CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4536 matches found

CNVD•added 2015/10/30 12:0 a.m.•3 views

Janitza UMG has multiple cross-site scripting vulnerabilities

The Janitza UMG is an online power quality monitor for the energy industry from Janitza Germany. The Janitza UMG 508, 509, 511, 604, 605, suffers from multiple cross-site scripting vulnerabilities. This allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6.2AI score0.00888EPSS

Exploits0References1

CNVD•added 2015/10/30 12:0 a.m.•2 views

Infinite Automation Mango Automation Cross-Site Scripting Vulnerability

Infinite Automation Mango Automation is the United States Infinite Automation Systems, Inc. of a set of open source Web-based SCADA data acquisition and supervisory control, HMI and automation software. A cross-site scripting vulnerability exists in Infinite Automation Mango Automation 2.5.x and...

3.5CVSS5.9AI score0.01303EPSS

Exploits1References1

CNVD•added 2015/10/21 12:0 a.m.•1 views

Multiple Cross-Site Scripting Vulnerabilities in Nordex NC2

Nordex Control 2 is a web-based SCADA system for wind power stations. Multiple cross-site scripting vulnerabilities exist in the Nordex Control 2 NC2 SCADA 16 and earlier versions, Wind Farm Portal application. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTM...

4.3CVSS6.2AI score0.19026EPSS

Exploits1References1

Vulnrichment•added 2015/10/18 7:0 p.m.•3 views

CVE-2015-6477

Multiple cross-site scripting XSS vulnerabilities in the Wind Farm Portal application in Nordex Control 2 NC2 SCADA 16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.8AI score0.19026EPSS

Exploits1References3

Prion•added 2015/10/16 8:59 p.m.•28 views

Cross site scripting

Cross-site scripting XSS vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1812...

4.3CVSS5.8AI score0.00215EPSS

Exploits0References4Affected Software2

CNVD•added 2015/10/16 12:0 a.m.•1 views

Revive Adserver Cross-Site Scripting Vulnerability (CNVD-2015-06712)

Revive Adserver is an open source ad management system from the Revive Adserver team. A cross-site scripting vulnerability exists in the plugin upgrade form of Revive Adserver versions prior to 3.2.2, which can be exploited by a remote attacker to inject arbitrary Web script or HTML with the help...

4.3CVSS6AI score0.00256EPSS

Exploits1References1

CNVD•added 2015/10/15 12:0 a.m.•2 views

Microsoft SharePoint Cross-Site Scripting Vulnerability (CNVD-2015-06635)

Microsoft SharePoint Server and SharePoint Foundation are both business collaboration platforms from Microsoft Corporation. A cross-site scripting vulnerability exists in Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1. A remote attacker can exploit this vulnerability to...

3.5CVSS6.2AI score0.06561EPSS

Exploits0References1

CNVD•added 2015/10/10 12:0 a.m.•4 views

WordPress Appointment Booking Calendar Plugin Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Software Foundation, and Appointment Booking Calendar is one of the appointment calendar plugins. A cross-site scripting vulnerability exists in the cpabcappointmentsadminintbookingslist.inc.php script in...

4.3CVSS6.2AI score0.00225EPSS

Exploits2References1

CNVD•added 2015/10/09 12:0 a.m.•2 views

Web Reference Database and bleeding-edge cross-site scripting vulnerabilities

Web Reference Database a.k.a. refbase is a web-based multi-user interface product developed by the refbase community to provide search tools and automated indexing for the management of scientific literature. bleeding-edge is a downloadable version. A cross-site scripting vulnerability exists in...

4.3CVSS6.1AI score0.00909EPSS

Exploits0References1

CNVD•added 2015/10/08 12:0 a.m.•1 views

IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management Cross-Site Scripting Vulnerabilities

IBM Emptoris Supplier Lifecycle Management is a suite of supply chain lifecycle management programs from IBM in the United States. A cross-site scripting vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management allows remote attackers to inject arbitrary web...

4.3CVSS6.7AI score0.00236EPSS

Exploits0References1

CNVD•added 2015/10/03 12:0 a.m.•1 views

Open-Xchange Server and Open-Xchange AppSuite Front End Cross-Site Scripting Vulnerabilities

Open-Xchange Server is a semi-open source project mainly used for developing collaboration software; OX AppSuite is a set of Web cloud desktop environment. A cross-site scripting vulnerability exists in the dialogs for printing content in the Front End of Open-Xchange Server and OX AppSuite, whic...

4.3CVSS6.4AI score0.00359EPSS

Exploits0References1

CNVD•added 2015/10/03 12:0 a.m.•1 views

WordPress Gallery - Photo Albums - Portfolio plugin cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL.Gallery - Photo Albums - Portfolio is a combination plugin for creating photo galleries, photo albums and rotating video and audio. A cross-site scripting...

3.5CVSS6.2AI score0.00123EPSS

Exploits1References1

CNVD•added 2015/10/03 12:0 a.m.•1 views

Web Reference Database Cross-Site Scripting Vulnerability

Web Reference Database is a web-based multi-user interface product that provides search tools and automatic indexing for managing scientific literature. Multiple scripts in Web Reference Database fail to adequately filter multiple parameters, allowing remote attackers to exploit vulnerabilities t...

4.3CVSS7AI score0.00909EPSS

Exploits0References1

CNVD•added 2015/09/25 12:0 a.m.•1 views

Drupal CMS Updater Module Cross-Site Scripting Vulnerability

Drupal is a free and open source content management system developed in PHP.CMS Updater module for Drupal is a module for Drupal that provides security protection for Drupal websites. A cross-site scripting vulnerability in the Drupal CMS Updater module 7.x-1.3 prior to version 7.x-1.x allows...

4.3CVSS5.9AI score0.00263EPSS

Exploits0References1

CNVD•added 2015/09/22 12:0 a.m.•4 views

Cross-Site Scripting Vulnerability in Joomla!

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. login is one of the login module . A cross-site scripting vulnerability exists in the login module in Joomla! versions 3.4.4 and 3.4.x prior to Joomla! A remote attacker can exploit...

4.3CVSS6.1AI score0.00053EPSS

Exploits3References1

CNVD•added 2015/09/18 12:0 a.m.•3 views

Citrix NetScaler ADC/NetScaler Gateway Cross-Site Scripting Vulnerability

Citrix NetScaler ADCs are application delivery controllers that optimize enterprise service delivery.Citrix Access Gateway is a general purpose SSL VPN appliance. A cross-site scripting vulnerability exists in Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway versions pri...

4.3CVSS6.1AI score0.00293EPSS

Exploits0References1

CNVD•added 2015/09/17 12:0 a.m.•2 views

Joomla! googleSearch (CSE) component cross-site scripting vulnerability

Joomla! is an open source content management system. googleSearch component for Joomla! is a custom search engine component for Joomla! A cross-site scripting vulnerability in googleSearch component 3.0.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the q paramet...

4.3CVSS6AI score0.00225EPSS

Exploits1References1

CNVD•added 2015/09/17 12:0 a.m.•3 views

WordPress sourceAFRICA plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's suite of blogging platforms developed in the PHP language, which supports personal blog sites on PHP and MySQL servers. sourceAFRICA is one of the plug-ins for the African Network of Centers for Investigative Reporting that allows journalists to...

4.3CVSS5.8AI score0.00306EPSS

Exploits1References1

CNVD•added 2015/09/10 12:0 a.m.•2 views

Microsoft Exchange Server Cross-Site Scripting Vulnerability (CNVD-2015-05967)

Microsoft Exchange Server is a suite of e-mail service components from Microsoft. A cross-site scripting vulnerability exists in Microsoft Exchange Server 2013 Cumulative Update 8/9/SP1, Outlook Web Access OWA, which can be exploited by remote attackers to inject arbitrary web script or HTML via ...

4.3CVSS5.8AI score0.06935EPSS

Exploits0References1

CNVD•added 2015/09/06 12:0 a.m.•1 views

MediaWiki SemanticForms Extended Cross-Site Scripting Vulnerability (CNVD-2015-05872 (CNVD-C-2015-47230))

MediaWiki is the United States Wikimedia Wikimedia Foundation and MediaWiki volunteers to develop and maintain a set of free and free Web-based Wiki engine , it can be used to deploy internal knowledge management and content management system . SemanticForms is one of the extensions used to creat...

4.3CVSS6.1AI score0.00475EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by