CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2295 matches found

NVD•added 2014/03/14 3:55 p.m.•23 views

CVE-2014-2291

Cross-site scripting XSS vulnerability in the Pulse Collaboration Secure Meeting user pages in Juniper Junos Pulse Secure Access Service aka SSL VPN with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows remote authenticated users to inject arbitrary web scrip...

3.5CVSS5.2AI score0.00936EPSS

Exploits1References3

ATTACKERKB•added 2014/03/14 2:55 p.m.•2 views

CVE-2014-2024

Cross-site scripting XSS vulnerability in classes/controller/error.php in Open Classifieds 2 before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to shared-apartments-rooms/...

4.3CVSS5.7AI score0.0124EPSS

Exploits4References5

Prion•added 2014/03/03 4:55 p.m.•16 views

Cross site scripting

Cross-site scripting XSS vulnerability in Upload/search.php in MyBB 1.6.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a dosearch action, which is not properly handled in a forced SQL error message...

4.3CVSS6.7AI score0.00993EPSS

Exploits3References2Affected Software1

ATTACKERKB•added 2014/03/02 4:57 a.m.•4 views

CVE-2014-2104

Multiple cross-site scripting XSS vulnerabilities in the Business Voice Services Manager BVSM page in Cisco Unified Communications Domain Manager 9.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCum78536, CSCum78526, CSCum69809, and...

4.3CVSS5.4AI score0.01158EPSS

Exploits1References4

NVD•added 2014/02/26 1:29 a.m.•13 views

CVE-2014-0853

Multiple cross-site scripting XSS vulnerabilities in the 1 ForwardController and 2 AttributeEditor scripts in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.3AI score0.00936EPSS

Exploits1References3

Prion•added 2014/02/26 1:29 a.m.•16 views

Cross site scripting

3.5CVSS5.4AI score0.00936EPSS

Exploits1References3Affected Software1

Cvelist•added 2014/02/25 9:0 p.m.•18 views

CVE-2014-0853

5.3AI score0.00936EPSS

Exploits1References3

Vulnerability Lab•added 2014/02/24 12:0 a.m.•30 views

Barracuda #31 FW - Persistent Access Policy Vulnerability

Document Title: =============== Barracuda 31 FW - Persistent Access Policy Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1070 Barracuda Networks Security ID BNSEC: BNSEC-2068 Release Date: ============= 2014-02-24 Vulnerability Laboratory...

7.1AI score

Exploits0

Cvelist•added 2014/02/08 12:0 a.m.•23 views

CVE-2014-1869

Multiple cross-site scripting XSS vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters aka loaderInfo.parameters...

8.1AI score0.02785EPSS

Exploits0References8

CVE•added 2014/01/30 3:0 p.m.•58 views

CVE-2013-0177

Apache OFBiz (Open For Business) is affected by multiple XSS vulnerabilities in widget/screen/ModelScreenWidget.java, affecting OFBiz 10.04.x before 10.04.05 and 11.04.01 (possibly 09.04.x). The issue allows remote authenticated users to inject arbitrary script/HTML through the Screenlet.title or...

3.5CVSS5.6AI score0.2123EPSS

Exploits1References9Affected Software1

Cvelist•added 2014/01/10 4:0 p.m.•21 views

CVE-2014-1407

Multiple cross-site scripting XSS vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to inject arbitrary web script or HTML via 1 the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or 2 the wlan-url parameter to...

5.8AI score0.01193EPSS

Exploits1References3

Prion•added 2013/12/31 8:55 p.m.•21 views

Cross site scripting

Cross-site scripting XSS vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted client hostname...

4.3CVSS6AI score0.01647EPSS

Exploits1References4Affected Software1

OSV•added 2013/12/31 4:4 p.m.•4 views

UBUNTU-CVE-2013-6459

Cross-site scripting XSS vulnerability in the willpaginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links...

4.3CVSS7.4AI score0.02209EPSS

Exploits1References4

Positive Technologies•added 2013/12/26 12:0 a.m.•6 views

PT-2014-92: Cross-Site Scripting in ShopOS

The specialists of the Positive Research center have detected a Cross-Site Scripting vulnerability in ShopOS. Reflected cross-site scripting in the func.php page allows remote attackers to inject arbitrary HTML tags including JavaScript scripts, etc. to a page processed by user's browser. How to...

4.3CVSS6.3AI score

Exploits0References3

RedHat Linux•added 2013/12/17 6:29 p.m.•2 views

cumin: non-persistent XSS possible due to not escaping set limit form input

Cross-site scripting XSS vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to inject arbitrary web script or HTML via the "Max allowance" field in the "Set limit" form...

4.3CVSS5.9AI score0.01795EPSS

Exploits0References4

Prion•added 2013/12/09 4:36 p.m.•13 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System GMS, Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the 1...

3.5CVSS5.7AI score0.04337EPSS

Exploits3References10Affected Software3

CVE•added 2013/12/07 12:0 a.m.•125 views

CVE-2013-6415

CVE-2013-6415 is an XSS vulnerability in Ruby on Rails Action Pack, specifically in the number_to_currency helper (action_view number_helper.rb). It allows a remote attacker to inject arbitrary script/HTML via the unit parameter. Affected are Rails versions prior to 3.2.16 and 4.x prior to 4.0.2....

4.3CVSS5.4AI score0.03171EPSS

Exploits0References15Affected Software2

OSV•added 2013/11/05 8:55 p.m.•2 views

DEBIAN-CVE-2013-4453

Cross-site scripting XSS vulnerability in templates/login.php in LDAP Account Manager LAM 4.3 and 4.2.1 allows remote attackers to inject arbitrary web script or HTML via the language parameter...

4.3CVSS5.9AI score0.01355EPSS

Exploits0References1

Prion•added 2013/10/28 10:55 p.m.•19 views

Cross site scripting

Cross-site scripting XSS vulnerability in Feng Office 2.3.2-rc and earlier allows remote attackers to inject arbitrary web script or HTML via an arbitrary refXXX parameter...

4.3CVSS6.1AI score0.0096EPSS

Exploits3References2Affected Software1

Prion•added 2013/10/16 10:52 a.m.•12 views

Cross site scripting

Cross-site scripting XSS vulnerability in the monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.5AI score0.00936EPSS

Exploits0References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by