CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3736 matches found

CNVD•added 2017/08/02 12:0 a.m.•2 views

MODX Revolution System Settings Module Cross-Site Scripting Vulnerability

MODX Revolution is the United States MODX company's set of PHP-based open source content management system CMS. The system supports online collaboration , search engine optimization SEO, add-ons , etc. System Settings module is one of the system settings module . A cross-site scripting...

6.1CVSS5.9AI score0.00223EPSS

Exploits0References1

CNVD•added 2017/08/02 12:0 a.m.•2 views

WordPress Etoile Ultimate Product Catalog Plugin Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress Etoile Ultimate Product Catalog is a product catalog editing and management component. Product Manually is a component for...

6.1CVSS6AI score0.00329EPSS

Exploits0References1

CNVD•added 2017/08/01 12:0 a.m.•1 views

Rocket.Chat Cross-Site Scripting Vulnerability

Rocket.Chat is an open source built in JavaScript using the Meteor fullstack framework developed by the Web chat server . A cross-site scripting vulnerability exists in the markdown link parsing code used for messages in Rocket.Chat. A remote attacker can exploit this vulnerability to inject...

6.1CVSS6.2AI score0.0021EPSS

Exploits0References1

CNVD•added 2017/08/01 12:0 a.m.•1 views

NetComm Wireless 4GT101W Router Cross-Site Scripting Vulnerability

NetComm Wireless 4GT101W routers is a wireless router product from NetComm Wireless Australia. A cross-site scripting vulnerability exists in NetComm Wireless 4GT101W routers running hardware version 0.01/software version V1.1.8.8/bootloader version 1.1.3. A remote attacker can exploit this...

5.4CVSS6.2AI score0.00206EPSS

Exploits1References1

OSV•added 2017/07/27 6:29 a.m.•2 views

CVE-2017-11677

Cross-site scripting XSS vulnerability in Hashtopus 1.5g allows remote attackers to inject arbitrary web script or HTML via the query string to admin.php...

6.1CVSS5.9AI score0.00233EPSS

Exploits1References2

CNVD•added 2017/07/25 12:0 a.m.•1 views

Green Packet DX-350 Cross-Site Scripting Vulnerability

The Green Packet DX-350 is a network access point device from Green Packet USA. A cross-site scripting vulnerability exists in the Green Packet DX-350 using firmware version 2.8.9.5-g1.4.8-atheeb. A remote attacker can exploit the vulnerability by sending the 'action' parameter to the ajax.cgi fi...

6.1CVSS6AI score0.0024EPSS

Exploits1References1

Prion•added 2017/07/24 1:29 a.m.•13 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Markdown parser in Loomio before 1.8.0 allows remote attackers to inject arbitrary web script or HTML via non-sanitized Markdown content in a new thread or a thread comment...

3.5CVSS5.4AI score0.00227EPSS

Exploits1References3Affected Software1

CNVD•added 2017/07/24 12:0 a.m.•1 views

Markdown Preview Plus extension cross-site scripting vulnerability

Markdown Preview Plus MPP extension for Chrome is a markdown a markup language preview plugin for Chrome. A cross-site scripting vulnerability exists in versions of the MPP extension for Chrome platform prior to 0.5.7. A remote attacker can exploit this vulnerability to inject arbitrary web scrip...

6.1CVSS5.8AI score0.00242EPSS

Exploits1References1

OSV•added 2017/07/22 12:29 a.m.•3 views

CVE-2017-2274

Cross-site scripting vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS5.9AI score0.00229EPSS

Exploits0References2

CNVD•added 2017/07/21 12:0 a.m.•2 views

Multiple Apple products WebKit cross-site scripting vulnerability (CNVD-2017-17204)

Apple iOS, Safari, and tvOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser that comes with Mac OS X and iOS operating systems; and tvOS is an operating system for smart TVs. webKit is an open source web...

6.1CVSS5.7AI score0.0561EPSS

Exploits0References1

CNVD•added 2017/07/20 12:0 a.m.•1 views

MetInfo cross-site scripting vulnerability (CNVD-2017-25435)

MetInfo is a Content Management System CMS developed using PHP and Mysql. A cross-site scripting vulnerability exists in MetInfo version 5.3.17. The vulnerability can be exploited by remote attackers to inject arbitrary web script or HTML via Client-IP or X-Forwarded-For HTTP packet headers...

6.1CVSS6AI score0.00223EPSS

Exploits1References1

CNVD•added 2017/07/20 12:0 a.m.•3 views

Sitecore Cross-Site Scripting Vulnerability

Sitecore is an online marketing content management system CMS from Sitecore, Denmark. The system supports content editing, multiple languages, multi-site deployment, digital asset management and more. A cross-site scripting vulnerability exists in Sitecore version 8.2, which stems from the...

5.4CVSS5.3AI score0.00195EPSS

Exploits1References1

CNVD•added 2017/07/19 12:0 a.m.•2 views

Biscom Secure File Transfer Cross-Site Scripting Vulnerability

Biscom Secure File Transfer SFT is a Web-based file transfer solution from Biscom USA. The solution has features such as file sharing, workspace creation and automatic file cleanup. A cross-site scripting vulnerability exists in the Package Name field in Biscom SFT. A remote attacker could exploi...

5.4CVSS5.3AI score0.00224EPSS

Exploits0References1

CNVD•added 2017/07/12 12:0 a.m.•0 views

FineCMS stored cross-site scripting vulnerability (CNVD-2017-15721)

FineCMS is an efficient and simple small and medium-sized content management system based on PHP+MySql+CI framework development for multiple terminals, including Pc-side web pages and mobile web pages, support for customized content models and member models, and can be customized fields, can be...

6.1CVSS6.2AI score0.0024EPSS

Exploits0References1

CNVD•added 2017/07/12 12:0 a.m.•1 views

FineCMS Stored Cross-Site Scripting Vulnerability

6.1CVSS6.3AI score0.0024EPSS

Exploits0References1

CNVD•added 2017/07/07 12:0 a.m.•2 views

Joomla! cross-site scripting vulnerability (CNVD-2017-22326)

Joomla! CMS is a U.S. Open Source Matters team developed a set of open source content management system CMS. The system provides RSS feeds , site search and other functions . A cross-site scripting vulnerability exists in Joomla! CMS versions 1.7.3 to 3.7.2, which stems from a lack of cross-site...

6.1CVSS6.5AI score0.00411EPSS

Exploits0References1

CNVD•added 2017/07/05 12:0 a.m.•2 views

Webmin cross-site scripting vulnerability (CNVD-2017-21737)

Webmin is a web-based system administration tool for Unix-like operating systems developed by Australian software developer Jamie Cameron and the Webmin community. A cross-site scripting vulnerability exists in versions of Webmin prior to 1.850. This vulnerability can be exploited by remote...

6.1CVSS6AI score0.00601EPSS

Exploits3References1

CNVD•added 2017/07/04 12:0 a.m.•1 views

Synology Audio Station Cross-Site Scripting Vulnerability

Synology Audio Station is an audio manager from Synology, a Chinese company. A cross-site scripting vulnerability exists in Synology Audio Station version 5.1 before 5.1-2550 and version 5.4 before 5.4-2857. A remote attacker can exploit the vulnerability to inject arbitrary web script or HTML wi...

5.4CVSS6AI score0.00195EPSS

Exploits0References1

CNVD•added 2017/06/29 12:0 a.m.•1 views

CloudView NMS Cross-Site Scripting Vulnerability

CloudView NMS is a network management and monitoring system that automatically discovers, monitors and performs tasks from CloudView NMS USA. A cross-site scripting vulnerability exists in CloudView NMS versions prior to 2.10a. A remote attacker can exploit this vulnerability to inject arbitrary...

6.1CVSS6.5AI score0.00298EPSS

Exploits1References1

CNVD•added 2017/06/29 12:0 a.m.•3 views

GetSimple CMS 'admin/profile.php' Cross-Site Scripting Vulnerability

Cagintranet Networks GetSimple CMS is an XML-based content management system CMS from Cagintranet Networks, USA. The system includes a theme selector and editor, component editor, image and file managers, and more. A cross-site scripting vulnerability exists in the name field of the...

6.1CVSS6.2AI score0.0024EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by