CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5082 matches found

Prion•added 2023/01/27 10:15 p.m.•15 views

Cross site scripting

Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored XSS issues under NMSCIWebGui/jsecuritycheck via the jusername parameter, or NMSCIWebGui/actloglineview.jsp via the name or actLine parameter. An attacker leveraging this vulnerability could inject arbitrary JavaScript. The...

5.8CVSS6AI score0.0047EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2023/01/27 12:0 a.m.•6 views

CVE-2022-39813

6.1AI score0.0047EPSS

Exploits1References1

OSV•added 2023/01/26 9:18 p.m.•4 views

CVE-2023-22971

Cross Site Scripting XSS vulnerability in Hughes Network Systems Router Terminal for HX200 v8.3.1.14, HX90 v6.11.0.5, HX50L v6.10.0.18, HN9460 v8.2.0.48, and HN7000S v6.9.0.37, allows unauthenticated attackers to misuse frames, include JS/HTML code and steal sensitive information from legitimate...

6.1CVSS6.4AI score0.00675EPSS

Exploits2References2

WPVulnDB•added 2023/01/25 12:0 a.m.•11 views

Loan Comparison < 1.5.2 - Reflected XSS via shortcode

The plugin does not validate and escape some of its query parameters before outputting them back in a page/post via an embedded shortcode, which could allow an attacker to inject javascript into into the site via a crafted URL. PoC Create a page "Test" containing the shortcode "loancomparison",...

6.1CVSS5.9AI score0.00486EPSS

Exploits2Affected Software1

OSV•added 2023/01/24 7:58 a.m.•8 views

MGASA-2023-0014 Updated php-smarty packages fix security vulnerability

It was discovered that there was a potential cross-site scripting vulnerability in smarty3, a widely-used PHP templating engine. In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smartyfunctionmailto, and that could be parameterized...

5.4CVSS5.9AI score0.00802EPSS

Exploits1References4

Positive Technologies•added 2023/01/24 12:0 a.m.•6 views

PT-2023-5523 · Nozomi · Nozomi Central Management Console +1

Name of the Vulnerable Software and Affected Versions: Nozomi Guardian and Nozomi Central Management Console CMC affected versions not specified Description: An authenticated attacker with administrative access to the web management interface can inject malicious JavaScript code inside the...

8.7CVSS5.4AI score0.00284EPSS

Exploits0References8

Tenable Nessus•added 2023/01/20 12:0 a.m.•41 views

openSUSE 15 Security Update : SUSE Manager Client Tools (SUSE-SU-2022:1396-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1396-1 advisory. - ecverify in kdc/kdcpreauthec.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.18.4 and 1.19.x before 1.19.2 allows remote...

9.8CVSS7.7AI score0.99951EPSS

Exploits47References33

NVD•added 2023/01/19 6:15 p.m.•26 views

CVE-2022-47196

An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this...

9CVSS6.3AI score0.00682EPSS

Exploits1References2

OSV•added 2023/01/19 6:15 p.m.•18 views

CVE-2022-47196

5.4CVSS5.9AI score

Exploits0References2

OSV•added 2023/01/19 6:15 p.m.•9 views

CVE-2022-47195

5.4CVSS5.9AI score

Exploits0References2

OSV•added 2023/01/19 6:15 p.m.•21 views

CVE-2022-47197

5.4CVSS5.9AI score

Exploits0References2

NVD•added 2023/01/19 6:15 p.m.•19 views

CVE-2022-47194

9CVSS6.3AI score0.00823EPSS

Exploits1References2

Prion•added 2023/01/19 6:15 p.m.•13 views

Cross site scripting

4.9CVSS5.4AI score0.01024EPSS

Exploits1References1Affected Software1

Prion•added 2023/01/19 6:15 p.m.•18 views

Cross site scripting

4.9CVSS5.4AI score0.00682EPSS

Exploits1References1Affected Software1

Cvelist•added 2023/01/19 5:2 p.m.•31 views

CVE-2022-47197

9CVSS5.6AI score0.01024EPSS

Exploits1References1

Vulnrichment•added 2023/01/19 5:2 p.m.•5 views

CVE-2022-47196

9CVSS6.1AI score0.00682EPSS

Exploits1References1

Vulnrichment•added 2023/01/19 5:2 p.m.•5 views

CVE-2022-47195

9CVSS6.1AI score0.00682EPSS

Exploits1References1

CVE•added 2023/01/19 5:2 p.m.•69 views

CVE-2022-47194

CVE-2022-47194 affects Ghost Foundation Ghost 5.9.4. A stored XSS flaw exists in the Post Creation workflow and in the user’s twitter field, enabling non-administrator users to inject JavaScript into posts which can escalate to administrator privileges when the affected post is viewed. Exploitati...

9CVSS5.4AI score0.00823EPSS

Exploits1References2Affected Software1

CNNVD•added 2023/01/19 12:0 a.m.•3 views

Ghost Foundation Ghost 跨站脚本漏洞

Ghost Foundation Ghost is an open source personal blog system written in JavaScript by Ghost. A cross-site scripting vulnerability exists in Ghost Foundation Ghost version 5.9.4. An attacker exploits this vulnerability to send HTTP requests to inject Javascript into posts to trick administrators...

9CVSS7AI score0.01024EPSS

Exploits1References3

CNNVD•added 2023/01/19 12:0 a.m.•2 views

Ghost Foundation Ghost 跨站脚本漏洞

Ghost Foundation Ghost is a Ghost open source personal blogging system written in JavaScript. A security vulnerability exists in Ghost Foundation Ghost 5.9.4, which stems from an insecure default vulnerability in the post creation feature of Ghost Foundation Ghost 5.9.4. The default installation ...

9CVSS7.4AI score0.00682EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by