CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

892 matches found

CVE•added 2019/05/14 2:35 p.m.•46 views

CVE-2019-6514

The CVE-2019-6514 entry affects WSO2 Dashboard Server 2.0.0 and describes a stored XSS flaw: a JavaScript payload can be injected and stored in the database, then displayed and executed on the same page. The documentation notes remediation via security patch releases from WSO2 (see references). N...

4.8CVSS5AI score0.00892EPSS

Exploits0References3Affected Software1

CNVD•added 2019/05/03 12:0 a.m.•2 views

Storage-based Cross-site Scripting Vulnerability in the Frontend of Feifei Movie Navigation System

FeiFeiCms is developed by PHP+Mysql technology and can run on windows and Linux system platform. A stored cross-site scripting vulnerability exists in the frontend of FeiFeiCms. Attackers can insert malicious js code into the page to obtain user cookies and other information, resulting in user...

6.3AI score

Exploits0

0day.today•added 2019/02/15 12:0 a.m.•39 views

DomainMOD 4.11.01 - ssl-provider-name Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/DomainMod/DomainMod Version: v4.09.03 to v4.11.01 CVE :...

3.5CVSS5.5AI score0.04448EPSS

Exploits6

Packet Storm•added 2019/01/24 12:0 a.m.•86 views

CA AWI 12.0 / 12.1 / 12.2 Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Cross-site scripting product: CA Automic Workload Automation Web Interface AWI formerly Automic Automation Engine, UC4 vulnerable version: 12.0, 12.1, 12.2 fixed version:...

0.3AI score0.02008EPSS

Exploits1

n0where•added 2019/01/22 3:47 a.m.•324 views

Flexible and Powerful Reverse Proxy: Modlishka

Modlishka is a flexible and powerful reverse proxy, that will take your phishing campaigns to the next level. It was realeased with an aim to: help penetration testers to carry out an effective phishing campaign and reinforce the fact that serious threat can arise from phishing. show current 2FA...

1.8AI score

Exploits0References2

Prion•added 2019/01/03 10:29 p.m.•19 views

Hardcoded credentials

Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthenticated attacker using the administrative web interface to insert an HTML/Javascript payload into any of the device properties, which may allow an attacker to display/execute the payload in a visit...

4.3CVSS6.9AI score0.00913EPSS

Exploits0References2

Cvelist•added 2019/01/03 10:0 p.m.•28 views

CVE-2018-18997

6.3AI score0.00913EPSS

Exploits0References2

OSV•added 2018/12/20 10:1 p.m.•12 views

GHSA-J5RJ-G695-342R Fat Free CRM vulnerable to Cross-site Scripting

FatFreeCRM version =0.15.0 =0.16.0 =0.17.0 =0.17.2, and ==0.18.0 contains a Cross Site Scripting XSS vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appears to be exploitable via Content with Javascript payload will be executed...

6.1CVSS6.1AI score0.01687EPSS

Exploits0References7

0day.today•added 2018/12/12 12:0 a.m.•86 views

DomainMOD 4.11.01 - Cross-Site Scripting Vulnerability

5.6AI score0.01762EPSS

Exploits5

Exploit DB•added 2018/12/11 12:0 a.m.•36 views

DomainMOD 4.11.01 - Cross-Site Scripting

Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Date: 2018-11-22 Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/DomainMod/DomainMod Version: v4.09.03 to v4.11.01 CVE : CVE-2018-19913 A Stored Cross-site...

4.8CVSS5.5AI score0.01762EPSS

Exploits5

exploitpack•added 2018/12/09 12:0 a.m.•33 views

DomainMOD 4.11.01 - DisplayName Cross-Site Scripting

DomainMOD 4.11.01 - DisplayName Cross-Site Scripting Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Date: 2018-11-22 Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/domainmod/domainmod Version: v4.09.03 t...

3.5CVSS5.4AI score0.01514EPSS

Exploits5

Prion•added 2018/12/04 5:29 p.m.•11 views

Cross site scripting

Two XSS vulnerabilities are located in the profile edition page of the user panel of the YunoHost 2.7.2 through 2.7.14 web application. By injecting a JavaScript payload, these flaws could be used to manipulate a user's session...

3.5CVSS5.4AI score0.00622EPSS

Exploits1References1Affected Software1

NVD•added 2018/12/04 5:29 p.m.•12 views

CVE-2018-11348

5.4CVSS5.5AI score0.00622EPSS

Exploits1References1

Cvelist•added 2018/12/04 5:0 p.m.•20 views

CVE-2018-11348

5.5AI score0.00622EPSS

Exploits1References1

exploitpack•added 2018/12/04 12:0 a.m.•23 views

DomainMOD 4.11.01 - Custom SSL Fields Cross-Site Scripting

DomainMOD 4.11.01 - Custom SSL Fields Cross-Site Scripting Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Date: 2018-11-22 Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/DomainMod/DomainMod Version:...

3.5CVSS5.3AI score0.03316EPSS

Exploits6

Exploit DB•added 2018/12/04 12:0 a.m.•36 views

DomainMOD 4.11.01 - Owner name Field Cross-Site Scripting

Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Date: 2018-11-22 Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/domainmod/domainmod Version: v4.09.03 to v4.11.01 CVE : CVE-2018-19749 A Stored Cross-site...

4.8CVSS5.5AI score0.03331EPSS

Exploits6

OSV•added 2018/10/04 9:29 p.m.•1 views

CVE-2018-17849

Navigate CMS 2.8 has Stored XSS via a navigateupload.php aka File Upload request with a multipart/form-data JavaScript payload...

5.4CVSS5.8AI score0.00545EPSS

Exploits1References1

NVD•added 2018/10/04 9:29 p.m.•15 views

CVE-2018-17849

Navigate CMS 2.8 has Stored XSS via a navigateupload.php aka File Upload request with a multipart/form-data JavaScript payload...

5.4CVSS5.2AI score0.00545EPSS

Exploits1References1

CVE•added 2018/10/04 8:0 p.m.•43 views

CVE-2018-17849

Navigate CMS 2.8 is affected by a Stored XSS vulnerability in the navigate_upload.php (File Upload) request, triggered by a multipart/form-data JavaScript payload. The CVE-2018-17849 entry documents the issue, but the provided sources do not include a concrete fix or patched version. No exploitat...

5.4CVSS5.1AI score0.00545EPSS

Exploits1References1Affected Software1

OSV•added 2018/09/28 12:29 a.m.•24 views

CVE-2018-14037

Cross-site scripting XSS vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Serializer toEditableHtml function in kendo.all.min.js. If the victim accesses the editor, the payload...

6.1CVSS6AI score0.01174EPSS

Exploits2References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by