CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3221 matches found

OSV•added 2017/08/18 3:29 p.m.•2 views

CVE-2017-1338

IBM DOORS Next Generation DNG/RRC 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

5.4CVSS5.4AI score0.00269EPSS

Exploits0References3

OSV•added 2017/08/10 3:29 p.m.•2 views

CVE-2017-1168

IBM Rational Engineering Lifecycle Manager 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

5.4CVSS5.4AI score

Exploits0References3

NVD•added 2017/08/01 3:29 p.m.•7 views

CVE-2017-12062

An XSS issue was discovered in manageuserpage.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled...

6.1CVSS6.4AI score0.00741EPSS

Exploits1References5

Prion•added 2017/08/01 3:29 p.m.•14 views

Cross site scripting

4.3CVSS6.3AI score0.00741EPSS

Exploits1References5Affected Software1

Packet Storm•added 2017/07/24 12:0 a.m.•47 views

REDDOXX Appliance Cross Site Scripting

Advisory: Cross-Site Scripting in REDDOXX Appliance RedTeam Pentesting discovered a cross-site scripting XSS vulnerability in the REDDOXX appliance software, which allows attackers to inject arbitrary JavaScript code via a crafted URL. Details ======= Product: REDDOXX Appliance Affected Versions:...

0.2AI score

Exploits0

OSV•added 2017/07/12 5:29 p.m.•2 views

CVE-2016-8950

IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 11883...

5.4CVSS5.4AI score0.00235EPSS

Exploits0References3

OSV•added 2017/07/05 5:29 p.m.•2 views

CVE-2017-1208

IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

5.4CVSS5.4AI score0.00269EPSS

Exploits0References3

OpenVAS•added 2017/07/03 12:0 a.m.•18 views

Elastic Kibana Cross Site Scripting Vulnerability (Jul 2017)

Elastic Kibana is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.1CVSS6AI score0.00265EPSS

Exploits0References1

Prion•added 2017/06/15 7:29 p.m.•14 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Webhammer WP Custom Fields Search plugin 0.3.28 for WordPress allows remote attackers to inject arbitrary JavaScript via the cs-all-0 parameter...

4.3CVSS6.4AI score0.00188EPSS

Exploits0References1Affected Software1

NVD•added 2017/06/15 7:29 p.m.•10 views

CVE-2017-9419

Cross-site scripting XSS vulnerability in the Webhammer WP Custom Fields Search plugin 0.3.28 for WordPress allows remote attackers to inject arbitrary JavaScript via the cs-all-0 parameter...

6.1CVSS6.2AI score0.00188EPSS

Exploits0References1

OSV•added 2017/06/13 7:29 p.m.•2 views

CVE-2016-9973

IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120209...

5.4CVSS5.4AI score

Exploits0References3

Prion•added 2017/06/06 4:29 p.m.•11 views

Cross site scripting

Cross site scripting XSS vulnerability in pages.editform.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATHINFO in an acp.php URL, due to use of unsanitized $SERVER'PHPSELF' to generate URLs...

4.3CVSS6.3AI score0.00217EPSS

Exploits0References2Affected Software1

NVD•added 2017/06/05 7:29 p.m.•6 views

CVE-2017-9420

Cross site scripting XSS vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter...

6.1CVSS6.2AI score0.0041EPSS

Exploits0References3

Cvelist•added 2017/06/05 7:0 p.m.•13 views

CVE-2017-9420

Cross site scripting XSS vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter...

6.2AI score0.0041EPSS

Exploits0References3

Exploit DB•added 2017/05/25 12:0 a.m.•35 views

Apple WebKit / Safari 10.0.3(12602.4.8) - 'Editor::Command::execute' Universal Cross-Site Scripting

7.4AI score

Exploits0

Prion•added 2017/05/22 8:29 p.m.•14 views

Cross site scripting

IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125732...

3.5CVSS5.2AI score0.00258EPSS

Exploits0References2Affected Software1

Veracode•added 2017/05/09 2:55 a.m.•21 views

Cross-Site Scripting (XSS)

atlas-dashboardv2 is vulnerable to cross-site scripting XSS attacks. The library does not sanitize the user input in the edit-tag function, allowing a malicious user to inject and execute arbitrary javascript...

6.1CVSS5.9AI score0.01019EPSS

Exploits0References5Affected Software1

Veracode•added 2017/05/09 2:29 a.m.•21 views

Cross-Site Scripting (XSS)

atlas-dashboardv2 is vulnerable to reflected cross-site scripting XSS attacks. The search function does not sanitize the search queries that are passed to the application, allowing a malicious user to inject and execute arbitrary javascript...

6.1CVSS6AI score0.0144EPSS

Exploits0References3Affected Software1

Veracode•added 2017/05/09 1:53 a.m.•15 views

Cross Frame Scripting

atlas-dashboardv2 is vulnerable to cross frame scripting. The library allows the use of external frames on the index page, allowing a malicious user to inject and execute arbitrary javascript via an iframe...

6.1CVSS6.4AI score0.01943EPSS

Exploits0References3Affected Software1

Japan Vulnerability Notes•added 2017/05/09 12:0 a.m.•52 views

JVN#87760109: Nessus vulnerable to cross-site scripting

Nessus provided by Tenable Network Security, Inc. contains a stored cross-site scripting vulnerability CVE-2017-2122. An authenticated user may store crafted contents to Nessus. According to the developer, another stored cross-site scripting vulnerability CVE-2017-5179 was found and fixed in Ness...

5.4CVSS5.2AI score0.00366EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by