CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3296 matches found

Veracode•added 2018/05/03 2:58 a.m.•8 views

Cross-site Scripting (XSS)

textAngular is vulnerable to cross-site scripting XSS attacks. The application does not properly sanitize the Text Editor, allowing a malicious user to inject and execute arbitrary Javascript...

6.1AI score

Exploits0

Github Security Blog•added 2018/04/25 2:30 p.m.•22 views

Cross-Site Scripting in @risingstack/protect

All versions of @risingstack/protect are vulnerable to Cross-Site Scripting. The isXss XSS validator has several bypasses that may allow attackers to execute arbitrary JavaScript in a victim's browser. Recommendation No fix is currently available. Consider using an alternative package. The packag...

6.1CVSS5.2AI score0.01327EPSS

Exploits1References7Affected Software1

Cvelist•added 2018/04/24 3:0 p.m.•19 views

CVE-2018-7932

Huawei AppGallery versions before 8.0.4.301 has an arbitrary Javascript running vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism, which make the malicious Javascript loaded and run in the sma...

8.7AI score0.00421EPSS

Exploits0References1

Huawei•added 2018/04/23 12:0 a.m.•42 views

Security Advisory - Two Vulnerabilities in APPGallery of Huawei Smart Phones

There is a whitelist mechanism bypass vulnerability and an arbitrary Javascript running vulnerability in Huawei AppGallery. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism, which make the malicious...

8.8CVSS5.5AI score0.00666EPSS

Exploits0Affected Software1

Japan Vulnerability Notes•added 2018/04/12 5:33 a.m.•2 views

Tenable Appliance vulnerable to cross-site scripting

Overview Tenable Appliance provided by Tenable, Inc. contains a stored cross-site scripting vulnerability CWE-79. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

5.4CVSS5.8AI score0.00521EPSS

Exploits0References5

0day.today•added 2018/04/11 12:0 a.m.•42 views

Wordpress Activity Log 2.4.0 Plugin - Stored Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title : Activity Log Wordpress Plugin Stored Cross Site Scripting XSS Exploit Author : Stefan Broeder Vendor Homepage: https://pojo.me Software Link: https://wordpress.org/plugins/aryo-activity-log/ Version: 2.4.0 CVE : CVE-2018-8729...

4.3CVSS0.0563EPSS

Exploits7

Symantec•added 2018/04/10 8:0 a.m.•50 views

SA162: Multiple ASG and ProxySG Vulnerabilities

SUMMARY The Symantec ASG and ProxySG management consoles are susceptible to several vulnerabilities. A remote attacker, with access to the management console, can cause denial of service through management console application crashes. A malicious appliance administrator can also inject arbitrary...

6CVSS1.4AI score0.0523EPSS

Exploits2Affected Software2

Prion•added 2018/04/04 7:29 p.m.•15 views

Cross site scripting

Cross-site scripting XSS vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter...

3.5CVSS5.4AI score0.02009EPSS

Exploits5References1Affected Software1

CNVD•added 2018/03/21 12:0 a.m.•1 views

enhavo cross-site scripting vulnerability

enhavo is a set of open source CMS written in PHP based on the Symfony framework content management system. A cross-site scripting vulnerability exists in enhavo version 0.4.0. A remote attacker can exploit this vulnerability to inject and execute arbitrary types of JavaScript code...

4.8CVSS6.7AI score0.00637EPSS

Exploits0References1

Prion•added 2018/03/15 5:29 p.m.•14 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped...

4.3CVSS6AI score0.0563EPSS

Exploits7References5Affected Software1

Github Security Blog•added 2018/03/13 8:38 p.m.•73 views

pym.js CSRF Vulnerability

NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross Site Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 can result in Arbitrary javascript code execution. This attack appears to be...

8.8CVSS8.8AI score0.0104EPSS

Exploits0References6Affected Software1

OSV•added 2018/03/13 8:38 p.m.•14 views

GHSA-82GW-PQF7-Q3J2 pym.js CSRF Vulnerability

8.8CVSS9AI score0.0104EPSS

Exploits0References6

NVD•added 2018/03/13 3:29 p.m.•30 views

CVE-2018-1000086

NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 that can result in Arbitrary javascript code execution. This attack appear to be...

8.8CVSS9AI score0.0104EPSS

Exploits0References3

Prion•added 2018/03/13 3:29 p.m.•10 views

Cross site request forgery (csrf)

6.8CVSS9AI score0.0104EPSS

Exploits0References3Affected Software1

CNVD•added 2018/03/13 12:0 a.m.•2 views

Cross-Site Scripting Vulnerability in IBM WebSphere Portal

IBM WebSphere Portal is a suite of enterprise portal software from IBM. The software creates a platform that connects the internal and external parts of an organization, allowing employees, customers and suppliers to access internal data through the platform. A cross-site scripting vulnerability...

5.4CVSS6.4AI score0.00968EPSS

Exploits0References1

CNVD•added 2018/03/08 12:0 a.m.•3 views

Polycom QDX 6000 Cross-Site Scripting Vulnerability

The Polycom QDX 6000 devices is a video conferencing endpoint device from Polycom. A cross-site scripting vulnerability exists in the Web application feature of the Polycom QDX 6000 devices. A remote attacker can exploit this vulnerability to execute arbitrary Javascript code in a user's web...

6.1CVSS6.8AI score0.00647EPSS

Exploits0References1

CNVD•added 2018/03/07 12:0 a.m.•3 views

Voten.co Arbitrary Code Execution Vulnerability

Voten.co is an open source blogging community system. A security vulnerability exists in the resources/views/layouts/app.blade.php file in versions of Voten.co prior to 2017-08-25. An attacker can exploit the vulnerability to execute arbitrary JavaScript code when a user views the attacker's...

6.1CVSS7.4AI score0.00928EPSS

Exploits1References1

Veracode•added 2018/03/06 2:33 a.m.•10 views

Cross-site Scripting (XSS)

mrk.js is vulnerable to cross-site scripting XSS attacks. The library does not sanitize URL links during markdown parsing, allowing a malicious user to inject and execute arbitrary Javascript...

6.1AI score

Exploits0

OSV•added 2018/03/05 4:29 p.m.•1 views

CVE-2017-7427

Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Manager 4.6.1. In certain scenarios it was possible to execute arbitrary JavaScript code in the context of vulnerable application, via user.Context in the Object Selector,...

6.1CVSS5.6AI score

Exploits0References2

Prion•added 2018/03/05 4:29 p.m.•17 views

Cross site scripting

4.3CVSS6.4AI score0.008EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by