CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4544 matches found

OSV•added 2018/04/03 12:0 a.m.•1 views

UBUNTU-CVE-2018-4133

An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the "WebKit" component. A Safari cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

6.1CVSS7AI score0.00501EPSS

Exploits0References5

CNVD•added 2018/04/02 12:0 a.m.•1 views

CA API Developer Portal Cross-Site Scripting Vulnerability

CA API Developer Portal is a set of CA's API Application Programming Interface query function for software developers. A cross-site scripting vulnerability exists in the profile picture handling in CA API Developer Portal, which stems from the program failing to properly filter user-submitted HTM...

6.1CVSS6.5AI score0.00233EPSS

Exploits0References1

CNVD•added 2018/04/02 12:0 a.m.•1 views

Apple Safari WebKit cross-site scripting vulnerability (CNVD-2018-07657)

Apple Safari is a web browser from Apple, and is the default browser that comes with the Mac OS X and iOS operating systems.WebKit is a set of open-source web browser engines developed by KDE, Apple, and Google, and is currently used by Apple Safari and Google Chrome, among other browsers. Google...

6.1CVSS5.4AI score0.00501EPSS

Exploits0References1

CNVD•added 2018/03/30 12:0 a.m.•1 views

ASUS RT-N14UHP 'flag' parameter cross-site scripting vulnerability

The ASUS RT-N14UHP is a wireless router device from ASUS. A cross-site scripting vulnerability exists in the 'flag' parameter in ASUS RT-N14UHP devices prior to version 3.0.0.4.380.8015. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

6.1CVSS6.1AI score0.0024EPSS

Exploits1References1

CNVD•added 2018/03/30 12:0 a.m.•1 views

CA API Developer Portal Cross-Site Scripting Vulnerability

CA API Developer Portal is a set of CA's API Application Programming Interface query function for software developers. A cross-site scripting vulnerability exists in the profile picture handling in CA API Developer Portal versions 3.5 through 3.5 CR6, which stems from the program failing to...

6.1CVSS6.5AI score0.00233EPSS

Exploits0References1

CNVD•added 2018/03/29 12:0 a.m.•1 views

bui select component cross-site scripting vulnerability

bui is a front-end framework based on JQuery. select component is one of the search component. A cross-site scripting vulnerability exists in the select component in bui 2018-03-13 and prior versions, which stems from a program performing an escape operation on escaped text. A remote attacker can...

6.1CVSS6.2AI score0.01433EPSS

Exploits1References1

CNVD•added 2018/03/28 12:0 a.m.•1 views

QQQ SYSTEMS cross-site scripting vulnerability (CNVD-2018-07698)

QQQ SYSTEMS is a set of CGI scripts for creating quiz pages. A cross-site scripting vulnerability exists in QQQ SYSTEMS version 2.24. A remote attacker can exploit this vulnerability to inject arbitrary web scripts via the quiz.cgi file...

6.1CVSS6.2AI score0.00211EPSS

Exploits0References1

OSV•added 2018/03/27 9:29 p.m.•0 views

CVE-2017-7631

Cross-site scripting XSS vulnerability in the share link function of File Station of QNAP 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to inject arbitrary web script or HTML...

6.1CVSS5.9AI score

Exploits0References1

CNVD•added 2018/03/27 12:0 a.m.•2 views

BMC Remedy Action Request System Cross-Site Scripting Vulnerability

BMC Remedy Action Request AR System is a suite of mobile digital enterprise management platforms for IT departments from BMC Software, USA. A cross-site scripting vulnerability exists in version 9.0 of the BMC Remedy Action Request AR System prior to 9.0.00 Service Pack 2 hot fix 1. A remote...

6.1CVSS6.1AI score0.00301EPSS

Exploits0References1

CNVD•added 2018/03/26 12:0 a.m.•1 views

dsmall cross-site scripting vulnerability (CNVD-2018-07545)

dsmall is a multi-user platform-level online shopping mall system. A cross-site scripting vulnerability exists in dsmall version 20180320. A remote attacker can exploit this vulnerability by sending the 'pdrsn' parameter to the public/index.php/home/predeposit/index.html page to inject arbitrary...

5.4CVSS6.2AI score0.00206EPSS

Exploits1References1

OSV•added 2018/03/19 8:29 p.m.•0 views

CVE-2018-8732

Cross-site scripting XSS vulnerability in WampServer 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the virtualdel parameter...

5.4CVSS5.9AI score

Exploits0References2

OSV•added 2018/03/15 10:29 p.m.•1 views

CVE-2016-0223

Cross-site scripting XSS vulnerability in the Webform Framework API in IBM Forms Server 4.0.x, 8.0.x, 8.1, and 8.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110006...

6.1CVSS5.9AI score

Exploits0References2

CNVD•added 2018/03/15 12:0 a.m.•1 views

SAP NetWeaver RunTime Cross-Site Scripting Vulnerability

SAP NetWeaver RunTime is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A cross-site scripting vulnerability exists in SAP NetWeaver RunTime, which arises from the program's...

6.1CVSS6.7AI score0.00313EPSS

Exploits0References1

CNVD•added 2018/03/14 12:0 a.m.•2 views

OSIsoft PI Web API Cross-Site Scripting Vulnerability

The OSIsoft PI Web API is a product for accessing PI system data. A cross-site scripting vulnerability exists in OSIsoft PI Web API 2017 R2 and prior versions, which can be exploited by remote attackers to inject arbitrary web script or HTML...

6.1CVSS6.2AI score0.0018EPSS

Exploits0References1

CNVD•added 2018/03/14 12:0 a.m.•2 views

OSIsoft PI Vision Cross-Site Scripting Vulnerability

PI Vision is the leading visualization tool for quick, easy and secure access to all PI System™ data. A cross-site scripting vulnerability exists in OSIsoft PI Vision 2017 and prior versions, which can be exploited by remote attackers to inject arbitrary web script or HTML because the...

6.1CVSS6AI score0.0018EPSS

Exploits0References1

OSV•added 2018/03/13 7:29 p.m.•1 views

CVE-2018-7405

Cross-site scripting XSS in Zoho ManageEngine EventLog Analyzer before 11.12 Build 11120 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS5.9AI score0.00479EPSS

Exploits0References2

OSV•added 2018/03/12 9:29 p.m.•1 views

CVE-2016-0261

Cross-site scripting XSS vulnerability in IBM Curam Social Program Management 6.0.0 before SP2 EP29, 6.0.4 before 6.0.4.6 iFix3, 6.0.5 before 6.0.5.9 iFix2, 6.1.0 before 6.1.0.1 iFix1, and 6.1.1 before 6.1.1.1 iFix1; and IBM Care Management 6.0 allows remote attackers to inject arbitrary web scri...

5.4CVSS5.9AI score

Exploits0References2

OSV•added 2018/03/09 7:29 p.m.•1 views

CVE-2016-0253

Cross-site scripting XSS vulnerability in IBM Financial Transaction Manager FTM for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager FTM for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager FTM f...

5.4CVSS5.9AI score0.00129EPSS

Exploits0References2

CNVD•added 2018/03/09 12:0 a.m.•1 views

Media Streaming add-on cross-site scripting vulnerability

QNAP NAS application Media Streaming add-on is a video streaming loading application for QNAP NAS devices from QNAP Systems. A cross-site scripting vulnerability exists in QNAP NAS application Media Streaming add-on version 21.1.0.2 and earlier and version 430.1.2.0 and earlier. A remote attacker...

6.1CVSS6.1AI score0.0025EPSS

Exploits0References1

CNVD•added 2018/03/09 12:0 a.m.•1 views

Jease Cross-Site Scripting Vulnerability (CNVD-2018-04746)

Jease is a set of open source content management system CMS written in Java language . A cross-site scripting vulnerability exists in Jease. A remote attacker can exploit this vulnerability to inject arbitrary Web script or HTML...

5.4CVSS6.3AI score0.00138EPSS

Exploits3References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by