CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3009 matches found

Cvelist•added 2018/05/14 1:0 p.m.•11 views

CVE-2018-0582

Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version prior to 3.0.0.4.380.1031 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1AI score0.00229EPSS

Exploits0References2

CNVD•added 2018/05/14 12:0 a.m.•1 views

phpIPAM cross-site scripting vulnerability (CNVD-2018-09472)

phpIPAM is a set of open source PHP and MySQL based IP address management application IPAM. A cross-site scripting vulnerability exists in the app/sections/user-menu.php file in versions prior to phpIPAM 1.3.1. A remote attacker can exploit this vulnerability to inject arbitrary code or denial of...

5.4CVSS6.7AI score0.00206EPSS

Exploits0References1

Prion•added 2018/04/12 9:29 p.m.•13 views

Code injection

Unify former Siemens OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of 1 ConfigureCoreFile.sh, 2 Traceroute.sh, 3 apps.sh, 4 conversionjava2native.sh, 5 coreCompression.sh, 6...

8.5CVSS7.7AI score0.00632EPSS

Exploits0References2Affected Software2

CNVD•added 2018/04/12 12:0 a.m.•3 views

Atlassian Application Links Cross-Site Scripting Vulnerability

Atlassian Application Links is a plug-in from Atlassian Australia that is used in Atlassian products to create buttons that connect to other applications. A cross-site scripting vulnerability exists in several managed application link resources in Atlassian Application Links versions prior to...

4.8CVSS6.2AI score0.00158EPSS

Exploits0References1

Atlassian•added 2018/04/10 3:55 a.m.•576 views

XSS in various types of nested wiki markup - CVE-2017-18102

The bundled version of atlassian-renderer in Atlassian JIRA before version 7.7.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in nested wiki markup. For more information see https://jira.atlassian.com/browse/RNDR-153 currently...

5.4CVSS3.7AI score0.00313EPSS

Exploits0Affected Software1

CNVD•added 2018/04/04 12:0 a.m.•2 views

iScripts EasyCreate cross-site scripting vulnerability (CNVD-2018-08315)

IScripts EasyCreate is a set of online website builder from Iscripts, Inc. The tool can be used on the server for the client to provide website building services , belong to the fully customizable . A cross-site scripting vulnerability exists in the Site title field in IScripts EasyCreate version...

5.4CVSS6.1AI score0.01095EPSS

Exploits4References1

CNVD•added 2018/03/29 12:0 a.m.•1 views

Cisco IOS XE Cross-Site Scripting Vulnerability

Cisco IOS XE Software is an operating system developed by Cisco for its network devices. A cross-site scripting vulnerability exists in the Web UI in Cisco IOS XE Software, which arises from a program's failure to perform sufficient input validation of parameters sent to the affected software via...

6.1CVSS6.7AI score0.00298EPSS

Exploits0References1

Vulnrichment•added 2018/03/27 4:0 p.m.•7 views

CVE-2018-6882

Cross-site scripting XSS vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite ZCS before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment...

6AI score0.77015EPSS

Exploits2References6

Prion•added 2018/03/22 2:29 p.m.•13 views

Cross site scripting

Cross-site scripting XSS vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote attackers to inject arbitrary web script or HTML via the username parameter...

4.3CVSS6AI score0.0025EPSS

Exploits0References1Affected Software1

CVE•added 2018/03/19 8:0 p.m.•62 views

CVE-2018-8732

CVE-2018-8732 describes a cross-site scripting (XSS) vulnerability in WampServer 3.1.1 that can be triggered via the virtual_del parameter, allowing remote injection of script/HTML. Multiple connected sources (Exploit-DB, exploit packs, and CVE records) confirm the vulnerability and a CSRF-exploi...

5.4CVSS5.3AI score0.00168EPSS

Exploits5References2Affected Software1

CVE•added 2018/03/14 8:0 p.m.•56 views

CVE-2018-7707

Affected software : SecurEnvoy SecurMail prior to 9.2.501. Vulnerability : Cross-site scripting (XSS) via an HTML-formatted e-mail message. Root cause / vector : not explicitly detailed beyond the XSS in HTML-format emails; multiple sources attribute vulnerability to improper handling of HTML ema...

6.1CVSS6.9AI score0.0809EPSS

Exploits5References3Affected Software1

CNVD•added 2018/03/08 12:0 a.m.•1 views

PHP Scripts Mall Hot Scripts Clone:Script Classified Cross-Site Scripting Vulnerability

PHP Scripts Mall Hot Scripts Clone:Script Classified is a set of PHP based classifieds posting scripts by PHP Scripts Mall India. A cross-site scripting vulnerability exists in the Add New feature of PHP Scripts Mall Hot Scripts Clone:Script Classified version 3.1, which stems from the program's...

4.8CVSS6.4AI score0.00235EPSS

Exploits1References1

NVD•added 2018/02/21 1:29 a.m.•7 views

CVE-2018-7277

An issue was discovered on RLE Wi-MGR/FDS-Wi 6.2 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP...

6.1CVSS6.3AI score0.00223EPSS

Exploits1References1

Tenable Nessus•added 2018/02/09 12:0 a.m.•21 views

openSUSE Security Update : python-mistune (openSUSE-2018-148)

This update for python-mistune to version 0.8.3 fixes several issues. These security issues were fixed : - CVE-2017-16876: Cross-site scripting XSS vulnerability in the keyify function in mistune.py allowed remote attackers to inject arbitrary web script or HTML by leveraging failure to escape th...

6.1CVSS6.1AI score0.00227EPSS

Exploits1References4

CVE•added 2018/02/07 11:0 p.m.•123 views

CVE-2017-5124

CVE-2017-5124 is a cross-site scripting (UXSS) vulnerability in the MHTML handling of Chromium/Blink, allowing a remote attacker to inject scripts/HTML via a crafted MHTML page in Google Chrome prior to 62.0.3202.62. Affected software: Google Chrome/Chromium (Blink). Impact: arbitrary script exec...

6.1CVSS6.4AI score0.19092EPSS

Exploits5References9Affected Software1

Prion•added 2018/02/03 9:29 p.m.•15 views

Code injection

webhooks/base.py in Anymail aka django-anymail before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOKAUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events...

6.4CVSS9AI score0.00552EPSS

Exploits0References6Affected Software2

Cvelist•added 2018/02/02 2:0 p.m.•11 views

CVE-2017-18086

Various resources in Atlassian Confluence Server before version 6.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the issuesURL parameter...

6AI score0.00187EPSS

Exploits0References2

Exploit DB•added 2018/01/21 12:0 a.m.•54 views

Shopware 5.2.5/5.3 - Cross-Site Scripting

Document Title: =============== Shopware 5.2.5 & v5.3 - Multiple Cross Site Scripting Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1922 Shopware Security Tracking ID: SW-19834 Security Update:...

6.1CVSS6.5AI score0.03459EPSS

Exploits7

Prion•added 2018/01/18 2:29 p.m.•15 views

Cross site scripting

Cross-site scripting XSS vulnerability in knowledgebase.php in LiveZilla before 7.0.8.9 allows remote attackers to inject arbitrary web script or HTML via the search-for parameter...

4.3CVSS6AI score0.00388EPSS

Exploits2References3Affected Software1

CNVD•added 2018/01/10 12:0 a.m.•1 views

SAP Netweaver Remote Code Injection Vulnerability

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A remote code injection vulnerability exists in SAP NetWeaver. An attacker could use this vulnerability to execu...

8.8CVSS8.4AI score0.0074EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by