CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2300 matches found

CNVD•added 2017/11/25 12:0 a.m.•3 views

OpenEMR Cross-Site Scripting Vulnerability (CNVD-2017-35442)

OpenEMR is an open source medical management system maintained by the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. A cross-site scripting vulnerability exists in OpenEMR 5.0.0 and prior...

5.4CVSS6.2AI score0.00736EPSS

Exploits0References1

CNVD•added 2017/11/20 12:0 a.m.•2 views

filp whoops cross-site scripting vulnerability

whoops is an open source PHP stack error handling system . A cross-site scripting vulnerability exists in the 'dump' function of the Util/TemplateHelper.php file in versions of filp whoops prior to 2.1.13. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

6.1CVSS6.2AI score0.00811EPSS

Exploits0References1

OSV•added 2017/11/15 8:29 a.m.•3 views

DEBIAN-CVE-2017-8812

MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject greater than characters via the id attribute of a headline...

5.3CVSS7AI score0.01573EPSS

Exploits0References1

CNVD•added 2017/11/09 12:0 a.m.•1 views

Dream Multimedia Dreambox Device BouquetEditor WebPlugin Cross-Site Scripting Vulnerability

Dream Multimedia Dreambox devices is a Linux-based digital TV set-top box produced by Dream Multimedia, Germany.BouquetEditor WebPlugin is one of the plug-ins with channel naming, sorting and other functions. A cross-site scripting vulnerability exists in the BouquetEditor WebPlugin in Dream...

6.1CVSS6.1AI score0.05568EPSS

Exploits5References1

Prion•added 2017/11/06 8:29 a.m.•15 views

Cross site scripting

Stored Cross-site scripting XSS vulnerability in /cgi-bin/config2 on Vonage Grandstream HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field P148...

3.5CVSS5.1AI score0.00614EPSS

Exploits1References1

CNVD•added 2017/11/06 12:0 a.m.•3 views

Catalyst Mahara Stored Cross-Site Scripting Vulnerability

Catalyst Mahara is a social networking system from Catalyst IT in New Zealand. The system includes a blog, resume builder, file manager, and more. A stored cross-site scripting vulnerability exists in Catalyst Mahara versions 1.9 before 1.9.6, 1.10 before 1.10.4, and 15.04 before 15.04.1. A remot...

4.8CVSS6AI score0.00497EPSS

Exploits1References1

CNVD•added 2017/11/01 12:0 a.m.•2 views

HPE ArcSight ESM and HPE ArcSight ESM Express Cross-Site Scripting Vulnerability

HPE ArcSight ESM Enterprise Security Manager and ESM Express are both enterprise security management software with event correlation and security analysis capabilities from Hewlett Packard Enterprise HPE. The software collects, correlates and reports on enterprise-wide security events in real tim...

6.1CVSS6.1AI score0.01254EPSS

Exploits0References1

CNVD•added 2017/10/30 12:0 a.m.•3 views

Pallets Flask Pallets Werkzeug Cross Site Scripting Vulnerability

Pallets Flask is a Python-based web application development tool from the Pallets project.Pallets Werkzeug is one of the WSGI toolkits. A cross-site scripting vulnerability exists in the 'renderfull' function of the debug/tbtools.py file of the debugger for Pallets Flask and other products used i...

6.1CVSS5.9AI score0.01985EPSS

Exploits0References1

CNVD•added 2017/10/27 12:0 a.m.•2 views

IBM BigFix Platform Cross-Site Scripting Vulnerability

IBM BigFix Platform is a dynamic set of IBM's integrated messaging content-driven and management system for multi-technology platforms.Web Report compoment is one of the Web reporting component. A cross-site scripting vulnerability exists in the Web Report component in IBM BigFix Platform version...

6.1CVSS6.5AI score0.00977EPSS

Exploits0References1

OSV•added 2017/10/26 8:29 p.m.•1 views

DEBIAN-CVE-2012-4378

Multiple cross-site scripting XSS vulnerabilities in MediaWiki before 1.18.5 and 1.19.x before 1.19.2, when unspecified JavaScript gadgets are used, allow remote attackers to inject arbitrary web script or HTML via the userlang parameter to w/index.php...

6.1CVSS6AI score0.01548EPSS

Exploits1References1

Prion•added 2017/10/24 10:29 p.m.•14 views

Cross site scripting

Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended" field, a different vulnerability than CVE-2017-15878...

3.5CVSS5.2AI score0.03415EPSS

Exploits5References4Affected Software1

OSV•added 2017/10/24 10:29 p.m.•18 views

CVE-2017-15881

4.8CVSS5.7AI score

Exploits0References4

CNVD•added 2017/10/20 12:0 a.m.•2 views

PHP Melody Cross-Site Scripting Vulnerability

PHP Melody is a self-hosted video CMS. A cross-site scripting vulnerability exists in PHP Melody versions prior to 2.7.3, which can be exploited by remote attackers to inject arbitrary web script or HTML...

6.1CVSS6.2AI score0.00661EPSS

Exploits1References1

CNVD•added 2017/10/17 12:0 a.m.•3 views

OpenKM Cross-Site Scripting Vulnerability (CNVD-2017-30870)

OpenKM is a document management system from OpenKM Spain. The system provides features such as version control, document history and file sharing. A cross-site scripting vulnerability exists in versions of OpenKM prior to 6.4.19. A remote attacker can exploit this vulnerability to inject arbitrar...

5.4CVSS5.2AI score0.01245EPSS

Exploits2References1

CNVD•added 2017/10/16 12:0 a.m.•2 views

Shaarli Cross-Site Scripting Vulnerability

Shaarli is a set of website cloning tools from the French Sebsauvage project. A cross-site scripting vulnerability exists in version 0.9.1 of Shaarli. A remote attacker can inject JavaScript code by sending the 'searchtags' parameter to the index.php file...

6.1CVSS6AI score0.01485EPSS

Exploits0References1

Cvelist•added 2017/10/11 6:0 a.m.•17 views

CVE-2017-7352

Stored Cross-site scripting XSS vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the "host" parameter on the 'System Configuration SNMP Add SNMP Trap Manager' screen...

5.2AI score0.00595EPSS

Exploits1References1

CNVD•added 2017/10/11 12:0 a.m.•3 views

dotCMS Stored Cross-Site Scripting Vulnerability

dotCMS is a content management system CMS from the United States dotCMS. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . A cross-site scripting vulnerability exists in the vanity-urls Title field in dotCMS version 4.1.1, which originat...

5.4CVSS5.3AI score0.00513EPSS

Exploits1References1

CNVD•added 2017/10/11 12:0 a.m.•2 views

Piwigo cross-site scripting vulnerability (CNVD-2017-30482)

Piwigo is a web-based photo album software from the Piwigo team. The software supports photo publishing, management, multiple browsing options categories, tags, time and more. A cross-site scripting vulnerability exists in versions prior to Piwigo 2.8.3. A remote attacker can exploit this...

6.1CVSS6AI score0.00884EPSS

Exploits0References1

CNVD•added 2017/10/10 12:0 a.m.•4 views

WordPress Support Ticket System SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Support Ticket System plugin is one of the ticket system plugin. A SQL injection vulnerability exists in WordPress...

9.8CVSS9.5AI score0.03117EPSS

Exploits1References1

CNVD•added 2017/10/09 12:0 a.m.•3 views

OpenText Document Sciences xPression Cross-Site Scripting Vulnerability

OpenText Document Sciences xPression formerly known as EMC Document Sciences xPression is a document output management and customer communication solution from OpenText Canada. The solution integrates with an organization's Customer Relationship Management CRM, Enterprise Content Management ECM a...

6.1CVSS6.2AI score0.00661EPSS

Exploits3References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by