CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2295 matches found

OSV•added 2017/02/04 6:59 p.m.•2 views

CVE-2017-5882

Cross-site scripting XSS vulnerability in index.asp in SANADATA SanaCMS 7.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter...

6.1CVSS5.9AI score0.00777EPSS

Exploits1References2

OSV•added 2017/01/27 12:0 a.m.•3 views

UBUNTU-CVE-2017-5008

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML pag...

6.1CVSS7AI score0.01221EPSS

Exploits1References4

CNVD•added 2017/01/19 12:0 a.m.•2 views

Zimbra Collaboration suffers from multiple cross-site scripting vulnerabilities (CNVD-2017-00759)

Zimbra can provide open source email server software and shared calendars. Multiple cross-site scripting vulnerabilities exist in Zimbra Collaboration versions prior to 8.7.0. Allows remote attackers to inject arbitrary web script or HTML via unspecified vectors also known as errors...

6.1CVSS6.1AI score0.01449EPSS

Exploits0References1

OSV•added 2017/01/18 10:59 p.m.•1 views

CVE-2016-3411

Cross-site scripting XSS vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 103609...

6.1CVSS5.9AI score

Exploits0References4

OSV•added 2017/01/18 10:59 p.m.•1 views

CVE-2016-3407

Multiple cross-site scripting XSS vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104222, 104910, 105071, and 105175...

6.1CVSS5.9AI score0.01449EPSS

Exploits0References3

OSV•added 2017/01/18 5:59 p.m.•2 views

DEBIAN-CVE-2016-7981

Cross-site scripting XSS vulnerability in validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the varurl parameter in a validerxml action...

6.1CVSS6AI score0.08216EPSS

Exploits2References1

CNVD•added 2017/01/16 12:0 a.m.•3 views

Multiple Cross-Site Scripting Vulnerabilities in b2evolution

b2evolution is a PHP and MySQL based blogging software developed by software developer FrancoisPlanque. A cross-site scripting vulnerability exists in the file type table of b2evolution versions prior to 6.8.3. The vulnerability can be exploited by remote attackers to inject arbitrary web script ...

5.4CVSS5.3AI score0.01165EPSS

Exploits0References1

OSV•added 2017/01/15 2:59 a.m.•2 views

UBUNTU-CVE-2017-5488

Multiple cross-site scripting XSS vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 version header of a plugin...

6.1CVSS7AI score0.01755EPSS

Exploits0References9

OSV•added 2017/01/15 2:59 a.m.•2 views

UBUNTU-CVE-2017-5490

Cross-site scripting XSS vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to...

6.1CVSS7AI score0.02436EPSS

Exploits0References9

Prion•added 2017/01/04 2:59 a.m.•12 views

Cross site scripting

Cross-site scripting XSS vulnerability in the WooCommerce plugin before 2.6.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML by providing crafted tax-rate table values in CSV format...

3.5CVSS5.9AI score0.00897EPSS

Exploits0References2Affected Software1

NVD•added 2016/12/18 3:59 a.m.•15 views

CVE-2016-5181

Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via crafted HTML pages...

6.1CVSS6AI score0.0197EPSS

Exploits0References6

NVD•added 2016/12/13 10:59 p.m.•20 views

CVE-2016-5060

Multiple cross-site scripting XSS vulnerabilities in nGrinder before 3.4 allow remote attackers to inject arbitrary web script or HTML via the 1 description, 2 email, or 3 username parameter to user/save...

6.1CVSS6.1AI score0.01855EPSS

Exploits1References4

Prion•added 2016/11/25 8:59 p.m.•16 views

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Team Concert 4.0...

3.5CVSS5.4AI score0.01175EPSS

Exploits0References6Affected Software7

OSV•added 2016/11/25 3:59 a.m.•2 views

CVE-2016-5981

Cross-site scripting XSS vulnerability in IBM FileNet Workplace XT through 1.1.5.2-WPXT-LA011 and FileNet Workplace Application Engine through 4.0.2.14-P8AE-IF001, when RegExpSecurityFilter and ScriptSecurityFilter are misconfigured, allows remote attackers to inject arbitrary web script or HTML...

5.4CVSS5.9AI score0.00615EPSS

Exploits0References2

Prion•added 2016/11/24 7:59 p.m.•17 views

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0...

3.5CVSS5.4AI score0.00615EPSS

Exploits0References2Affected Software7

OSV•added 2016/11/14 12:0 a.m.•1 views

UBUNTU-CVE-2016-9119

Cross-site scripting XSS vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS5.9AI score0.01452EPSS

Exploits0References3

CNVD•added 2016/11/08 12:0 a.m.•2 views

Stored Cross-site Scripting Vulnerability in the Latest Version of Tongda OA Office System

Tongda OA office system 2015 office anywhere 2015 is a domestic office software. A stored cross-site scripting vulnerability exists in the editor of Offer Anywhere 2015, a Tongda OA network intelligent office system. A remote attacker can exploit this vulnerability to inject arbitrary Web script ...

6.2AI score

Exploits0

OSV•added 2016/11/04 10:59 a.m.•0 views

UBUNTU-CVE-2016-9188

Cross-site scripting XSS vulnerabilities in Moodle CMS on or before 3.1.2 allow remote attackers to inject arbitrary web script or HTML via the sadditionalhtmlhead, sadditionalhtmltopofbody, and sadditionalhtmlfooter parameters...

6.1CVSS5.9AI score0.01543EPSS

Exploits1References4

ATTACKERKB•added 2016/10/22 3:59 a.m.•2 views

CVE-2016-0246

Cross-site scripting XSS vulnerability in IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

6.1CVSS6.3AI score0.00765EPSS

Exploits0References3

NVD•added 2016/09/26 4:59 p.m.•15 views

CVE-2016-6142

SAP HANA DB 1.00.73.00.389160 NewDB100REL allows remote attackers to inject arbitrary audit trail fields into the SYSLOG via vectors related to the SQL protocol, aka SAP Security Note 2197459...

7.5CVSS7.6AI score0.02891EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by