CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3296 matches found

Node.js•added 2019/06/17 7:15 p.m.•13 views

Cross-Site Scripting

Overview Versions of keystone prior to 4.0.0 are vulnerable to Cross-Site Scripting XSS. The package fails to properly encode rendered HTML on admin-created blog posts. This allows attackers to execute arbitrary JavaScript in the victim's browser. Exploiting this vulnerability requires having...

6.6AI score

Exploits0Affected Software1

Veracode•added 2019/06/17 12:21 a.m.•19 views

Cross-site Scripting (XSS)

jenkins-plugin-lockable-resources is vulnerable to cross-site scripting. A remote attacker is able to inject arbtirary Javascript into a victim's browser via resource names...

5.4CVSS6.1AI score0.03338EPSS

Exploits0References8Affected Software1

OSV•added 2019/06/05 4:29 p.m.•2 views

CVE-2019-9673

Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI...

8.8CVSS7.5AI score0.03983EPSS

Exploits1References3

Cvelist•added 2019/06/05 3:40 p.m.•24 views

CVE-2019-9673

Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI...

8.5AI score0.03983EPSS

Exploits1References3

Prion•added 2019/05/31 3:29 p.m.•16 views

Cross site scripting

A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacker with Job/Configure permission to inject arbitrary JavaScript in build overview pages...

3.5CVSS5.2AI score0.01097EPSS

Exploits0References3Affected Software1

OSV•added 2019/05/31 3:29 p.m.•14 views

CVE-2019-10325

A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacker with Job/Configure permission to inject arbitrary JavaScript in build overview pages...

5.4CVSS5.9AI score

Exploits0References3

NVD•added 2019/05/31 3:29 p.m.•24 views

CVE-2019-10325

A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacker with Job/Configure permission to inject arbitrary JavaScript in build overview pages...

5.4CVSS5.1AI score0.01097EPSS

Exploits0References3

AlpineLinux•added 2019/05/31 2:20 p.m.•25 views

CVE-2019-10325

A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacker with Job/Configure permission to inject arbitrary JavaScript in build overview pages...

5.4CVSS3.2AI score0.01097EPSS

Exploits0References3

Github Security Blog•added 2019/05/30 5:23 p.m.•28 views

Cross-Site Scripting in bootbox

All version of bootbox are vulnerable to Cross-Site Scripting. The package does not sanitize user input in the provided dialog boxes, allowing attackers to inject HTML code and execute arbitrary JavaScript. Recommendation Sanitize user input being passed to bootbox or consider using an alternativ...

5.4AI score

Exploits0References4Affected Software1

Veracode•added 2019/05/22 3:0 p.m.•19 views

Cross-Site Scripting (XSS)

Apache JSPWiki is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via a malicious attachment via the AttachmentTab to steal session tokens or perform unwanted actions on behalf of the user...

6.1CVSS5.9AI score0.04725EPSS

Exploits0References4Affected Software2

Veracode•added 2019/05/21 8:22 a.m.•17 views

Cross-Site Scripting (XSS)

Apache JSPWiki is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser via a malicious InterWiki link to steal session tokens or perform unwanted actions on behalf of the user...

6.1CVSS6AI score0.04701EPSS

Exploits0References5Affected Software1

Veracode•added 2019/05/21 2:27 a.m.•21 views

Cross-Site Scripting (XSS)

Apache JSPWiki is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the ReferredPagesPlugin and navigation breadcrumbs, to steal session tokens or perform unwanted actions on behalf of the user...

6.1CVSS5.9AI score0.04937EPSS

Exploits0References6Affected Software2

Veracode•added 2019/05/20 12:55 a.m.•18 views

Cross-Site Scripting (XSS)

foreman is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript in a victim's browser by creating a malicious entity that executes upon the display of the success notification...

7.6CVSS5.2AI score0.00878EPSS

Exploits0References467Affected Software242

Veracode•added 2019/05/16 7:12 a.m.•11 views

Cross-site Scripting (XSS)

mermaid is vulnerable to Cross-Site Scripting. Due to improper output encoding, a malicious input such as A"" can be provided to the application, allowing a remote attacker to execute arbitrary Javascript on the victim's browser...

7.2AI score

Exploits0

Veracode•added 2019/05/15 9:21 a.m.•20 views

Cross-Site Scripting (XSS)

getkirby/kirby is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victims browser via the Title of the "Site options" in the admin panel dashboard dropdown...

4.8CVSS5.2AI score0.00683EPSS

Exploits1References1Affected Software1

Veracode•added 2019/05/15 4:28 a.m.•14 views

Cross-Site Scripting (XSS)

angular-froala is vulnerable to cross-site scripting XSS. The ngModel.$isEmpty function allows a remote attacker to inject arbitrary Javascript into a victim's browser since it bypasses the native froala security cleaning method by executing the content of value with the jQuery function...

6.1AI score

Exploits0

Veracode•added 2019/05/14 2:20 a.m.•18 views

Cross-Site Scripting (XSS)

getkirby/kirby is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the title of a new page...

5.4CVSS5.4AI score0.00696EPSS

Exploits1References1Affected Software1

OSV•added 2019/05/09 6:29 p.m.•2 views

CVE-2019-1568

Cross-site scripting XSS vulnerability in Palo Alto Networks Demisto 4.5 build 40249 may allow an unauthenticated attacker to run arbitrary JavaScript or HTML...

6.1CVSS6.7AI score0.00871EPSS

Exploits0References1

NVD•added 2019/05/09 6:29 p.m.•17 views

CVE-2019-1568

Cross-site scripting XSS vulnerability in Palo Alto Networks Demisto 4.5 build 40249 may allow an unauthenticated attacker to run arbitrary JavaScript or HTML...

6.1CVSS6.5AI score0.00871EPSS

Exploits0References1

Veracode•added 2019/05/02 5:28 a.m.•24 views

Cross-Site Scripting (XSS)

Red Hat Satellite 5 is vulnerable to cross-site scripting XSS attacks. A remote attacker is able to pass malicious input via the parameters in admin/BunchDetail.do; and software/packages/NameOverview.do; with the intention of executing arbitrary Javascript code on the victims browser...

6.1CVSS5.9AI score0.01175EPSS

Exploits0References11Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by