CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5210 matches found

WPVulnDB•added 2021/09/09 12:0 a.m.•18 views

Advance Search < 1.1.3 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the wpasid parameter found in the /inc/admin/views/html-advance-search-admin-options.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.6AI score0.00866EPSS

Exploits1References1Affected Software1

WPVulnDB•added 2021/09/09 12:0 a.m.•21 views

SMS OVH <= 0.1 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the position parameter found in the /sms-ovh-sent.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.7AI score0.00757EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2021/09/09 12:0 a.m.•19 views

Simple Matted Thumbnails <= 1.01 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /simple-matted-thumbnail.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4AI score0.00866EPSS

Exploits1References1Affected Software1

WPVulnDB•added 2021/09/09 12:0 a.m.•33 views

3D Cover Carousel <= 1.0 - Reflected Cross-Site Scripting

Description The plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the /cover-carousel.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS6.1AI score0.00866EPSS

Exploits1References1

WPVulnDB•added 2021/09/09 12:0 a.m.•20 views

OSD Subscribe <= 1.2.3 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the osdsubscribemessage parameter found in the /options/osdsubscribeoptionssubscribers.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.6AI score0.00866EPSS

Exploits1References1Affected Software1

WPVulnDB•added 2021/09/09 12:0 a.m.•19 views

On Page SEO + Whatsapp Chat Button < 1.0.2 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /settings.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS3.9AI score0.00866EPSS

Exploits1References1Affected Software1

WPVulnDB•added 2021/09/09 12:0 a.m.•13 views

Border Loading Bar <= 1.0.1 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the f and t parameter found in the /titan-framework/iframe-googlefont-preview.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.8AI score0.00866EPSS

Exploits1References1Affected Software1

WPVulnDB•added 2021/09/08 12:0 a.m.•21 views

Twitter Friends Widget <= 3.1 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the pmcTFuser and pmcTFpassword parameter found in the /twitter-friends-widget.php file which allows attackers to inject arbitrary web scripts...

4.3CVSS4.7AI score0.00866EPSS

Exploits1References1Affected Software1

WPVulnDB•added 2021/09/08 12:0 a.m.•19 views

simpleSAMLphp Authentication <= 0.7.0 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /simplesamlphp-authentication.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.1AI score0.00939EPSS

Exploits1References1Affected Software1

WPVulnDB•added 2021/09/08 12:0 a.m.•20 views

Konnichiwa! Membership <= 0.8.3 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the planid parameter in the /views/subscriptions.html.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.7AI score0.00866EPSS

Exploits1References1Affected Software1

WPVulnDB•added 2021/09/08 12:0 a.m.•21 views

RentPress <= 6.6.4 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the selections parameter found in the /src/rentPress/AjaxRequests.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.3AI score0.00908EPSS

Exploits1References1Affected Software1

Prion•added 2021/08/30 7:15 p.m.•15 views

Cross site scripting

The WordPress Real Media Library WordPress plugin is vulnerable to Stored Cross-Site Scripting via the name parameter in the /inc/overrides/lite/rest/Folder.php file which allows author-level attackers to inject arbitrary web scripts in folder names, in versions up to and including 4.14.1...

3.5CVSS5.2AI score0.0056EPSS

Exploits0References1Affected Software1

NVD•added 2021/08/30 6:15 p.m.•10 views

CVE-2020-18126

Multiple stored cross-site scripting XSS vulnerabilities in the Sections module of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML...

5.4CVSS0.00503EPSS

Exploits1References1

Prion•added 2021/08/30 6:15 p.m.•10 views

Cross site scripting

Multiple stored cross-site scripting XSS vulnerabilities in the Sections module of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML...

3.5CVSS5.5AI score0.00503EPSS

Exploits1References1Affected Software1

Cvelist•added 2021/08/30 4:4 p.m.•17 views

CVE-2020-18125

A reflected cross-site scripting XSS vulnerability in the /plugin/ajax.php component of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML...

6AI score0.00574EPSS

Exploits1References1

Cvelist•added 2021/08/30 4:4 p.m.•16 views

CVE-2020-18126

Multiple stored cross-site scripting XSS vulnerabilities in the Sections module of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML...

5.5AI score0.00503EPSS

Exploits1References1

NVD•added 2021/08/26 3:15 a.m.•20 views

CVE-2020-19704

A stored cross-site scripting XSS vulnerability via ResourceController.java in spring-boot-admin as of 20190710 allows attackers to execute arbitrary web scripts or HTML...

5.4CVSS0.00475EPSS

Exploits1References1

NVD•added 2021/08/26 3:15 a.m.•16 views

CVE-2020-19703

A cross-site scripting XSS vulnerability in the referer parameter of Dzzoffice 2.02 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

6.1CVSS0.00677EPSS

Exploits1References1

OSV•added 2021/08/26 3:15 a.m.•18 views

CVE-2020-19703

A cross-site scripting XSS vulnerability in the referer parameter of Dzzoffice 2.02 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

6.1CVSS5.7AI score

Exploits0References1

Prion•added 2021/08/26 3:15 a.m.•18 views

Cross site scripting

A cross-site scripting XSS vulnerability in the referer parameter of Dzzoffice 2.02 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

4.3CVSS5.9AI score0.00677EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by