CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3301 matches found

Prion•added 2021/08/20 5:15 p.m.•16 views

Cross site scripting

Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "User Name" field or "Password" field...

4.3CVSS6.4AI score0.00662EPSS

Exploits1References1Affected Software1

Prion•added 2021/08/20 5:15 p.m.•17 views

Cross site scripting

Cross-site scripting in parentcontrol.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "Description" field and "Service Name" field...

4.3CVSS6.4AI score0.29161EPSS

Exploits1References1Affected Software1

Cvelist•added 2021/08/20 4:48 p.m.•20 views

CVE-2021-34223

Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "URL Address" field...

6.6AI score0.00662EPSS

Exploits1References1

Cvelist•added 2021/08/20 4:44 p.m.•15 views

CVE-2021-34215

Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "Service Name" field...

6.6AI score0.00662EPSS

Exploits1References1

CNNVD•added 2021/08/20 12:0 a.m.•2 views

rConfig 跨站脚本漏洞

rConfig is an open source network configuration management utility. rConfig version 3.9.5 contains a cross-site scripting vulnerability that can be exploited by remote attackers to execute arbitrary JavaScript code by entering a specific payload and saving it...

5.4CVSS5.7AI score0.02006EPSS

Exploits1References1

CNNVD•added 2021/08/20 12:0 a.m.•3 views

TotoLink A3002RU 跨站脚本漏洞

TOTOLINK A3002RU is a wireless router product from Taiwan-based TOTOLINK Corporation. tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 contains a security vulnerability that allows attackers to exploit it by modifying the " username" field or "password" field to execute arbitrary...

6.1CVSS6AI score0.00662EPSS

Exploits1References2

NVD•added 2021/08/18 1:15 a.m.•16 views

CVE-2021-39268

Persistent cross-site scripting XSS in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via malicious SVG files. This occurs because the cleanfileoutput protection mechanism can be bypassed...

6.1CVSS0.01372EPSS

Exploits1References3

OSV•added 2021/08/18 1:15 a.m.•10 views

CVE-2021-39268

6.1CVSS5.8AI score

Exploits0References3

Prion•added 2021/08/18 1:15 a.m.•14 views

Cross site scripting

4.3CVSS5.9AI score0.01372EPSS

Exploits1References3Affected Software1

CVE•added 2021/08/18 12:29 a.m.•52 views

CVE-2021-39268

CVE-2021-39268 : Persistent XSS in SuiteCRM web interface prior to 7.11.19. An attacker can inject arbitrary JavaScript via malicious SVG files because the clean_file_output protection can be bypassed. Impact is remote code execution of JavaScript with LOW integrity impact and no confidentiality/...

6.1CVSS5.8AI score0.01372EPSS

Exploits1References3Affected Software1

Cvelist•added 2021/08/18 12:29 a.m.•15 views

CVE-2021-39268

6.1AI score0.01372EPSS

Exploits1References3

CNVD•added 2021/08/17 12:0 a.m.•14 views

Tastylgniter Cross-Site Scripting Vulnerability

TastyIgniter is a free open source restaurant online ordering system based on Laravel PHP Framework. A cross-site scripting vulnerability exists in Tastylgniter 3.0.7, which originates from the lack of validation of user-submitted data in the /account, /reservation, /admin/dashboard, and...

5.4CVSS5.5AI score0.07977EPSS

Exploits5References1

OSV•added 2021/08/13 3:21 p.m.•22 views

GHSA-PHWJ-86VX-CFJC Cross-site scripting in Apache Jena Fuseki

A vulnerability in the HTML pages of Apache Jena Fuseki allows an attacker to execute arbitrary javascript on certain page views. This issue affects Apache Jena Fuseki from version 2.0.0 to version 4.0.0 inclusive...

6.1CVSS6.4AI score0.02881EPSS

Exploits0References2

Veracode•added 2021/07/29 3:59 a.m.•8 views

Cross-site Scripting (XSS)

curly-bracket-parser is vulnerable to cross-site scripting. An attacker is able to inject and execute arbitrary Javascript in a user's browser when used as a template library due to lack of user input sanitization...

6.1CVSS6.8AI score0.00793EPSS

Exploits1References2Affected Software1

NVD•added 2021/07/25 9:15 p.m.•7 views

CVE-2021-37470

In NCH WebDictate v2.13, persistent Cross Site Scripting XSS exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary JavaScript...

5.4CVSS0.00585EPSS

Exploits1References2

CVE•added 2021/07/25 8:8 p.m.•64 views

CVE-2021-37470

CVE-2021-37470 : In NCH WebDictate v2.13, a persistent Cross-Site Scripting (XSS) flaw exists in the Recipient Name field. An authenticated user can modify this field to inject arbitrary JavaScript, enabling script execution associated with the user’s session. Documented references confirm the vu...

5.4CVSS5.2AI score0.00585EPSS

Exploits1References2Affected Software1

Veracode•added 2021/07/21 6:43 a.m.•17 views

Cross-Site Scripting (XSS)

typo3/cms is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via backend layouts...

6.4CVSS3.7AI score0.00603EPSS

Exploits0References2Affected Software1

OSV•added 2021/07/20 7:15 a.m.•1 views

CVE-2021-35054

Minecraft before 1.17.1, when online-mode=false is configured, allows path traversal for deletion of arbitrary JSON files...

7.5CVSS6.7AI score0.0143EPSS

Exploits0References3

CNNVD•added 2021/07/20 12:0 a.m.•5 views

Atlassian JIRA Server 跨站脚本漏洞

Atlassian JIRA Server is the server version of a defect tracking management system from Atlassian Australia. The system is mainly used for tracking and managing various types of issues and defects in work. A cross-site scripting vulnerability exists in Atlassian Jira Server, which can be exploite...

5.4CVSS5.4AI score0.00735EPSS

Exploits0References1

CNVD•added 2021/07/19 12:0 a.m.•18 views

Advantech R-SeeNet Cross-Site Scripting Vulnerability (CNVD-2021-57184)

Advantech R-SeeNet is an industrial monitoring software from Advantech, Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.A cross-site scripting vulnerability exists in the devicegraphpage.php script function of...

9.6CVSS3.6AI score0.07902EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by