CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3237 matches found

Packet Storm•added 2022/07/29 12:0 a.m.•302 views

Transposh WordPress Translation 1.0.7 Cross Site Scripting

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type: Cross-Site Scripting CWE-79 Date found: 2021-08-19 Date published:...

5.7AI score0.16923EPSS

Exploits7

Veracode•added 2022/07/28 5:2 a.m.•23 views

Cross-Site Scripting (XSS)

shopware/shopware is vulnerable to persistent cross-site scripting. The vulnerability exists in renderer function in preview.js because the email field is not properly escaped which allows an attacker to inject and execute arbitrary javascript...

5.4CVSS5.7AI score0.00687EPSS

Exploits0References5Affected Software1

Veracode•added 2022/07/23 9:31 a.m.•48 views

Cross-Site Scripting (XSS)

Best Practical Request Tracker is vulnerable to cross-site scripting. The vulnerability exists via a crafted content type for an attachment which allows an attacker to inject and execute arbitrary javascript...

6.1CVSS6.2AI score0.0106EPSS

Exploits0References4Affected Software2

Prion•added 2022/07/18 6:15 p.m.•8 views

Cross site scripting

IBM Engineering Requirements Quality Assistant On-Premises All versions is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

4.9CVSS5.5AI score0.00235EPSS

Exploits0References2

OSV•added 2022/07/14 5:15 p.m.•3 views

CVE-2021-39015

IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

5.4CVSS5.1AI score

Exploits0References2

Tenable Nessus•added 2022/07/11 12:0 a.m.•31 views

GitLab 14.4 < 14.10.5 / 15.0 < 15.0.4 / 15.1 < 15.1.1 (CVE-2022-2230)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an...

8.1CVSS6.8AI score0.01759EPSS

Exploits0References4

Prion•added 2022/07/08 6:15 p.m.•10 views

Cross site scripting

IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

3.5CVSS5.2AI score0.00215EPSS

Exploits0References2Affected Software1

OSV•added 2022/07/08 5:15 p.m.•2 views

CVE-2022-34167

IBM CICS TX Standard and Advanced 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

5.4CVSS5.5AI score

Exploits0References3

OSV•added 2022/07/06 2:15 p.m.•20 views

CVE-2022-23713

A cross-site-scripting XSS vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser...

6.1CVSS6.2AI score

Exploits0References2

Prion•added 2022/07/06 2:15 p.m.•26 views

Cross site scripting

A cross-site-scripting XSS vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser...

4.3CVSS6.1AI score0.00789EPSS

Exploits0References2Affected Software1

CVE•added 2022/07/06 1:56 p.m.•101 views

CVE-2022-23713

CVE-2022-23713 corresponds to a cross-site scripting (XSS) flaw in Vega Charts Kibana integration. Multiple sources (NVD entry, CNVD, Nessus findings, and Elastic security notes) confirm the affected component as Kibana’s Vega Charts integration and describe the impact as arbitrary JavaScript exe...

6.1CVSS6AI score0.00789EPSS

Exploits0References2Affected Software1

CNNVD•added 2022/07/06 12:0 a.m.•3 views

Vega 跨站脚本漏洞

Vega is a Javscript-based software from the Vega team that can be used to create interactive visual displays. The software can use JSON format to describe the data visualization and use HTML5 Canvas or SVG to generate interactive views. A cross-site scripting vulnerability exists in Vega Charts...

6.1CVSS5.7AI score0.00789EPSS

Exploits0References3

ATTACKERKB•added 2022/07/01 4:15 p.m.•1 views

CVE-2022-2230

A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf...

8.1CVSS7AI score0.01759EPSS

Exploits0References4Affected Software1

OSV•added 2022/07/01 4:15 p.m.•0 views

UBUNTU-CVE-2022-2230

8.1CVSS6.1AI score0.01759EPSS

Exploits0References5

CNNVD•added 2022/07/01 12:0 a.m.•1 views

GitLab 跨站脚本漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A cross-site scripting vulnerability exists in GitLab that originates from...

8.1CVSS6.7AI score0.01759EPSS

Exploits0References6

Veracode•added 2022/06/30 9:54 p.m.•21 views

Cross-site Scripting (XSS)

firefox is vulnerable to cross-site scripting attacks. The vulnerability exists because a victim could be tricked into accepting malformed ASN.1 which allows an attacker to inject and execute arbitrary javascript...

9.8CVSS8.5AI score0.00571EPSS

Exploits0References3Affected Software3

Veracode•added 2022/06/30 9:53 p.m.•26 views

Cross-Site Scripting (XSS)

firefox is vulnerable to cross-site scripting. The vulnerability exists because the user input of SVG tags that referenced a same-origin document is not properly sanitized which allows an attacker to inject and execute arbitrary javascript...

6.1CVSS7.8AI score0.00679EPSS

Exploits0References4Affected Software3

CNNVD•added 2022/06/30 12:0 a.m.•3 views

Ember.js 跨站脚本漏洞

Tilde Ember.js is an open source web application framework for JavaScript from Tilde, Inc. in the United States. A security vulnerability exists in Ember.js. An attacker can exploit this vulnerability to execute arbitrary JavaScrip scripts...

6.1CVSS6.7AI score0.00336EPSS

Exploits0References4

Veracode•added 2022/06/27 9:59 a.m.•18 views

Cross-site Scripting (XSS)

com.jfinal:jfinal is vulnerable to cross-site scriptingXSS attacks. A remote attacker is able to inject and execute arbitrary javascript via a crafted payload injected into the keyword text field under the publish blog module...

5.4CVSS5.8AI score0.00191EPSS

Exploits1References2Affected Software1

Snyk•added 2022/06/25 12:0 a.m.•1 views

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the filedownload.php process. An attacker can execute arbitrary JavaScript code by attaching and triggering malicious SVG documents. Details Cross-site scripting or...

5.4CVSS5.5AI score0.00251EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by