9:29 p.m.•2 views

CVE-2018-9335

The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML...

5.4CVSS5.9AI score0.00355EPSS

Exploits0References3

CVE•added 2018/07/03 9:0 p.m.•44 views

CVE-2018-7636

PAN-OS 8.0.10 and earlier are affected by CVE-2018-7636 — a Cross-Site Scripting flaw in the URL filtering “continue page” that allows injection of arbitrary JavaScript/HTML via crafted URLs. The issue affects PAN-OS 8.0.x (and not 8.1.x/7.1.x/6.1.x as stated in advisories) and is addressed by ve...

6.1CVSS6.1AI score0.00348EPSS

Exploits0References3Affected Software1

CVE•added 2018/07/03 9:0 p.m.•46 views

CVE-2018-9337

CVE-2018-9337 is an XSS vulnerability in the PAN-OS Web interface administration page. Affected PAN-OS: 6.1.20 and earlier; 7.1.17 and earlier; 8.0.10 and earlier; 8.1.1 and earlier. The issue allows an attacker to inject arbitrary JavaScript or HTML via the web interface. Exploitation requires p...

5.4CVSS5.5AI score0.00355EPSS

Exploits0References3Affected Software1

OSV•added 2018/07/03 7:29 p.m.•2 views

CVE-2017-1621

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...

5.4CVSS5.4AI score

Exploits0References2

Palo Alto Networks•added 2018/06/29 12:0 a.m.•6 views

Cross-Site Scripting (XSS) in PAN-OS Management Web Interface

A Cross-Site Scripting XSS vulnerability exists in a PAN-OS web interface administration page. Ref. PAN-93242; CVE-2018-9337 Successful exploitation of this issue may allow an attacker to inject arbitrary JavaScript or HTML An attacker would need to successfully authenticate prior to exploiting...

5.4CVSS5.6AI score0.00355EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by