CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1122188 matches found

Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting

A cross-site scripting vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. id: CVE-2014-2908 info: name: Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting author:...

4.3CVSS5.8AI score0.6804EPSS

Exploits3References5

Nuclei•added 11 hours ago•50 views

Cisco ASA/FTD Software - Cross-Site Scripting

Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software are vulnerable to cross-site scripting and could allow an unauthenticated, remote attacker to conduct attacks against a user of the web services interface of an affected device. The vulnerabilities are...

6.1CVSS7.1AI score0.93315EPSS

Exploits2

Nuclei•added 11 hours ago•21 views

WordPress Ultimate FAQ <1.8.30 - Cross-Site Scripting

WordPress Ultimate FAQ plugin before 1.8.30 is susceptible to cross-site scripting via DisplayFAQ to Shortcodes/DisplayFAQs.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.3AI score0.04723EPSS

Exploits1References5

Nuclei•added 11 hours ago•20 views

WordPress Catch Breadcrumb <1.5.4 - Cross-Site Scripting

WordPress Catch Breadcrumb plugin before 1.5.4 contains a reflected cross-site scripting vulnerability via the s parameter a search query. Also affected are 16 themes if the plugin is enabled: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean...

6.1CVSS6.2AI score0.04584EPSS

Exploits2References5

Nuclei•added 11 hours ago•154 views

SPIP <3.1.2 - Cross-Site Scripting

SPIP 3.1.2 and earlier contains a cross-site scripting vulnerability in validerxml.php which allows remote attackers to inject arbitrary web script or HTML via the varurl parameter in a validerxml action. id: CVE-2016-7981 info: name: SPIP 3.1.2 - Cross-Site Scripting author: pikpikcu severity:...

6.1CVSS6.7AI score0.43499EPSS

Exploits2References5

Nuclei•added 11 hours ago•16 views

Jeesns 1.4.2 - Cross-Site Scripting

Jeesns 1.4.2 is vulnerable to reflected cross-site scripting in the /weibo/topic component and allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field. id: CVE-2020-19295 info: name: Jeesns 1.4.2 - Cross-Site Scripting author:...

6.1CVSS6.5AI score0.08789EPSS

Exploits1References4

Nuclei•added 11 hours ago•18 views

Erxes <0.23.0 - Cross-Site Scripting

Erxes before 0.23.0 contains a cross-site scripting vulnerability. The value of topicID parameter is not escaped and is triggered in the enclosing script tag. id: CVE-2021-32853 info: name: Erxes 0.23.0 - Cross-Site Scripting author: dwisiswant0 severity: critical description: Erxes before 0.23.0...

9.6CVSS6.7AI score0.84524EPSS

Exploits1References4

Nuclei•added 11 hours ago•17 views

McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting

McAfee Network Data Loss Prevention User-Agent 9.3.x contains a cross-site scripting vulnerability which allows remote attackers to get session/cookie information via modification of the HTTP request. id: CVE-2017-4011 info: name: McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting...

6.1CVSS6.3AI score0.1089EPSS

Exploits0References5

Nuclei•added 11 hours ago•12 views

KMCIS CaseAware - Cross-Site Scripting

KMCIS CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string. id: CVE-2017-5631 info: name: KMCIS CaseAware - Cross-Site Scripting author: edoardottt severity: medium description: KMCIS CaseAware contains a reflected...

6.1CVSS6.2AI score0.2527EPSS

Exploits5References5

Nuclei•added 11 hours ago•15 views

WordPress WHIZZ <=1.0.7 - Cross-Site Scripting

WordPress plugin WHIZZ 1.07 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

6.1CVSS6.5AI score0.05754EPSS

Exploits2References4

Nuclei•added 11 hours ago•26 views

WordPress Qards - Cross-Site Scripting

WordPress Qards through 2017-10-11 contains a cross-site scripting vulnerability via a remote document specified in the URL parameter to html2canvasproxy.php. id: CVE-2017-18598 info: name: WordPress Qards - Cross-Site Scripting author: pussycat0x severity: medium description: WordPress Qards...

6.1CVSS6.3AI score0.00367EPSS

Exploits2References5

Nuclei•added 11 hours ago•23 views

WordPress Pie-Register <2.0.19 - Cross-Site Scripting

WordPress Pie Register before 2.0.19 contains a reflected cross-site scripting vulnerability in pie-register/pie-register.php which allows remote attackers to inject arbitrary web script or HTML via the invitaioncode parameter in a pie-register page to the default URL. id: CVE-2015-7377 info: nam...

4.3CVSS5.8AI score0.05825EPSS

Exploits3References5

Nuclei•added 11 hours ago•19 views

WordPress anti-plagiarism <=3.60 - Cross-Site Scripting

WordPress anti-plagiarism 3.6.0 and prior are vulnerable to reflected cross-site scripting. id: CVE-2016-1000128 info: name: WordPress anti-plagiarism 3.60 or apply the latest security patches provided by the vendor. reference: - http://www.vapidlabs.com/wp/wpadvisory.php?v=161 -...

6.1CVSS6AI score0.02927EPSS

Exploits2References3

Nuclei•added 11 hours ago•10 views

WordPress Photoxhibit 2.1.8 - Cross-Site Scripting

WordPress Photoxhibit 2.1.8 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials an...

6.1CVSS6.5AI score0.06584EPSS

Exploits1References5

Nuclei•added 11 hours ago•21 views

Jorani Leave Management System 0.6.5 - Cross-Site Scripting

Persistent cross-site scripting XSS issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language. id: CVE-2018-15917 info: name: Jorani Leave Management System 0.6.5 - Cross-Site Scripting author: ritikchaddha severity: medium...

5.4CVSS6.1AI score0.00609EPSS

Exploits5References4

Nuclei•added 11 hours ago•45 views

Clansphere CMS 2011.4 - Cross-Site Scripting

Clansphere CMS 2011.4 contains an unauthenticated reflected cross-site scripting vulnerability via the "module" parameter. id: CVE-2021-27309 info: name: Clansphere CMS 2011.4 - Cross-Site Scripting author: edoardottt severity: medium description: | Clansphere CMS 2011.4 contains an unauthenticat...

6.1CVSS6.2AI score0.00887EPSS

Exploits1References4

Nuclei•added 11 hours ago•25 views

WordPress Pro Real Estate 7 Theme <3.1.1 - Cross-Site Scripting

WordPress Pro Real Estate 7 theme before 3.1.1 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the ctcommunity parameter in its search listing page before outputting it back. id: CVE-2021-24387 info: name: WordPress Pro Real Estate 7 Theme 3.1.1 - Cross-Site...

6.1CVSS6.2AI score0.42031EPSS

Exploits2References5

Nuclei•added 11 hours ago•16 views

WordPress Under Construction <1.19 - Cross-Site Scripting

WordPress Under Construction plugin before 1.19 contains a cross-site scripting vulnerability. The plugin echoes out the raw value of $GLOBALS'PHPSELF' in the ucOptions.php file on certain configurations, including Apache+modPHP. id: CVE-2021-39320 info: name: WordPress Under Construction 1.19 -...

6.1CVSS6.2AI score0.19664EPSS

Exploits1References5

Nuclei•added 11 hours ago•22 views

Nagios XI < 5.8.6 - Cross-Site Scripting

In Nagios XI before 5.8.6, XSS exists in the dashboard page /dashboards/ when administrative users attempt to edit a dashboard. id: CVE-2021-38156 info: name: Nagios XI 5.8.6 - Cross-Site Scripting author: ritikchaddha severity: medium description: | In Nagios XI before 5.8.6, XSS exists in the...

5.4CVSS6AI score0.84015EPSS

Exploits1References2

Nuclei•added 11 hours ago•21 views

Sidekiq <=6.2.0 - Cross-Site Scripting

Sidekiq through 5.1.3 and 6.x through 6.2.0 contains a cross-site scripting vulnerability via the queue name of the live-poll feature when Internet Explorer is used. id: CVE-2021-30151 info: name: Sidekiq =6.2.0 - Cross-Site Scripting author: DhiyaneshDk severity: medium description: Sidekiq...

6.1CVSS6.2AI score0.139EPSS

Exploits1References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by