CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2023/03/22 12:0 a.m.•8 views

CVE-2023-22253 AEM Reflected XSS Arbitrary code execution

5.4CVSS5.8AI score0.0048EPSS

Cvelist•added 2023/03/22 12:0 a.m.•16 views

CVE-2023-21615 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)

5.4CVSS5.2AI score0.0048EPSS

Veracode•added 2023/03/20 11:46 p.m.•11 views

Cross-site Scripting (XSS)

miniflux.app is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the mediaProxy function of proxy.go due to the unescaped ServerError in proxy handler when opening a broken image, allowing an attacker to inject and execute malicious javascript...

5.4CVSS6.5AI score0.00586EPSS

Exploits0References9Affected Software2

CNNVD•added 2023/03/14 12:0 a.m.•3 views

SAP Content Server 跨站脚本漏洞

SAP Content Server is a standalone component that can store any format and content. A cross-site scripting vulnerability exists in SAP Content Server version 7.53, which can be exploited by attackers to inject malicious JavaScript scripts...

6.1CVSS6AI score0.00418EPSS

Exploits0References3

Prion•added 2023/03/10 4:15 p.m.•15 views

Cross site scripting

The help page in GigaVUE-FM, when using GigaVUE-OS software version 5.0 202, does not require an authenticated user. An attacker could enforce a user into inserting malicious JavaScript code into the URI, that could lead to a Reflected Cross site Scripting...

5.8CVSS6.1AI score0.00353EPSS

Exploits0References1Affected Software1

Veracode•added 2023/03/10 3:54 a.m.•14 views

Cross-site Scripting (XSS)

modoboa is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the maketag function in the Listing.prototype object of listing.js as it does not properly encode the html attribute, allowing an attacker to inject and execute malicious JavaScript into the browser...

4.8CVSS5.3AI score0.00494EPSS

Exploits1References5Affected Software1

Veracode•added 2023/03/03 12:7 p.m.•21 views

Cross-site Scripting (XSS)

org.keycloak:keycloak-services is vulnerable to Cross-site Scripting XSS. The library does not properly escape HTML entities during user impersonation, allowing an attacker to inject and execute malicious javascript on victim's browser...

6.4CVSS6.6AI score0.0066EPSS

Exploits0References9Affected Software2

Veracode•added 2023/03/03 3:42 a.m.•33 views

Cross-site Scripting (XSS)

github.com/grafana/grafana is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to React's render cycle in the "Text" plugin which passes through the unsanitized HTML code, allowing an attacker with an editor role to inject and execute malicious JavaScript, and take over the...

6.4CVSS5.4AI score0.1546EPSS

Exploits0References7Affected Software1

NVD•added 2023/02/28 5:15 p.m.•24 views

CVE-2023-27293

Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javascript as the answer to a questionnaire which would then be executed when an authenticated user reviews the candidate's submission. This could be used to steal other users’ cooki...

6.1CVSS6.2AI score0.00596EPSS

OSV•added 2023/02/28 5:15 p.m.•16 views

CVE-2023-27294

Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be executed in other users' browsers if they browse to that event. This could...

5.4CVSS6.8AI score

Prion•added 2023/02/28 5:15 p.m.•14 views

Input validation

5.8CVSS6.2AI score0.00596EPSS

Prion•added 2023/02/28 5:15 p.m.•15 views

Input validation

4.9CVSS5.3AI score0.0053EPSS

CVE•added 2023/02/28 12:0 a.m.•40 views

CVE-2023-27293

OpenCats (v0.9.6) is affected by CVE-2023-27293 due to improper input neutralization during web page generation, enabling an unauthenticated attacker to inject malicious JavaScript in questionnaire answers that executes when an authenticated user reviews submissions. This can steal cookies and co...

6.1CVSS6.2AI score0.00596EPSS

Vulnrichment•added 2023/02/28 12:0 a.m.•4 views

CVE-2023-27293

6.4AI score0.00596EPSS

Cvelist•added 2023/02/28 12:0 a.m.•27 views

CVE-2023-27293

6.4AI score0.00596EPSS

CVE•added 2023/02/28 12:0 a.m.•52 views

CVE-2023-27294

CVE-2023-27294 describes improper neutralization of input during web page generation, allowing an authenticated attacker with access to a restricted account to submit malicious JavaScript as a calendar event description. When other users view that event, the injected script executes in their brow...

5.4CVSS5.3AI score0.0053EPSS

Cvelist•added 2023/02/28 12:0 a.m.•22 views

CVE-2023-27294

5.6AI score0.0053EPSS

OSSF Malicious Packages•added 2023/02/27 3:36 p.m.•7 views

Malicious code in tpstrpeplgtb (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx fd90f892727d0f1648c10f09ca93b40cfbcf0a6c5bf9cfc4473a497b3a509e07 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

7AI score