CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3221 matches found

Veracode•added 2017/11/17 9:52 a.m.•14 views

Cross-site Scripting (XSS)

October CMS is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize the brand logo image name, allowing a malicious user to inject and execute arbitrary Javascript...

6.1CVSS6AI score0.00396EPSS

Exploits0References2Affected Software1

Veracode•added 2017/10/31 5:12 a.m.•16 views

Elevation Of Privileges

Apache Cordova In-App-Browser is vulnerable to elevation of privileges through cross-site scripting XSS attacks. The callback identifiers are not correctly validated which allows attackers to execute arbitrary JavaScript within the host page. Using this flaw, the attackers can use a gab-iab to ga...

9.8CVSS8.7AI score0.11445EPSS

Exploits1References7Affected Software1

Prion•added 2017/10/27 1:29 p.m.•25 views

Cross site scripting

A Cross-Site-Scripting XSS vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer" redir parameter...

4.3CVSS6.5AI score0.00349EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2017/10/27 1:0 p.m.•10 views

CVE-2017-7733

7.1AI score0.00349EPSS

Exploits0References3

CNVD•added 2017/10/25 12:0 a.m.•1 views

IBM Daeja ViewONE Cross-Site Scripting Vulnerability

IBM Daeja ViewONE is a document viewer from IBM that supports TIFF, PDF and Office-based documents.IBM Daeja ViewONE Virtual, Daeja ViewONE Standard and Daeja ViewONE Professional are its different Daeja ViewONE Virtual, Daeja ViewONE Standard and Daeja ViewONE Professional are different versions...

5.4CVSS6.5AI score0.00184EPSS

Exploits0References1

Veracode•added 2017/10/19 10:13 p.m.•21 views

Cross-site Scripting (XSS)

mistune is vulnerable to cross-site scripting XSS attacks. These attacks can be conducted by inserting an unexpected newline or by using an email address to execute arbitrary Javascript...

6.1CVSS6AI score0.00116EPSS

Exploits1References1Affected Software1

CNVD•added 2017/10/09 12:0 a.m.•1 views

IBM Rational Engineering Lifecycle Manager Cross-Site Scripting Vulnerability (CNVD-2017-33351)

IBM Rational Engineering Lifecycle Manager RELM is a suite of engineering lifecycle management software from IBM in the United States. A cross-site scripting vulnerability exists in IBM RELM. A remote attacker can exploit this vulnerability to inject arbitrary JavaScript code into the Web UI...

5.4CVSS5.5AI score0.00269EPSS

Exploits0References1

NVD•added 2017/10/03 1:29 a.m.•11 views

CVE-2017-9537

Persistent cross-site scripting XSS in the Add Node function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to introduce arbitrary JavaScript into various vulnerable parameters...

4.8CVSS5AI score0.01302EPSS

Exploits2References2

Veracode•added 2017/09/29 12:33 a.m.•16 views

Cross-site Scripting (XSS)

Wordpress is vulnerable to cross-site scripting XSS attacks. A malicious user can pass a javascript: or data: URL to the link modal to inject and execute arbitrary Javascript...

6.1CVSS7.4AI score0.02645EPSS

Exploits0References5Affected Software2

CVE•added 2017/09/25 9:0 p.m.•64 views

CVE-2015-5181

The CVE-2015-5181 entry concerns Red Hat JBoss A-MQ/JBoss A-MQ Console. The issue is that the JBoss A-MQ console would accept a string containing JavaScript as the name of a new message queue, which leads to remote execution of JavaScript in the console UI. The vulnerability is described in Red H...

5.4CVSS7.8AI score0.00173EPSS

Exploits0References3Affected Software1

Veracode•added 2017/09/14 8:13 a.m.•6 views

Cross-Site Scripting (XSS)

drupal/core is vulnerable to cross-site scripting XSS attacks. The library does not properly encode the label field in the CKEditor, allowing the malicious user to inject and execute arbitrary javascript through it...

6.1AI score

Exploits0

WPVulnDB•added 2017/09/06 12:0 a.m.•19 views

Participants Database <= 1.7.5.9 - Cross-Site Scripting

Cross site scripting XSS vulnerability in the Wordpress Participants Database plugin 1.7.59 allows attackers to inject arbitrary javascript via the Name parameter. PoC curl -k -F action=signup -F subsource=participants-database -F shortcodepage=/?pageid=1 -F thankspage=/?pageid=1 -F instanceindex...

4.3CVSS2.9AI score0.0239EPSS

Exploits4References1Affected Software1

Veracode•added 2017/09/05 1:36 p.m.•12 views

Cross-site Scripting (XSS)

automattic/jetpack is vulnerable to cross-site scripting XSS attacks. The library doesn't properly escape the $header parameter in the modules/shortcodes/wufoo.php file, allowing a malicious user to inject and execute arbitrary JavaScript...

6.1AI score

Exploits0

OSV•added 2017/08/31 2:29 p.m.•1 views

CVE-2017-1444

IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128110...

5.4CVSS5.4AI score

Exploits0References2

CVE•added 2017/08/30 5:0 p.m.•54 views

CVE-2016-6800

CVE-2016-6800 affects the Apache OFBiz blog feature: unsanitized input in the summary/article fields allows injection of arbitrary JavaScript, which is executed in users’ browsers visiting the article. Mitigation is to upgrade to Apache OFBiz 16.11.01. This vulnerability detail is supported by th...

6.1CVSS6.3AI score0.0129EPSS

Exploits0References2Affected Software1

CNVD•added 2017/08/30 12:0 a.m.•1 views

IBM Sametime Cross-Site Scripting Vulnerability (CNVD-2017-30589)

IBM Sametime is a suite of next-generation social communication tools from IBM in the United States. The tool helps users realize real-time business collaboration by integrating audio voice, data and video. A cross-site scripting vulnerability exists in IBM Sametime versions 8.5.2 and 9.0. A remo...

5.4CVSS5.4AI score0.00269EPSS

Exploits0References1

Prion•added 2017/08/29 1:35 a.m.•12 views

Cross site scripting

IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

3.5CVSS6.2AI score0.00198EPSS

Exploits0References2Affected Software1

NVD•added 2017/08/23 2:29 p.m.•14 views

CVE-2017-13138

DOM based Cross-site scripting XSS vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript...

6.1CVSS6.2AI score0.00581EPSS

Exploits1References3

Cvelist•added 2017/08/23 2:0 p.m.•14 views

CVE-2017-13138

DOM based Cross-site scripting XSS vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript...

6.2AI score0.00581EPSS

Exploits1References3

Prion•added 2017/08/18 6:29 p.m.•8 views

Cross site scripting

Stored Cross-site scripting XSS vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality...

3.5CVSS5.1AI score0.00158EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by