CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2295 matches found

RedHat Linux•added 2013/01/08 4:30 a.m.•1 views

httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled

Multiple cross-site scripting XSS vulnerabilities in the makevariantlist function in modnegotiation.c in the modnegotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted...

2.6CVSS7.1AI score0.22515EPSS

Exploits2References4

OwnCloud•added 2012/12/20 5:4 p.m.•37 views

XSS vulnerability in bookmarks - ownCloud

A cross-site scripting XSS vulnerability in ownCloud before 4.5.5 and 4.0.10 allow remote attackers to inject arbitrary web script or HTML via the PATH data to index.php in apps/bookmark/ Affected Software ownCloud Server 4.5.5 CVE-2013-5666 ownCloud Server 4.0.10 CVE-2013-5666 Action Taken It is...

4.7CVSS5.3AI score0.00306EPSS

Exploits0Affected Software1

RedHat Linux•added 2012/12/04 7:24 p.m.•4 views

rubygem-actionpack: XSS Vulnerability in strip_tags

Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/sanitizehelper.rb in the striptags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup...

4.3CVSS7.3AI score0.01977EPSS

Exploits1References4

OSV•added 2012/11/16 12:24 p.m.•2 views

UBUNTU-CVE-2012-5883

Cross-site scripting XSS vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors...

4.3CVSS7.4AI score0.02105EPSS

Exploits0References7

NVD•added 2012/10/09 9:55 p.m.•16 views

CVE-2012-2552

Cross-site scripting XSS vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected...

4.3CVSS5.6AI score0.16295EPSS

Exploits0References4

ATTACKERKB•added 2012/10/01 8:55 p.m.•3 views

CVE-2012-5226

Multiple cross-site scripting XSS vulnerabilities in Peel SHOPPING 2.8 and 2.9 allow remote attackers to inject arbitrary web script or HTML via the 1 motclef parameter to achat/recherche.php or 2 PATHINFO to index.php...

4.3CVSS5.4AI score0.01613EPSS

Exploits1References4

ATTACKERKB•added 2012/10/01 8:55 p.m.•0 views

CVE-2012-5232

Cross-site scripting XSS vulnerability in the Quickl Form component for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.7AI score0.01148EPSS

Exploits0References4

NVD•added 2012/10/01 12:55 a.m.•27 views

CVE-2011-4551

Cross-site scripting XSS vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters...

4.3CVSS5.7AI score0.01642EPSS

Exploits1References4

Cvelist•added 2012/09/23 5:0 p.m.•23 views

CVE-2012-5103

Multiple cross-site scripting XSS vulnerabilities in action/add-submit.php in Ggb Guestbook 0.3.1 allow remote attackers to inject arbitrary web script or HTML via the 1 url or 2 message parameter...

5.8AI score0.01379EPSS

Exploits1References7

Prion•added 2012/09/17 2:55 p.m.•10 views

Cross site scripting

Cross-site scripting XSS vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message...

4.3CVSS6.1AI score0.01319EPSS

Exploits1References1Affected Software1

NVD•added 2012/09/15 5:55 p.m.•18 views

CVE-2011-5176

Multiple cross-site scripting XSS vulnerabilities in search.php in Banana Dance, possibly B.1.5 and earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 q or 2 category parameter...

4.3CVSS5.9AI score0.00931EPSS

Exploits0References2

Cvelist•added 2012/09/15 5:0 p.m.•21 views

CVE-2011-5176

5.9AI score0.00931EPSS

Exploits0References2

Packet Storm•added 2012/09/11 12:0 a.m.•28 views

Subrion CMS 2.2.1 Cross Site Scripting

Subrion CMS 2.2.1 Multiple Remote XSS POST Injection Vulnerabilities Vendor: Intelliants LLC Product web page: http://www.subrion.com Affected version: 2.2.1 Summary: Subrion is a free open source content management system. It's written in PHP 5 and utilizes MySQL database. Subrion CMS can be...

7.4AI score

Exploits0

ATTACKERKB•added 2012/09/09 9:55 p.m.•4 views

CVE-2011-5160

Cross-site scripting XSS vulnerability in setup.php in OpenEMR 4 allows remote attackers to inject arbitrary web script or HTML via the site parameter...

4.3CVSS5.6AI score0.01334EPSS

Exploits1References3

NVD•added 2012/09/05 11:55 p.m.•17 views

CVE-2012-4396

Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 file names to apps/userldap/settings.php; 2 url or 3 title parameter to apps/bookmarks/ajax/editBookmark.php; 4 tag or 5 page parameter to...

4.3CVSS5.7AI score0.02485EPSS

Exploits1References11

Prion•added 2012/09/04 8:55 p.m.•16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.6AI score0.01613EPSS

Exploits0References7Affected Software1

Prion•added 2012/08/27 9:55 p.m.•17 views

Cross site scripting

Cross-site scripting XSS vulnerability in admin/login.php in Newscoop before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the fusername parameter...

4.3CVSS6.1AI score0.02354EPSS

Exploits1References6Affected Software1

Cvelist•added 2012/08/25 10:0 a.m.•19 views

CVE-2012-4667

Multiple cross-site scripting XSS vulnerabilities in SquidClamav 5.x before 5.8 allow remote attackers to inject arbitrary web script or HTML via the 1 url, 2 virus, 3 source, or 4 user parameter to a clwarn.cgi, b clwarn.cgi.deDE, c clwarn.cgi.enEN, d clwarn.cgi.frFR, e clwarn.cgi.ptBR, or f...

5.6AI score0.01822EPSS

Exploits0References5

NVD•added 2012/08/20 8:55 p.m.•17 views

CVE-2012-4052

Multiple cross-site scripting XSS vulnerabilities in Jease before 2.9, when creating a comment, allow remote attackers to inject arbitrary web script or HTML via the 1 author, 2 subject, or 3 comment parameter...

4.3CVSS5.7AI score0.01148EPSS

Exploits0References3

Prion•added 2012/08/17 10:31 a.m.•22 views

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Sametime 8.0.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via an IM chat...

4.3CVSS6AI score0.01792EPSS

Exploits0References4Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by