CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4544 matches found

CNVD•added 2018/03/09 12:0 a.m.•2 views

Eramba Date Filter Cross-Site Scripting Vulnerability

Eramba is an open source enterprise level IT governance application from Eramba UK. The program features IT security, compliance auditing and analysis, etc. Date Filter is one of the data filters. A cross-site scripting vulnerability exists in Date Filter in Eramba. A remote attacker can exploit...

6.1CVSS6.2AI score0.0024EPSS

Exploits1References1

CNVD•added 2018/03/08 12:0 a.m.•1 views

Cisco Identity Services Engine Cross-Site Scripting Vulnerability (CNVD-2018-06462)

Cisco Identity Services Engine ISE is an identity-based environment awareness platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users and devices, and develops and enforces policies to regulate the network. A cross-site scripting...

6.1CVSS6.5AI score0.00332EPSS

Exploits0References1

CNVD•added 2018/03/02 12:0 a.m.•1 views

WordPress Plugin Ninja Forms Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports in PHP and MySQL servers to set up a personal blog site . Ninja Forms is one of the form plug-ins . A cross-site scripting vulnerability exists in the WordPress plugi...

6.1CVSS6.1AI score0.0021EPSS

Exploits0References1

CNVD•added 2018/03/02 12:0 a.m.•3 views

Citrix NetScaler Application Delivery Controller and NetScaler Gateway Multiple Cross-Site Scripting Vulnerabilities

Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway formerly known as Citrix Access Gateway Enterprise Edition are both products of Citrix Systems. NetScaler ADC is a service and application delivery solution Application Delivery Controller; NetScaler Gateway is a secure...

6.1CVSS6AI score0.00255EPSS

Exploits0References1

CNVD•added 2018/02/27 12:0 a.m.•3 views

Etherpad Lite Cross-Site Scripting Vulnerability

Etherpad Lite is the Etherpad Foundation's suite of open source rich text online collaboration software. A cross-site scripting vulnerability exists in the static/js/padutils.js file in Etherpad Lite versions prior to 1.6.3. A remote attacker can use window.location.href to inject arbitrary Web...

6.1CVSS6.3AI score0.0033EPSS

Exploits0References1

CNVD•added 2018/02/26 12:0 a.m.•0 views

HPE Matrix Operating Environment Software and Systems Insight Manager Software Cross-Site Scripting Vulnerability

HPE Matrix Operating Environment Software and Systems Insight Manager SIM Software are both products of Hewlett Packard Enterprise HPE, U.S. HPE Matrix Operating Environment Software is a set of cloud management software designed for infrastructure services. HPE Matrix Operating Environment...

5.4CVSS6.2AI score0.003EPSS

Exploits0References1

CNVD•added 2018/02/26 12:0 a.m.•1 views

mcholste Enterprise Log Search and Archive Cross-Site Scripting Vulnerability

mcholste Enterprise Log Search and Archive ELSA is an enterprise log search and archive system. A cross-site scripting vulnerability exists in the index view in mcholste ELSA version 1205, commit 2cc17f1 and earlier. A remote attacker can leverage the 'type', 'name', and 'value' parameters in...

6.1CVSS6.2AI score0.0024EPSS

Exploits0References1

CNVD•added 2018/02/26 12:0 a.m.•3 views

Cisco Data Center Analytics Framework Cross-Site Scripting Vulnerability (CNVD-2018-05306)

Cisco Data Center Analytics Framework DCAF application is a set of data center analytics frameworks from the U.S. company Cisco Cisco. A cross-site scripting vulnerability exists in the web-based management interface of the Cisco DCAF application, which stems from the program's failure to...

6.1CVSS6.6AI score0.00319EPSS

Exploits0References1

CNVD•added 2018/02/23 12:0 a.m.•3 views

Cisco Prime Service Catalog Cross-Site Scripting Vulnerability (CNVD-2018-05348)

Cisco Prime Service Catalog PSC is a service catalog solution from Cisco USA that provides all IT services through a single portal. The solution supports automated ordering of a unified service catalog for computing, networking, storage, and other data center resources. A cross-site scripting...

6.1CVSS6.7AI score0.0017EPSS

Exploits0References1

CNVD•added 2018/02/23 12:0 a.m.•2 views

Trend Micro Email Encryption Gateway Cross-Site Scripting Vulnerability (CNVD-2018-04491)

Trend Micro Email Encryption is a suite of identity-based email encryption solutions from Trend Micro, Inc. The Trend Micro Email Encryption Gateway TMEEG is one of the gateway products that provides data protection. A cross-site scripting vulnerability exists in the policy script in Trend Micro...

5.4CVSS6.3AI score0.00163EPSS

Exploits5References1

CNVD•added 2018/02/09 12:0 a.m.•3 views

PHP Scripts Mall Naukri Clone Script Cross-Site Scripting Vulnerability

PHP Scripts Mall Naukri Clone Script is an online recruitment system script based on PHP and MySQL platform by PHP Scripts Mall India. A cross-site scripting vulnerability exists in PHP Scripts Mall Naukri Clone Script version 3.0.3. The vulnerability can be exploited by a remote attacker to inje...

5.4CVSS6.2AI score0.00181EPSS

Exploits1References1

CNVD•added 2018/02/05 12:0 a.m.•1 views

MTS Simple Booking C and MTS Simple Booking Business Cross-Site Scripting Vulnerabilities

MTS Simple Booking C and MTS Simple Booking Business are both online booking plugins for WordPress developed by MT Systems Japan. A cross-site scripting vulnerability exists in MTS Simple Booking C and MTS Simple Booking Business versions 1.28.0 and earlier. A remote attacker can exploit this...

6.1CVSS6.2AI score0.0026EPSS

Exploits0References1

OSV•added 2018/02/02 9:29 p.m.•0 views

CVE-2016-0303

Cross-site scripting XSS vulnerability in IBM Tivoli Integrated Portal 2.2.0.0 through 2.2.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.4CVSS5.9AI score

Exploits0References1

CNVD•added 2018/02/01 12:0 a.m.•2 views

iBall 300M Cross-Site Scripting Vulnerability

The iBall 300M is a wireless router product from iBall India. A cross-site scripting vulnerability exists in /goform/setLang in iBall 300M using iB-WRB302N1.0.1-Sep 8 2017 version firmware. A remote attacker can exploit the vulnerability to inject arbitrary web script or HTML with the help of the...

6.1CVSS6AI score0.00373EPSS

Exploits1References1

OSV•added 2018/01/30 8:29 p.m.•1 views

CVE-2018-6194

A cross-site scripting XSS vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin wp-splashing-images before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search parameter to wp-admin/upload.php...

4.8CVSS5.8AI score

Exploits0References4

CNVD•added 2018/01/24 12:0 a.m.•2 views

Elasticsearch Kibana Cross-Site Scripting Vulnerability

Elasticsearch Kibana formerly known as elasticsearch-dashboard is a suite of open-source, browser-based analytics and search Elasticsearch dashboard tools from the Dutch company Elasticsearch. A cross-site scripting vulnerability exists in Elasticsearch Kibana versions 5.6.6 and 6.1.2, which stem...

6.1CVSS6.8AI score0.00375EPSS

Exploits0References1

ATTACKERKB•added 2018/01/18 6:29 a.m.•1 views

CVE-2018-0098

A vulnerability in the web-based management interface of Cisco WAP150 Wireless-AC/N Dual Radio Access Point with Power over Ethernet PoE and WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point with PoE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attac...

6.1CVSS5.8AI score0.0012EPSS

Exploits0References3

CNVD•added 2018/01/17 12:0 a.m.•2 views

WordPress SrbTransLatin Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development , the platform supports in PHP and MySQL server set up personal blog site . SrbTransLatin plugin is used in one of the language conversion plugin . A cross-site scripting vulnerability exists ...

4.8CVSS6AI score0.00225EPSS

Exploits1References1

OSV•added 2018/01/16 7:29 p.m.•0 views

CVE-2017-8802

Cross-site scripting XSS vulnerability in Zimbra Collaboration Suite aka ZCS before 8.8.0 Beta2 might allow remote attackers to inject arbitrary web script or HTML via vectors related to the "Show Snippet" functionality...

5.4CVSS5.9AI score

Exploits0References4

CNVD•added 2018/01/15 12:0 a.m.•1 views

Dotclear admin/auth.php file cross-site scripting vulnerability

Dotclear is a software developer Olivier Meunier developed a free PHP and MySQL-based blog Blog publishing software. A cross-site scripting vulnerability exists in the admin/auth.php file in Dotclear version 2.12.1. This vulnerability can be exploited by remote attackers to inject arbitrary web...

5.4CVSS6AI score0.00163EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by