CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3736 matches found

CNVD•added 2018/10/16 12:0 a.m.•2 views

Agentejo Cockpit Cross-Site Scripting Vulnerability

Agentejo Cockpit is a management system for managing structured content on websites. A cross-site scripting vulnerability exists in Agentejo Cockpit version 0.6.2. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

6.1CVSS6AI score0.0024EPSS

Exploits2References1

CNVD•added 2018/10/16 12:0 a.m.•2 views

LUYA CMS Cross-Site Scripting Vulnerability

LUYA CMS is a scalable content management system CMS. A cross-site scripting vulnerability exists in LUYA CMS version 1.0.12. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via /admin/api-cms-nav/create-page...

6.1CVSS5.9AI score0.00211EPSS

Exploits2References1

CNVD•added 2018/10/16 12:0 a.m.•1 views

nc-cms cross-site scripting vulnerability

nc-cms is a PHP-based embeddable lightweight CMS content management system. A cross-site scripting vulnerability exists in the index.php?action=edithtml&name=homecontent URI in nc-cms 2017-03-10 and earlier versions, which can be exploited by remote attackers to inject malicious JavaScript code...

4.8CVSS5AI score0.00235EPSS

Exploits0References1

OSV•added 2018/10/14 9:29 p.m.•1 views

CVE-2018-18291

A cross site scripting XSS vulnerability on ASUS RT-AC58U 3.0.0.4.3806516 devices allows remote attackers to inject arbitrary web script or HTML via AdvancedASUSDDNSContent.asp, AdvancedWSecurityContent.asp, AdvancedWirelessContent.asp, Logout.asp, MainLogin.asp, MobileQISLogin.asp, QISwizard.htm...

6.1CVSS5.5AI score0.00223EPSS

Exploits1References1

OSV•added 2018/10/10 9:29 p.m.•1 views

CVE-2018-18062

An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. A reflected XSS vulnerability allows remote attackers to inject arbitrary web script or HTML...

6.1CVSS5.9AI score0.00223EPSS

Exploits3References1

OSV•added 2018/09/22 2:29 a.m.•1 views

CVE-2018-17322

Cross-site scripting XSS vulnerability in index.php/index/category/index in YUNUCMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the area parameter...

6.1CVSS5.9AI score0.00208EPSS

Exploits1References1

CNVD•added 2018/09/21 12:0 a.m.•1 views

Micro Focus ArcSight Management Center Cross-Site Scripting Vulnerability

Micro Focus ArcSight Management Center ArcMC is a security management center from Micro Focus UK that centrally manages ArcSight e.g. HP ArcSight Logger, etc. deployments through a unified interface. A cross-site scripting vulnerability exists in Micro Focus ArcMC versions prior to 2.81, which ca...

6.5CVSS6.1AI score0.00288EPSS

Exploits0References1

OSV•added 2018/09/17 9:58 p.m.•9 views

GHSA-77PC-Q5Q7-QG9H Moderate severity vulnerability that affects rails-html-sanitizer

Withdrawn, accidental duplicate publish. Cross-site scripting XSS vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node...

6.1CVSS6AI score0.00163EPSS

Exploits0References2

OSV•added 2018/09/10 11:29 p.m.•1 views

CVE-2018-16805

In b3log Solo 2.9.3, XSS in the Input page under the Publish Articles menu, with an ID of linkAddress stored in the link JSON field, allows remote attackers to inject arbitrary Web scripts or HTML via a crafted site name provided by an administrator...

4.8CVSS5.7AI score

Exploits0References1

CNVD•added 2018/09/04 12:0 a.m.•1 views

IdeaCMS Cross-Site Scripting Vulnerability

IdeaCMS is a PHP and MySQL based enterprise website building system. A cross-site scripting vulnerability exists in IdeaCMS 2016-04-30 and earlier versions, which can be exploited by remote attackers to inject arbitrary Web script or HTML by sending the 'kw' parameter to...

6.1CVSS5.9AI score0.0024EPSS

Exploits0References1

CNVD•added 2018/08/30 12:0 a.m.•1 views

CyBroHttpServer Cross-Site Scripting Vulnerability

Cybrotech CyBroHttpServer is a communication server for reading/writing CyBro variables by name from Cybrotech UK. A cross-site scripting vulnerability exists in Cybrotech CyBroHttpServer version 1.0.3. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via a...

6.1CVSS5.8AI score0.03778EPSS

Exploits5References1

OSV•added 2018/08/28 8:29 p.m.•0 views

UBUNTU-CVE-2017-15429

Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

6.1CVSS7.4AI score0.00728EPSS

Exploits0References3

OSV•added 2018/08/28 7:29 p.m.•3 views

CVE-2017-15430

Insufficient data validation in Chromecast plugin in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

4.3CVSS7.4AI score

Exploits0References2

CNVD•added 2018/08/27 12:0 a.m.•1 views

Zyxel VMG3312-B10B cross-site scripting vulnerability (CNVD-2018-17658)

The Zyxel VMG3312 B10B is an Internet access gateway device from Hopkins ZyXEL Technology. A cross-site scripting vulnerability exists in the Zyxel VMG3312 B10B. A remote attacker can exploit this vulnerability by sending the 'hostname' parameter to the...

6.1CVSS6AI score0.0024EPSS

Exploits0References1

CNVD•added 2018/08/20 12:0 a.m.•1 views

tp5cms Cross-site Scripting Vulnerability

tp5cms is a content management system CMS framework written in the PHP language and based on technologies such as ThinkPHP, swiper and bootstrap. A cross-site scripting vulnerability exists in tp5cms 2017-05-25 and earlier versions. A remote attacker can exploit this vulnerability to inject...

6.1CVSS5.9AI score0.0024EPSS

Exploits1References1

OSV•added 2018/08/10 4:29 p.m.•1 views

CVE-2018-14503

Cross-site scripting XSS vulnerability in intervalCheck.jsp in Coremail XT 3.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter...

6.1CVSS5.9AI score0.00223EPSS

Exploits1References1

CNVD•added 2018/08/07 12:0 a.m.•1 views

QCMS Cross-Site Scripting Vulnerability (CNVD-2019-10275)

QCMS is an open source content management system CMS for creating responsive websites. A cross-site scripting vulnerability exists in upload/System/Controller/backend/slideshow.php in QCMS 3.0.1, which can be exploited by remote attackers to inject arbitrary web script or HTML...

4.8CVSS4.9AI score0.00235EPSS

Exploits1References1

CNVD•added 2018/08/07 12:0 a.m.•3 views

HPE XP P9000 Command View Advanced Edition Software Cross-Site Scripting Vulnerability

HPE XP P9000 Command View Advanced Edition Software CVAE is a suite of device management software from Hewlett Packard Enterprise HPE that enables storage management for HPE XP P9000 disk array products.DevMgr , TSMgr, and RepMgr are among the management modules. A cross-site scripting...

6.1CVSS6.1AI score0.00453EPSS

Exploits0References1

CNVD•added 2018/08/01 12:0 a.m.•1 views

Red Hat Satellite Cross-Site Scripting Vulnerability (CNVD-2018-15904)

Red Hat Satellite is a suite of system management platforms from Red Hat, Inc. that can be used to extend Linux infrastructures and provide system management functions such as administration, configuration, and monitoring. A cross-site scripting vulnerability exists in the Failed Systems page in...

5.4CVSS4.9AI score0.00205EPSS

Exploits0References1

OSV•added 2018/07/31 2:29 p.m.•1 views

CVE-2018-12943

Cross-Site Scripting XSS vulnerability in every page that includes the "action" URL parameter in SeedDMS formerly LetoDMS and MyDMS before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter...

6.1CVSS5.9AI score0.00238EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by