CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4544 matches found

VulnCheck KEV•added 2017/08/01 12:0 a.m.•0 views

VulnCheck KEV: CVE-2017-20202

Web Developer for Chrome v0.4.9 contained malicious code that generated a domain via a DGA and fetched a remote script. The fetched script conditionally loaded follow-on modules that performed extensive ad substitution and malvertising, displayed fake “repair” alerts that redirected users to...

9.3CVSS5.9AI score0.00116EPSS

Exploits0References1

OSV•added 2017/07/27 6:29 a.m.•2 views

CVE-2017-11677

Cross-site scripting XSS vulnerability in Hashtopus 1.5g allows remote attackers to inject arbitrary web script or HTML via the query string to admin.php...

6.1CVSS5.9AI score0.00233EPSS

Exploits1References2

CNVD•added 2017/07/25 12:0 a.m.•1 views

Green Packet DX-350 Cross-Site Scripting Vulnerability

The Green Packet DX-350 is a network access point device from Green Packet USA. A cross-site scripting vulnerability exists in the Green Packet DX-350 using firmware version 2.8.9.5-g1.4.8-atheeb. A remote attacker can exploit the vulnerability by sending the 'action' parameter to the ajax.cgi fi...

6.1CVSS6AI score0.0024EPSS

Exploits1References1

Prion•added 2017/07/24 1:29 a.m.•13 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Markdown parser in Loomio before 1.8.0 allows remote attackers to inject arbitrary web script or HTML via non-sanitized Markdown content in a new thread or a thread comment...

3.5CVSS5.4AI score0.00227EPSS

Exploits1References3Affected Software1

CNVD•added 2017/07/24 12:0 a.m.•1 views

Markdown Preview Plus extension cross-site scripting vulnerability

Markdown Preview Plus MPP extension for Chrome is a markdown a markup language preview plugin for Chrome. A cross-site scripting vulnerability exists in versions of the MPP extension for Chrome platform prior to 0.5.7. A remote attacker can exploit this vulnerability to inject arbitrary web scrip...

6.1CVSS5.8AI score0.00242EPSS

Exploits1References1

OSV•added 2017/07/22 12:29 a.m.•2 views

CVE-2017-2274

Cross-site scripting vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS5.9AI score0.00229EPSS

Exploits0References2

CNVD•added 2017/07/21 12:0 a.m.•2 views

Multiple Apple products WebKit cross-site scripting vulnerability (CNVD-2017-17204)

Apple iOS, Safari, and tvOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser that comes with Mac OS X and iOS operating systems; and tvOS is an operating system for smart TVs. webKit is an open source web...

6.1CVSS5.7AI score0.0561EPSS

Exploits0References1

CNVD•added 2017/07/20 12:0 a.m.•1 views

MetInfo cross-site scripting vulnerability (CNVD-2017-25435)

MetInfo is a Content Management System CMS developed using PHP and Mysql. A cross-site scripting vulnerability exists in MetInfo version 5.3.17. The vulnerability can be exploited by remote attackers to inject arbitrary web script or HTML via Client-IP or X-Forwarded-For HTTP packet headers...

6.1CVSS6AI score0.00223EPSS

Exploits1References1

CNVD•added 2017/07/20 12:0 a.m.•3 views

Sitecore Cross-Site Scripting Vulnerability

Sitecore is an online marketing content management system CMS from Sitecore, Denmark. The system supports content editing, multiple languages, multi-site deployment, digital asset management and more. A cross-site scripting vulnerability exists in Sitecore version 8.2, which stems from the...

5.4CVSS5.3AI score0.00195EPSS

Exploits1References1

CNVD•added 2017/07/19 12:0 a.m.•2 views

EMC RSA Authentication Manager Cross-Site Scripting Vulnerability (CNVD-2017-24569)

EMC RSA Authentication Manager is a centralized binary authentication software from EMC. The software centralizes the management of binary authentication, security tokens, methods and users across physical sites. A cross-site scripting vulnerability exists in EMC RSA Authentication Manager 8.2 SP...

4.8CVSS5AI score0.00254EPSS

Exploits1References1

CNVD•added 2017/07/19 12:0 a.m.•2 views

Biscom Secure File Transfer Cross-Site Scripting Vulnerability

Biscom Secure File Transfer SFT is a Web-based file transfer solution from Biscom USA. The solution has features such as file sharing, workspace creation and automatic file cleanup. A cross-site scripting vulnerability exists in the Package Name field in Biscom SFT. A remote attacker could exploi...

5.4CVSS5.3AI score0.00224EPSS

Exploits0References1

CNVD•added 2017/07/12 12:0 a.m.•0 views

FineCMS stored cross-site scripting vulnerability (CNVD-2017-15721)

FineCMS is an efficient and simple small and medium-sized content management system based on PHP+MySql+CI framework development for multiple terminals, including Pc-side web pages and mobile web pages, support for customized content models and member models, and can be customized fields, can be...

6.1CVSS6.2AI score0.0024EPSS

Exploits0References1

CNVD•added 2017/07/12 12:0 a.m.•1 views

FineCMS Stored Cross-Site Scripting Vulnerability

6.1CVSS6.3AI score0.0024EPSS

Exploits0References1

CNVD•added 2017/07/07 12:0 a.m.•2 views

Joomla! cross-site scripting vulnerability (CNVD-2017-22326)

Joomla! CMS is a U.S. Open Source Matters team developed a set of open source content management system CMS. The system provides RSS feeds , site search and other functions . A cross-site scripting vulnerability exists in Joomla! CMS versions 1.7.3 to 3.7.2, which stems from a lack of cross-site...

6.1CVSS6.5AI score0.00411EPSS

Exploits0References1

CNVD•added 2017/07/05 12:0 a.m.•2 views

Webmin cross-site scripting vulnerability (CNVD-2017-21737)

Webmin is a web-based system administration tool for Unix-like operating systems developed by Australian software developer Jamie Cameron and the Webmin community. A cross-site scripting vulnerability exists in versions of Webmin prior to 1.850. This vulnerability can be exploited by remote...

6.1CVSS6AI score0.00601EPSS

Exploits3References1

CNVD•added 2017/07/04 12:0 a.m.•1 views

Synology Audio Station Cross-Site Scripting Vulnerability

Synology Audio Station is an audio manager from Synology, a Chinese company. A cross-site scripting vulnerability exists in Synology Audio Station version 5.1 before 5.1-2550 and version 5.4 before 5.4-2857. A remote attacker can exploit the vulnerability to inject arbitrary web script or HTML wi...

5.4CVSS6AI score0.00195EPSS

Exploits0References1

Japan Vulnerability Notes•added 2017/06/30 6:56 a.m.•1 views

Cross-site Scripting Vulnerability in multiple Hitachi products

Overview A cross-site scripting vulnerability was found in uCosminexus Portal Framework, Groupmax Collaboration, Hitachi Navigation Platform and JP1/Navigation Platform. Impact Remote users can exploit this vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor...

4.7CVSS6.3AI score

Exploits0References1

CNVD•added 2017/06/29 12:0 a.m.•1 views

CloudView NMS Cross-Site Scripting Vulnerability

CloudView NMS is a network management and monitoring system that automatically discovers, monitors and performs tasks from CloudView NMS USA. A cross-site scripting vulnerability exists in CloudView NMS versions prior to 2.10a. A remote attacker can exploit this vulnerability to inject arbitrary...

6.1CVSS6.5AI score0.00298EPSS

Exploits1References1

CNVD•added 2017/06/29 12:0 a.m.•1 views

CloudView NMS Cross-Site Scripting Vulnerability (CNVD-2017-12302)

CloudView NMS is a network management and monitoring system that automatically discovers, monitors and performs tasks from CloudView NMS USA. A cross-site scripting vulnerability exists in versions of CloudView NMS prior to 2.10a. A remote attacker can exploit this vulnerability to inject arbitra...

6.1CVSS6.5AI score0.00298EPSS

Exploits1References1

CNVD•added 2017/06/29 12:0 a.m.•3 views

GetSimple CMS 'admin/profile.php' Cross-Site Scripting Vulnerability

Cagintranet Networks GetSimple CMS is an XML-based content management system CMS from Cagintranet Networks, USA. The system includes a theme selector and editor, component editor, image and file managers, and more. A cross-site scripting vulnerability exists in the name field of the...

6.1CVSS6.2AI score0.0024EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by