CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

EUVD•added 2026/03/24 12:30 p.m.•4 views

EUVD-2019-20018

Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various POST parameters. Attackers can inject malicious SQL payloads into parameters like txtGender, religion, Fage, an...

8.8CVSS6.3AI score0.00044EPSS

Exploits0References4

Prion•added 2018/09/21 5:29 p.m.•12 views

Design/Logic Flaw

Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI...

4.3CVSS5.9AI score0.02674EPSS

Exploits6References1Affected Software1

CVE•added 2018/09/21 5:0 p.m.•69 views

CVE-2018-16833

CVE-2018-16833 affects Zoho ManageEngine Desktop Central 10.0.271. The vulnerability is a reflected cross‑site scripting (XSS) flaw triggered by input in the "Features & Articles" search field that targets the /advsearch.do?SUBREQUEST=XMLHTTP URI. Connected sources corroborate the impact as arbit...

6.1CVSS5.8AI score0.02674EPSS

Exploits6References1Affected Software1

Cvelist•added 2017/09/11 8:0 p.m.•12 views

CVE-2015-8349

Cross-site scripting XSS vulnerability in SourceBans before 2.0 pre-alpha allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php...

6.1AI score0.09843EPSS

Exploits1References2

CVE•added 2017/09/11 8:0 p.m.•68 views

CVE-2015-8349

SourceBans before 2.0 pre-alpha is affected by CVE-2015-8349, a Cross-Site Scripting (XSS) vulnerability in the advSearch parameter of index.php. The root cause is insufficient filtration/validation of input data, allowing remote attackers to inject arbitrary web script or HTML. Exploitation cont...

6.1CVSS6AI score0.09843EPSS

Exploits1References2Affected Software1

CNVD•added 2015/10/03 12:0 a.m.•1 views

SourceBans Reflective Cross-Site Scripting Vulnerability

SourceBans is an advanced management system for the Source engine a 3D game engine from the Sourcebans team. The system supports system administrators to set administrative privileges for all users on the server and to terminate games on the server side over the network. A reflective cross-site...

6.1CVSS6.2AI score0.09843EPSS

Exploits1References1

Openbugbounty•added 2015/06/22 11:49 p.m.•10 views

yourbritain.com XSS vulnerability

Vulnerable URL: http://www.yourbritain.com/advsearch.php?propregion=====alert'XSSPOSED';...

6.9AI score

Exploits0

Positive Technologies•added 2007/01/13 12:0 a.m.•1 views

PT-2007-1209 · Rapid · Rapid Classified

Name of the Vulnerable Software and Affected Versions: Rapid Classified version 3.1 Description: The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting XSS attacks. This can be achieved through various parameters in different scripts,...

6.8CVSS6AI score0.0586EPSS

Exploits1References12

Cvelist•added 1999/09/29 4:0 a.m.•20 views

CVE-1999-0449

The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service CPU consumption via a direct request to the 1 advsearch.asp, 2 query.asp, or 3 search.asp scripts...

6.4AI score0.36242EPSS

Exploits0References4

NVD•added 1999/01/26 5:0 a.m.•16 views

CVE-1999-0449

The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service CPU consumption via a direct request to the 1 advsearch.asp, 2 query.asp, or 3 search.asp scripts...

7.8CVSS6.5AI score0.36242EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by