CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2296 matches found

OSV•added 2017/07/25 6:29 p.m.•2 views

CVE-2017-11458

Cross-site scripting XSS vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783...

6.1CVSS5.9AI score0.0097EPSS

Exploits0References2

Prion•added 2017/07/19 12:29 p.m.•11 views

Cross site scripting

Cross-site scripting XSS vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action...

4.3CVSS6.1AI score0.00802EPSS

Exploits1References1Affected Software1

OSV•added 2017/07/17 1:18 p.m.•3 views

UBUNTU-CVE-2017-1000032

Cross-Site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parentid parameter to tree.php and drpaction parameter to datasources.php...

6.1CVSS6.9AI score0.00887EPSS

Exploits0References3

CNVD•added 2017/07/12 12:0 a.m.•2 views

RISE Ultimate Project Manager 'Messaging' Cross-Site Scripting Vulnerability

Rise Ultimate Project Manager is a web-based project management system with a messaging section. A cross-site scripting vulnerability exists in the Subject and Message fields of the Messaging section in Rise Ultimate Project Manager version 1.8. A remote attacker can exploit this vulnerability to...

5.4CVSS5.3AI score0.00658EPSS

Exploits0References1

NVD•added 2017/07/06 11:29 a.m.•15 views

CVE-2017-10970

Cross-site scripting XSS vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the diehtmlinputerror function in lib/htmlvalidate.php...

5.4CVSS5.3AI score0.00637EPSS

Exploits0References2

CNVD•added 2017/07/05 12:0 a.m.•2 views

IBM Rational Team Concert Cross-Site Scripting Vulnerability (CNVD-2017-15920)

IBM Rational Team Concert RTC is the U.S. IBM's set of Jazz-based platform and support for decentralized teams for real-time collaboration related to software lifecycle management solutions. A cross-site scripting vulnerability exists in IBM RTC. A remote attacker can exploit this vulnerability t...

5.4CVSS6.5AI score0.00741EPSS

Exploits0References1

CNVD•added 2017/06/29 12:0 a.m.•2 views

Netikus EventSentry Cross-Site Scripting Vulnerability

Netikus EventSentry is an event log monitoring manager from NETIKUS.NET that provides real-time log analysis, memory event correlation and threat attack response. A cross-site scripting vulnerability exists in versions of Netikus EventSentry prior to 3.2.1.44. A remote attacker can exploit this...

6.1CVSS6AI score0.00632EPSS

Exploits0References1

CNVD•added 2017/06/23 12:0 a.m.•2 views

Mathias Kettner Check_MK Cross-Site Scripting Vulnerability

Mathias Kettner CheckMK is an open-source, general-purpose Nagios/Icinga monitoring system data collection plug-in from Mathias Kettner, Germany, which collects data from operating system and network components by employing a new methodology and supports the automated detection of monitoring item...

6.1CVSS6.2AI score0.01559EPSS

Exploits1References1

CNVD•added 2017/06/21 12:0 a.m.•1 views

SAP Successfactors Cross-Site Scripting Vulnerability

SAP SuccessFactors is a cloud-based human resource management solution from SAP, Germany. The solution includes social and collaboration tools, a learning management system, performance management and people management. A cross-site scripting vulnerability exists in versions prior to SAP...

5.4CVSS6AI score0.00993EPSS

Exploits0References1

CNVD•added 2017/06/20 12:0 a.m.•2 views

CMS Made Simple adminaddgroup.php file cross-site scripting vulnerability

CMS Made Simple is a free web-based content publishing system. A cross-site scripting vulnerability exists in the CMS Made Simple adminaddgroup.php file, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to gain access to sensiti...

6.1CVSS6.2AI score0.00602EPSS

Exploits0References1

CNVD•added 2017/06/19 12:0 a.m.•1 views

Telaxus EPESI Cross-Site Scripting Vulnerability (CNVD-2017-11060)

Telaxus EPESI is a Polish company Telaxus open source customer relationship management system based on PHP/Ajax framework CRM. The system provides schedule management , multi-user address book , proxy matters and other functions . A cross-site scripting vulnerability exists in Telaxus EPESI 1.8.2...

6.1CVSS6.1AI score0.01014EPSS

Exploits1References1

CNVD•added 2017/06/19 12:0 a.m.•1 views

Telaxus EPESI cross-site scripting vulnerability (CNVD-2017-11061)

6.1CVSS6.1AI score0.01014EPSS

Exploits1References1

ATTACKERKB•added 2017/06/14 9:29 p.m.•2 views

CVE-2017-9623

Multiple cross-site scripting XSS vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted country data...

6.1CVSS5.4AI score0.01014EPSS

Exploits1References3

ATTACKERKB•added 2017/06/14 9:29 p.m.•2 views

CVE-2017-9622

Multiple cross-site scripting XSS vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted common data...

6.1CVSS5.4AI score0.01028EPSS

Exploits0References3

ATTACKERKB•added 2017/06/14 9:29 p.m.•2 views

CVE-2017-9621

Cross-site scripting XSS vulnerability in modules/Base/Lang/Administrator/updatetranslation.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 original or 2 new parameter...

6.1CVSS5.7AI score0.01037EPSS

Exploits0References3

CNVD•added 2017/06/13 12:0 a.m.•3 views

Cybozu KUNAI for Android Cross-Site Scripting Vulnerability

Cybozu KUNAI for Android is an Android-based application from Cybozu, Inc. that allows you to quickly use Cybozu's licensed software. A cross-site scripting vulnerability exists in Cybozu KUNAI versions 3.0.0 through 3.0.6 for Android. A remote attacker can exploit the vulnerability to inject...

6.1CVSS6.2AI score0.00762EPSS

Exploits0References1

CNVD•added 2017/06/08 12:0 a.m.•3 views

PivotX 'smarty_self' function cross-site scripting vulnerability

PivotX is an open source blog content management system Blog CMS. The system supports built-in comment review, spam protection and template replacement. PivotX 2.3.11 version of the modules/modulesmarty.php file of the 'smartyself' function of the cross-site scripting vulnerability , the...

6.1CVSS6.2AI score0.00632EPSS

Exploits0References1

Prion•added 2017/06/06 4:29 p.m.•14 views

Cross site scripting

Cross site scripting XSS vulnerability in pages.editform.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATHINFO in an acp.php URL, due to use of unsanitized $SERVER'PHPSELF' to generate URLs...

4.3CVSS6.3AI score0.00744EPSS

Exploits0References2Affected Software1

Prion•added 2017/05/22 4:29 p.m.•86 views

Cross site scripting

Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior ...

4.3CVSS6.1AI score0.00886EPSS

Exploits0References2Affected Software51

CNVD•added 2017/05/16 12:0 a.m.•2 views

IBM Rational Quality Manager Cross-Site Scripting Vulnerability (CNVD-2017-09955)

IBM Rational Quality Manager RQM is a collaborative, Web-based quality management solution from IBM. The program provides test planning and test evaluation management methods within the entire software development lifecycle, and the ability to share information, automation to accelerate the proje...

5.4CVSS6.4AI score0.00511EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by