CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4572 matches found

OSV•added 2016/04/07 9:59 p.m.•0 views

UBUNTU-CVE-2016-2511

Cross-site scripting XSS vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php...

6.1CVSS6.9AI score0.00544EPSS

Exploits4References3

CNVD•added 2016/04/07 12:0 a.m.•2 views

Menubook plugin cross-site scripting vulnerability

Menubook plugin for baserCMS is a menu list plugin for baserCMS. A cross-site scripting vulnerability in Menubook plugin for baserCMS before 0.9.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS6AI score0.00322EPSS

Exploits0References1

CNVD•added 2016/04/01 12:0 a.m.•1 views

Huawei Agile Controller-Campus Cross-Site Scripting Vulnerability

Huawei Agile Controller-Campus is a multi-service converged, open and compatible controller product from Huawei, China. A cross-site scripting vulnerability exists in the portal authentication page of Huawei Agile Controller-Campus version V100R001C00SPC315, which can be exploited by a remote...

6.1CVSS6.3AI score0.00114EPSS

Exploits0References1

RedHat Linux•added 2016/03/22 4:49 p.m.•0 views

jenkins: API tokens of other users available to admins (SECURITY-200)

Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user...

6.5CVSS7.4AI score0.00165EPSS

Exploits0References5

OSV•added 2016/03/03 3:59 p.m.•1 views

CVE-2016-1355

Cross-site scripting XSS vulnerability in the Device Management UI in the management interface in Cisco FireSIGHT System Software 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy41687...

6.1CVSS5.9AI score

Exploits0References2

OSV•added 2016/03/03 3:59 p.m.•3 views

CVE-2016-1354

Cross-site scripting XSS vulnerability in Cisco Unified Communications Domain Manager UCDM 8.x before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCud41176...

6.1CVSS5.9AI score0.0025EPSS

Exploits0References1

Vulnrichment•added 2016/03/02 11:0 a.m.•3 views

CVE-2016-2279

Cross-site scripting XSS vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L before 28.011+ allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.5AI score0.00546EPSS

Exploits5References3

OSV•added 2016/03/01 11:59 a.m.•10 views

CVE-2016-2560

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...

6.1CVSS6.4AI score

Exploits0References11

OSV•added 2016/02/29 11:59 a.m.•1 views

CVE-2016-0244

Cross-site scripting XSS vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a differe...

6.1CVSS5.9AI score0.00193EPSS

Exploits0References2

ATTACKERKB•added 2016/02/29 11:59 a.m.•1 views

CVE-2016-0244

6.1CVSS6.7AI score0.00256EPSS

Exploits0References3

CNVD•added 2016/02/23 12:0 a.m.•2 views

Sophos UTM Nessus Web UI Cross-Site Scripting Vulnerability

Sophos UTM is a unified threat management appliance. which provides gateway security and endpoint security. The appliance provides gateway security protection and endpoint security protection.Nessus Web UI is one of the components used to access the Nessus Vulnerability Scanner based on a web...

6.1CVSS5.9AI score0.01002EPSS

Exploits2References1

CNVD•added 2016/02/23 12:0 a.m.•1 views

Cybozu Office Cross-Site Scripting Vulnerability (CNVD-2016-01249)

Cybozu Office is a WEB-based cross-platform office solution developed by Cybozu Japan. A cross-site scripting vulnerability in Cybozu Office versions 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS6AI score0.00515EPSS

Exploits0References1

CNVD•added 2016/02/23 12:0 a.m.•2 views

Cybozu Office Cross-Site Scripting Vulnerability (CNVD-2016-01247)

6.1CVSS6AI score0.00515EPSS

Exploits0References1

CNVD•added 2016/02/18 12:0 a.m.•2 views

SAP NetWeaver Cross-Site Scripting Vulnerability (CNVD-2016-01150)

SAP NetWeaver is SAP SAP company's set of service-oriented integrated application platform. A cross-site scripting vulnerability exists in the Java Proxy Runtime ProxyServer servlet in SAP NetWeaver version 7.4. A remote attacker can exploit this vulnerability to inject arbitrary web script or HT...

6.1CVSS6.1AI score0.00226EPSS

Exploits1References1

OSV•added 2016/02/17 2:59 a.m.•1 views

CVE-2016-1150

Cross-site scripting XSS vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1149...

6.1CVSS5.9AI score0.00515EPSS

Exploits0References6

OSV•added 2016/02/17 2:59 a.m.•3 views

CVE-2016-1149

6.1CVSS5.9AI score

Exploits0References6

CNVD•added 2016/02/17 12:0 a.m.•1 views

Apache Solr webapp/web/js/scripts/schema-browser.js cross-site scripting vulnerability

Apache Solr is an enterprise-ready, Lucene-based search server. A cross-site scripting vulnerability exists in webapp/web/js/scripts/schema-browser.js in the Admin UI of Apache Solr versions prior to 5.3. A remote attacker can inject arbitrary web script or HTML via a constructed schema-browse UR...

6.1CVSS5.9AI score0.02552EPSS

Exploits0References1

OSV•added 2016/02/16 2:59 a.m.•1 views

DEBIAN-CVE-2015-7579

Cross-site scripting XSS vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class...

6.1CVSS6.1AI score0.00166EPSS

Exploits1References1

OSV•added 2016/02/16 2:59 a.m.•0 views

UBUNTU-CVE-2015-7578

Cross-site scripting XSS vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes...

6.1CVSS6.8AI score0.00166EPSS

Exploits0References3

CNVD•added 2016/02/08 12:0 a.m.•2 views

Sauter moduWeb Vision Web Server Cross-Site Scripting Vulnerability

Sauter moduWeb Vision is an embedded web-based SCADA system for HVAC. A cross-site scripting vulnerability exists in the web server of Sauter modoWeb Vision, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to gain access to...

6.5CVSS6.2AI score0.00182EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by