CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2295 matches found

NVD•added 2011/12/27 11:55 a.m.•20 views

CVE-2011-3841

Cross-site scripting XSS vulnerability in uploadify/getprofileavatar.php in the WP Symposium plugin before 11.12.08 for WordPress allows remote attackers to inject arbitrary web script or HTML via the uid parameter...

4.3CVSS5.8AI score0.02368EPSS

Exploits0References5

0day.today•added 2011/12/22 12:0 a.m.•64 views

Tiki Wiki CMS Groupware <= 8.2 (snarf_ajax.php) Remote PHP Injection

Exploit for php platform in category web applications ------------------------------------------------------------------------- Tiki Wiki CMS Groupware /tiki-8.2/snarfajax.php?url=1&regexres=phpinfo&regex=//e%00/ Tiki internal filters remove all null bytes from user input, but for some strange...

7.1AI score0.04271EPSS

Exploits7

RedHat Linux•added 2011/12/20 5:16 p.m.•5 views

tomcat: XSS vulnerability in HTML Manager interface

Multiple cross-site scripting XSS vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag...

4.3CVSS6.1AI score0.10228EPSS

Exploits2References4

Prion•added 2011/12/08 11:55 a.m.•16 views

Cross site scripting

Cross-site scripting XSS vulnerability in Etomite before 1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6.1AI score0.00921EPSS

Exploits0References2Affected Software1

UbuntuCve•added 2011/11/15 3:57 a.m.•28 views

CVE-2011-2771

Multiple cross-site scripting XSS vulnerabilities in Mahara before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 URI attributes and 2 the External Feed component, as demonstrated by the guid element in an RSS feed...

4.3CVSS5.9AI score0.01903EPSS

Exploits1References1

ATTACKERKB•added 2011/11/02 9:55 p.m.•2 views

CVE-2010-5025

Cross-site scripting XSS vulnerability in manage/main.php in CuteSITE CMS 1.2.3 and 1.5.0 allows remote attackers to inject arbitrary web script or HTML via the fldpath parameter. NOTE: some of these details are obtained from third party information...

4.3CVSS5.7AI score0.0172EPSS

Exploits1References7

Prion•added 2011/11/01 10:55 p.m.•13 views

Cross site scripting

Cross-site scripting XSS vulnerability in modules/slideshowmodule/slideshow.js.php in Exponent CMS 0.97.0 allows remote attackers to inject arbitrary web script or HTML via the u parameter...

4.3CVSS6.1AI score0.0173EPSS

Exploits0References6Affected Software1

ATTACKERKB•added 2011/10/09 10:55 a.m.•1 views

CVE-2010-4951

Cross-site scripting XSS vulnerability in the xaJax Shoutbox vxxajaxshoutbox extension before 1.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.7AI score0.01042EPSS

Exploits0References6

Prion•added 2011/10/08 2:52 a.m.•23 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in WebAccess in Novell GroupWise 8.0 before HP3 allow remote attackers to inject arbitrary web script or HTML via the 1 Directory.Item.name or 2 Directory.Item.displayName parameter...

4.3CVSS6AI score0.00943EPSS

Exploits0References2Affected Software1

RedHat Linux•added 2011/09/15 5:43 p.m.•2 views

Spacewalk: XSS on SystemGroupList.do page

Cross-site scripting XSS vulnerability in Spacewalk 1.6, as used in Red Hat Network RHN Satellite, allows remote attackers to inject arbitrary web script or HTML via the QueryString to the SystemGroupList.do page...

4.3CVSS5.9AI score0.01188EPSS

Exploits0References4

Prion•added 2011/08/29 6:55 p.m.•29 views

Cross site scripting

Cross-site scripting XSS vulnerability in activesupport/lib/activesupport/coreext/string/outputsafety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a...

4.3CVSS5.9AI score0.02492EPSS

Exploits0References14Affected Software2

Prion•added 2011/07/14 11:55 p.m.•15 views

Cross site scripting

Cross-site scripting XSS vulnerability in the RSS embedding feature in DokuWiki before 2011-05-25a Rincewind allows remote attackers to inject arbitrary web script or HTML via a link...

4.3CVSS6AI score0.01745EPSS

Exploits0References15Affected Software1

RedHat Linux•added 2011/06/22 11:14 p.m.•0 views

tomcat: cross-site-scripting vulnerability in the manager application

Multiple cross-site scripting XSS vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the 1 orderBy or 2 sort parameter to sessionsList.jsp, or unspecified input to 3...

4.3CVSS6.1AI score0.42009EPSS

Exploits1References4

NVD•added 2011/06/09 7:55 p.m.•17 views

CVE-2011-1819

Google Chrome before 12.0.742.91 allows remote attackers to perform unspecified injection into a chrome:// page via vectors related to extensions...

4.3CVSS6.5AI score0.01153EPSS

Exploits0References7

CVE•added 2011/06/09 7:0 p.m.•58 views

CVE-2011-1819

Google Chrome (before 12.0.742.91) is vulnerable to extension-injected access into chrome:// pages. The connected OpenVAS entries enumerate CVE-2011-1819 as part of a multi‑vulnerability set titled “Google Chrome Multiple Vulnerabilities (Jun 2011),” with the underlying issue described as extensi...

4.3CVSS6.5AI score0.01153EPSS

Exploits0References7Affected Software1

PyPA•added 2011/06/06 7:55 p.m.•6 views

PYSEC-2011-14

Cross-site scripting XSS vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

4.3CVSS5.9AI score0.02367EPSS

Exploits0References9Affected Software1

VulnCheck KEV•added 2011/06/06 12:0 a.m.•4 views

VulnCheck KEV: CVE-2011-2107

Cross-site scripting XSS vulnerability in Adobe Flash Player before 10.3.181.22 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.22 and earlier on Android, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "universal cross-site...

4.3CVSS6AI score0.03553EPSS

Exploits1References1

Positive Technologies•added 2011/05/20 12:0 a.m.•3 views

PT-2011-2777 · Cisco · Cisco Unified Operations Manager

Name of the Vulnerable Software and Affected Versions: Cisco Unified Operations Manager versions prior to 8.6 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities that allow remote attackers to inject arbitrary web script or HTML. This can be achieved via several...

4.3CVSS5.6AI score0.21464EPSS

Exploits6References12

Positive Technologies•added 2011/05/20 12:0 a.m.•2 views

PT-2011-2780 · Cisco · Cisco Unified Operations Manager

Name of the Vulnerable Software and Affected Versions: Cisco Unified Operations Manager versions prior to 8.6 Description: A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML via the tag parameter in the Common Services Device Center...

4.3CVSS5.2AI score0.04654EPSS

Exploits6References8

Prion•added 2011/04/27 12:55 a.m.•16 views

Cross site scripting

Cross-site scripting XSS vulnerability in profileinfo.php in MediaWiki before 1.15.5, when wgEnableProfileInfo is enabled, allows remote attackers to inject arbitrary web script or HTML via the filter parameter...

2.6CVSS6AI score0.01556EPSS

Exploits0References11Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by