CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5077 matches found

CNNVD•added 2021/04/01 12:0 a.m.•3 views

Devolutions Remote Desktop Manager 跨站脚本漏洞

Devolutions Remote Desktop Manager is a remote desktop management tool that centralizes all remote connections on a platform that is securely shared between users and across teams. A cross-site scripting vulnerability exists in webviews in Devolutions Remote Desktop Manager versions prior to...

5.4CVSS5.3AI score0.01149EPSS

Exploits0References2

NVD•added 2021/03/31 6:15 p.m.•10 views

CVE-2021-21418

psemailsubscription is a newsletter subscription module for the PrestaShop platform. An employee can inject javascript in the newsletter condition field that will then be executed on the front office The issue has been fixed in 2.6.1...

5.4CVSS0.00786EPSS

Exploits0References4

Prion•added 2021/03/31 6:15 p.m.•14 views

Race condition

3.5CVSS5.4AI score0.00786EPSS

Exploits0References4Affected Software1

CVE•added 2021/03/31 5:35 p.m.•62 views

CVE-2021-21418

CVE-2021-21418 concerns the PrestaShop module ps_emailsubscription . A cross‑site scripting (XSS) vulnerability exists where an employee can inject JavaScript into the newsletter condition field, which is then executed on the front office. The issue has been fixed in module version 2.6.1 .

5.4CVSS4.9AI score0.00786EPSS

Exploits0References4Affected Software1

Huawei•added 2021/03/31 12:0 a.m.•27 views

Security Advisory - JavaScript Injection Vulnerability in Huawei Smartphone

There is a JavaScript injection vulnerability in Huawei smartphone. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending malicious application request to launch JavaScript injection. This may compromise normal service. Vulnerability ID:...

7.5CVSS7.7AI score0.00721EPSS

Exploits0Affected Software1

CNNVD•added 2021/03/31 12:0 a.m.•3 views

Progi1984 ps_emailsubscription 跨站脚本漏洞

Progi1984 psemailsubscription is Progi1984 an open source application. Provides an e-mail form. A security vulnerability exists in psemailsubscription that stems from the ability to inject javascript into the newsletter conditional field...

5.4CVSS5.7AI score0.00786EPSS

Exploits0References5

NVD•added 2021/03/30 5:15 p.m.•17 views

CVE-2021-20518

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198437...

5.4CVSS0.00502EPSS

Exploits0References2

CNVD•added 2021/03/30 12:0 a.m.•6 views

Rocket.Chat Cross-Site Scripting Vulnerability (CNVD-2021-24250)

Rocket.Chat is an open source team chat software. A cross-site scripting vulnerability exists in versions prior to Rocket.Chat 3.11, 3.10.5, 3.9.7, and 3.8.8 that allows remote attackers to inject arbitrary JavaScript into messages...

6.1CVSS6.1AI score0.017EPSS

Exploits0References1

Huntr•added 2021/03/26 11:57 a.m.•8 views

Cross-site Scripting (XSS) - Generic in bigprof-software/online-invoicing-system

✍️ Description A cross-site scripting XSS allows remote attackers to inject JavaScript via the "p0-end" Parameter 🕵️‍♂️ Proof of Concept You can find installation instructions here: https://bigprof.com/appgini/applications/online-invoicing-system Vulnerable Parameter: p0-end p1-end & p2-end end XSS...

2AI score

Exploits0

Huntr•added 2021/03/26 11:52 a.m.•15 views

Cross-site Scripting (XSS) - Generic in bigprof-software/online-invoicing-system

✍️ Description A cross-site scripting XSS allows remote attackers to inject JavaScript via the "p0-start" Parameter 🕵️‍♂️ Proof of Concept You can find installation instructions here: https://bigprof.com/appgini/applications/online-invoicing-system Vulnerable Parameter: p0-start p1-start & p2-start...

2AI score

Exploits0

Huntr•added 2021/03/26 11:46 a.m.•5 views

Cross-site Scripting (XSS) - Generic in bigprof-software/online-invoicing-system

✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "filtererclient" Parameter 🕵️‍♂️ Proof of Concept You can find installation instructions here: https://bigprof.com/appgini/applications/online-invoicing-system Vulnerable...

1.7AI score

Exploits0

Huntr•added 2021/03/26 11:41 a.m.•13 views

Cross-site Scripting (XSS) - Generic in bigprof-software/online-invoicing-system

✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "filtereritem" Parameter 🕵️‍♂️ Proof of Concept You can find installation instructions here: https://bigprof.com/appgini/applications/online-invoicing-system Vulnerable...

1.8AI score

Exploits0

OSV•added 2021/03/26 9:15 a.m.•19 views

CVE-2021-20683

Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors...

5.4CVSS6.5AI score

Exploits0References2

OSV•added 2021/03/26 9:15 a.m.•17 views

CVE-2021-20681

Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors...

5.4CVSS6.5AI score

Exploits0References2

NVD•added 2021/03/26 9:15 a.m.•12 views

CVE-2021-20683

5.4CVSS0.00731EPSS

Exploits0References2

Prion•added 2021/03/26 9:15 a.m.•14 views

Input validation

3.5CVSS5.4AI score0.00731EPSS

Exploits0References2Affected Software1

CVE•added 2021/03/26 8:50 a.m.•52 views

CVE-2021-20681

CVE-2021-20681 affects baserCMS prior to 4.4.5. The issue is improper neutralization of JavaScript input in the page editing feature, allowing remote authenticated attackers to inject arbitrary scripts via unspecified vectors. Impact is described as potential script execution in the user’s browse...

5.4CVSS5.4AI score0.00731EPSS

Exploits0References2Affected Software1

CNVD•added 2021/03/26 12:0 a.m.•6 views

SEO Panel Cross-Site Scripting Vulnerability (CNVD-2021-23382)

SEO Panel is a free, open source SEO optimization software. A cross-site scripting vulnerability exists in SEO Panel version 4.8.0. The vulnerability can be exploited to inject JavaScript via the type parameter in archive.php...

4.8CVSS5.9AI score0.00828EPSS

Exploits1References1

CNVD•added 2021/03/26 12:0 a.m.•11 views

Plone cross-site scripting vulnerability (CNVD-2021-22849)

Plone is an open source content management system CMS built on the Zope application server. A cross-site scripting vulnerability exists in Plone version 5.2.3, which stems from the form.widgets.sitetitle parameter not effectively filtering user input, and can be exploited by an attacker to inject...

5.4CVSS5.9AI score0.00762EPSS

Exploits1References1

CNVD•added 2021/03/26 12:0 a.m.•8 views

SEO Panel Cross-Site Scripting Vulnerability (CNVD-2021-23384)

SEO Panel is a free, open source SEO optimization software. A cross-site scripting vulnerability exists in SEO Panel version 4.8.0. An attacker can exploit this vulnerability to inject JavaScript via the reporttype parameter in archive.php...

4.8CVSS5.9AI score0.00755EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by