CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2300 matches found

CNVD•added 2017/10/09 12:0 a.m.•3 views

OpenText Document Sciences xPression Cross-Site Scripting Vulnerability (CNVD-2017-33297)

OpenText Document Sciences xPression formerly known as EMC Document Sciences xPression is a document output management and customer communication solution from OpenText Canada. The solution integrates with an organization's Customer Relationship Management CRM, Enterprise Content Management ECM a...

6.1CVSS6.2AI score0.00661EPSS

Exploits3References1

CNVD•added 2017/10/09 12:0 a.m.•3 views

Frappe frappe.share.get_users SQL Injection Vulnerability

Frappe is a WEB application. Frappe frappe.share.getusers suffers from a SQL injection vulnerability that allows remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain database data...

8.8CVSS9.1AI score0.0112EPSS

Exploits0References1

CNVD•added 2017/09/27 12:0 a.m.•3 views

GeniXCMS gxadmin/index.php file cross-site scripting vulnerability

MetalGenix GeniXCMS is a PHP-based content management system and framework CMSF from MetalGenix Indonesia, which provides modules for user management, content management and menu management. A cross-site scripting vulnerability exists in the gxadmin/index.php file in MetalGenix GeniXCMS version...

6.1CVSS5.8AI score0.00683EPSS

Exploits1References1

CNVD•added 2017/09/26 12:0 a.m.•3 views

OWASP AntiSamy Cross-Site Scripting Vulnerability

OWASP AntiSamy is a library for HTML and CSS coding from the OWASP Foundation in the United States. A security vulnerability exists in OWASP AntiSamy 1.5.7 and earlier versions. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of HTML5 entities...

6.1CVSS6.6AI score0.01664EPSS

Exploits0References1

CNVD•added 2017/09/25 12:0 a.m.•1 views

Telaxus EPESI cross-site scripting vulnerability (CNVD-2017-32708)

Telaxus EPESI is a Polish company Telaxus open source customer relationship management system based on PHP/Ajax framework CRM. The system provides schedule management , multi-user address book , proxy matters and other functions . A cross-site scripting vulnerability exists in the 'Phonecalls...

5.4CVSS5.3AI score0.00631EPSS

Exploits2References1

CNVD•added 2017/09/25 12:0 a.m.•5 views

WordPress link modal cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the link modal in WordPress versions prior to 4.8.2. A remote...

6.1CVSS6.8AI score0.02136EPSS

Exploits0References1

PyPA•added 2017/09/21 2:29 p.m.•5 views

PYSEC-2017-45

Cross-site scripting XSS vulnerability in IPython 3.x before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/contents path...

6.1CVSS6AI score0.01626EPSS

Exploits0References7Affected Software1

CNVD•added 2017/09/19 12:0 a.m.•3 views

NexusPHP Cross-Site Scripting Vulnerability (CNVD-2017-27604)

NexusPHP is a resource sharing community solution written in PHP developed by the Nexus team in China. A cross-site scripting vulnerability exists in NexusPHP version 1.5.beta5.20120707. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

6.1CVSS6.1AI score0.00669EPSS

Exploits1References1

CNVD•added 2017/09/15 12:0 a.m.•1 views

WordPress eventr 'event' parameter SQL injection vulnerability

WordPress is the WordPress Software Foundation a set of blogging platform developed using the PHP language, the platform supports in PHP and MySQL server set up a personal blog site.WordPress eventr is an Indian software developer Binny VA for WordPress developed a blog event management plugin. A...

9.8CVSS9.7AI score0.02475EPSS

Exploits1References1

CNVD•added 2017/09/15 12:0 a.m.•2 views

Bobcares WordPress gift-certificate-creator Cross-Site Scripting Vulnerability

Bobcares WordPress gift-certificate-creator is a website gift certificate creation plugin for WordPress by Bobcares India. A cross-site scripting vulnerability exists in Bobcares WordPress gift-certificate-creator version 1.0, which stems from the program failing to filter user input. A remote...

6.1CVSS6.1AI score0.00711EPSS

Exploits1References1

OSV•added 2017/09/07 1:29 p.m.•3 views

CVE-2017-13754

Cross-site scripting XSS vulnerability in the "advanced settings - time server" module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the "server name" field in actions/ChangeConfiguration.html...

5.4CVSS5.9AI score0.03877EPSS

Exploits7References7

OSV•added 2017/08/31 8:29 p.m.•1 views

UBUNTU-CVE-2016-10510

Cross-site scripting XSS vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary web script or HTML by bypassing the stripimagetags protection mechanism in system/classes/Kohana/Security.php...

6.1CVSS6.5AI score0.01659EPSS

Exploits1References2

CNVD•added 2017/08/30 12:0 a.m.•3 views

Red Hat Satellite Cross-Site Scripting Vulnerability

Red Hat Satellite is a suite of system management platforms from Red Hat, Inc. that can be used to extend Linux infrastructures and provide system management functions such as administration, configuration, and monitoring. A cross-site scripting vulnerability exists in Red Hat Satellite version...

6.1CVSS6AI score0.00643EPSS

Exploits0References1

CNVD•added 2017/08/30 12:0 a.m.•1 views

Apache Atlas Cross-Site Scripting Vulnerability (CNVD-2017-27444)

Apache Atlas is a set of scalable and extensible core functional governance services from the Apache USA Software Foundation. A cross-site scripting vulnerability exists in the search function in Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating. A remote attacker can exploit this...

6.1CVSS6.1AI score0.01955EPSS

Exploits0References1

Cvelist•added 2017/08/28 7:0 p.m.•16 views

CVE-2013-7430

Cross-site scripting XSS vulnerability in the Googlemaps plugin before 3.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the xmlns parameter...

6.3AI score0.00762EPSS

Exploits0References2

CNVD•added 2017/08/21 12:0 a.m.•2 views

Paessler PRTG Network Monitor Cross-Site Scripting Vulnerability

Paessler PRTG Network Monitor is a full-featured network monitoring and management software from Paessler AG, Germany. A cross-site scripting vulnerability exists in versions prior to Paessler PRTG Network Monitor 17.2.32.2279. A remote attacker can exploit this vulnerability to inject arbitrary...

6.1CVSS6AI score0.00757EPSS

Exploits0References1

CNVD•added 2017/08/17 12:0 a.m.•3 views

Joyent Node.js Express web framework cross-site scripting vulnerability

Joyent Node.js is the United States Joyent company's set of web applications built on top of the Google V8 JavaScript engine platform. Express web framework is one of the lightweight Web framework. A cross-site scripting vulnerability exists in Joyent Node.js in the Express web framework versions...

6.1CVSS5.9AI score0.01135EPSS

Exploits0References1

CNVD•added 2017/08/16 12:0 a.m.•2 views

OSNEXUS QuantaStor v4 Virtual Appliance Cross-Site Scripting Vulnerability

OSNEXUS QuantaStor v4 virtual appliance is a virtual storage appliance from OSNEXUS USA. A cross-site scripting vulnerability exists in OSNEXUS QuantaStor v4 virtual appliance versions prior to 4.3.1. A remote attacker can exploit this vulnerability to inject arbitrary HTML or JavaScript code...

6.1CVSS5.6AI score0.02559EPSS

Exploits6References1

CNVD•added 2017/08/07 12:0 a.m.•2 views

Axis 2100 Cross-Site Scripting Vulnerability

AXIS 2100 is a network camera product from Axis Sweden. A cross-site scripting vulnerability exists in AXIS 2100 version 2.43. A remote attacker can exploit this vulnerability by injecting arbitrary JavaScript into the application response with the help of a URI...

6.1CVSS6.1AI score0.01128EPSS

Exploits3References1

OSV•added 2017/08/02 7:29 p.m.•5 views

CVE-2017-9459

Cross-site scripting XSS vulnerability in the management web interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS7.5AI score0.01195EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by