CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3736 matches found

CNVD•added 2019/01/09 12:0 a.m.•1 views

Multiple Cross-Site Scripting Vulnerabilities in Zenphoto

Zenphoto is a free photo gallery content management system developed by the Zenphoto team. The system manages images and supports multimedia such as audio and video. Zenphoto suffers from multiple cross-site scripting vulnerabilities. A remote attacker can exploit this vulnerability to inject...

6.1CVSS6.4AI score0.007EPSS

Exploits2References1

CNVD•added 2018/12/31 12:0 a.m.•1 views

hsweb cross-site scripting vulnerability

hsweb is a set of projects for rapid construction of enterprise website backend management system, which integrates online code generation, rights management, single sign-on and dynamic multi-data source distributed transaction processing and other functions. A cross-site scripting vulnerability...

6.1CVSS6.3AI score0.00223EPSS

Exploits1References1

CNVD•added 2018/12/31 12:0 a.m.•1 views

UCMS cross-site scripting vulnerability (CNVD-2019-00981)

UCMS is a content management system written in PHP. A cross-site scripting vulnerability exists in UCMS version 1.4.7. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of the 'dir' parameter...

4.8CVSS5.9AI score0.00215EPSS

Exploits1References1

CNVD•added 2018/12/29 12:0 a.m.•7 views

DouCo DouPHP Cross-Site Scripting Vulnerability (CNVD-2019-00999)

DouCo DouPHP is a lightweight open source CMS Content Management System based on PHP and MySQL. A cross-site scripting vulnerability exists in admin/article.php?rec=update in DouCo DouPHP version 1.5 20181221. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

4.8CVSS6AI score0.00235EPSS

Exploits1References1

CNVD•added 2018/12/29 12:0 a.m.•2 views

DouCo DouPHP cross-site scripting vulnerability (CNVD-2019-00997)

DouCo DouPHP is a lightweight open source CMS Content Management System based on PHP and MySQL. A cross-site scripting vulnerability exists in admin/product.php?rec=update in DouCo DouPHP version 1.5 20181221. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

4.8CVSS6AI score0.00235EPSS

Exploits1References1

CNVD•added 2018/12/27 12:0 a.m.•2 views

Allen-Bradley PowerMonitor 1000 Cross-Site Scripting Vulnerability

Rockwell Automation Allen-Bradley PowerMonitor 1000 is a power monitoring device from Rockwell Automation. A cross-site scripting vulnerability exists in the /Security/Security.shtm page in the Rockwell Automation Allen-Bradley PowerMonitor 1000. A remote attacker can exploit this vulnerability t...

6.1CVSS6AI score0.00217EPSS

Exploits1References1

OSV•added 2018/12/24 3:29 p.m.•2 views

CVE-2018-8917

Cross-site scripting XSS vulnerability in info.cgi in Synology DiskStation Manager DSM before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter...

5.4CVSS5.9AI score

Exploits0References1

CNVD•added 2018/12/10 12:0 a.m.•1 views

Sales & Company Management System Cross-Site Scripting Vulnerability

Sales & Company Management System SCMS is a sales and company management system. The system includes features such as customer management, product management and tax management. A cross-site scripting vulnerability exists in the memberemail.php file in SCMS 2018-06-06 and prior versions, which ca...

6.1CVSS6AI score0.0024EPSS

Exploits1References1

CNVD•added 2018/11/27 12:0 a.m.•1 views

TIBCO Statistica Server TIBCO Statistica Component Cross-Site Scripting Vulnerability

TIBCO Statistica Server is a suite of job servers from TIBCO Software that provides a governance framework for shared workspaces and reusable templates.Statistica is one of the components... A cross-site scripting vulnerability exists in the web application of the TIBCO Statistica component in...

7.6CVSS6.3AI score0.00245EPSS

Exploits0References1

CNVD•added 2018/11/19 12:0 a.m.•1 views

Centreon Cross-Site Scripting Vulnerability (CNVD-2019-00828)

Centreon formerly known as Merethis Centreon is an open source IT monitoring software suite from Centreon France that needs to be paired with Nagios to manage Nagios via the web and third-party components to enable monitoring of networks, operating systems and applications. A cross-site scripting...

5.4CVSS5.3AI score0.00092EPSS

Exploits1References1

CNVD•added 2018/11/19 12:0 a.m.•3 views

Jupyter Notebook Cross-Site Scripting Vulnerability (CNVD-2019-09601)

Jupyter Notebook is an open source web application that creates and shares documents containing live code, equations, visualizations, and narrative text. A cross-site scripting vulnerability exists in Jupyter Notebook versions prior to 5.7.2, which stems from a failure to securely handle URLs in...

6.1CVSS6AI score0.00283EPSS

Exploits0References1

OSV•added 2018/11/15 3:29 p.m.•1 views

CVE-2018-0699

Cross-site scripting vulnerability in YukiWiki 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS5.9AI score

Exploits0References2

CNVD•added 2018/11/12 12:0 a.m.•3 views

DomainMOD cross-site scripting vulnerability (CNVD-2019-07973)

DomainMOD is an open source application for managing your domain names and other Internet assets in a centralized location. A cross-site scripting vulnerability exists in DomainMOD versions 4.11.01 and earlier, which can be exploited by remote attackers to inject arbitrary web script or HTML via...

6.1CVSS6AI score0.00278EPSS

Exploits5References1

CNVD•added 2018/11/12 12:0 a.m.•2 views

DomainMOD cross-site scripting vulnerability (CNVD-2019-07972)

6.1CVSS6.1AI score0.00282EPSS

Exploits1References1

CNVD•added 2018/11/08 12:0 a.m.•2 views

Cisco Prime Service Catalog Cross-Site Scripting Vulnerability (CNVD-2019-01895)

Cisco Prime Service Catalog PSC is a service catalog solution from Cisco USA that provides all IT services through a single portal. The solution supports automated ordering of a unified service catalog for computing, networking, storage, and other data center resources. A cross-site scripting...

5.4CVSS5.4AI score0.00171EPSS

Exploits0References1

CNVD•added 2018/11/02 12:0 a.m.•3 views

Arcserve Unified Data Protection Cross-Site Scripting Vulnerability

Arcserve Unified Data Protection UDP is a set of unified data protection solutions from Arcserve, Inc. in the United States. The solution provides backup and recovery of all virtual and physical environments, global deduplication, and more. A cross-site scripting vulnerability exists in the...

6.1CVSS5.9AI score0.00309EPSS

Exploits0References1

CNVD•added 2018/11/02 12:0 a.m.•3 views

Pagoda Linux panel cross-site scripting vulnerability

Pagoda Linux panel is a Linux hosting panel from China Pagoda Pagoda Network Technology Company. A cross-site scripting vulnerability exists in Pagoda Linux panel version 6.0. The vulnerability can be exploited by a remote attacker to inject arbitrary web script or HTML via a CAPTCHA associated...

6.1CVSS5.9AI score0.0024EPSS

Exploits0References1

CNVD•added 2018/10/26 12:0 a.m.•2 views

D-link DSL-2640T Cross-Site Scripting Vulnerability

The D-link DSL-2640T is a wireless router from AUO D-Link. A cross-site scripting vulnerability exists in the cgi-bin/webcm page in the D-link DSL-2640T. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the 'var:RelaodHref' or 'var:conid' parameter...

6.1CVSS5.9AI score0.00207EPSS

Exploits1References1

CNVD•added 2018/10/19 12:0 a.m.•1 views

Aryanic HighPortal Cross-Site Scripting Vulnerability

Aryanic HighPortal is an enterprise portal system based on Java and ASP.NET. A cross-site scripting vulnerability exists in Aryanic HighPortal version 12.5. A remote attacker can exploit this vulnerability by adding tags to inject arbitrary web script or HTML...

6.1CVSS6AI score0.00211EPSS

Exploits2References1

CNVD•added 2018/10/18 12:0 a.m.•1 views

BigTree CMS cross-site scripting vulnerability (CNVD-2018-21319)

Fastspot BigTree is the United States Fastspot company based on PHP and MySQL open source content management system CMS. A cross-site scripting vulnerability exists in /admin/ajax/file-browser/upload/ in Fastspot BigTree version 4.2.23. A remote attacker can exploit this vulnerability to inject...

6.1CVSS5.9AI score0.04598EPSS

Exploits4References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by