CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1345 matches found

Japan Vulnerability Notes•added 2013/12/10 12:0 a.m.•39 views

JVN#21336955: Cybozu Dezie vulnerable to cross-site scripting

Cybozu Dezie provided by Cybozu, Inc. contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of a user that is logged on. Solution Update the Software Update to the latest version according to the information provided by the developer. Product...

4.3CVSS5.9AI score0.00475EPSS

Exploits0

NVD•added 2013/11/18 3:55 a.m.•18 views

CVE-2013-4842

Cross-site scripting XSS vulnerability in HP Integrated Lights-Out 4 iLO4 with firmware before 1.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.7AI score0.00623EPSS

Exploits0References1

Packet Storm•added 2013/10/30 12:0 a.m.•58 views

Zabbix Authenticated Remote Command Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Zabbix Authenticated Remote Command Execution', 'Description' = %q ZABBIX allows an administrator to create scripts that will be run ...

0.4AI score0.89439EPSS

Exploits6

Prion•added 2013/08/17 4:55 p.m.•24 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in actionscript/Jplayer.as in the Flash SWF component jplayer.swf in jPlayer before 2.2.23 allow remote attackers to inject arbitrary web script or HTML via the 1 jQuery or 2 id parameters, a different vulnerability than CVE-2013-1942 and...

4.3CVSS5.9AI score0.08796EPSS

Exploits3References8Affected Software1

Japan Vulnerability Notes•added 2013/07/26 4:33 a.m.•3 views

WordPress vulnerable to cross-site scripting

Overview WordPress contains a cross-site scripting vulnerability due to an issue in the SWFUpload library. ma.la reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the...

10CVSS6.1AI score0.03863EPSS

Exploits9References6

Japan Vulnerability Notes•added 2013/06/27 5:31 a.m.•1 views

EC-CUBE vulnerable to cross-site scripting

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN98665228. Daiki Ishimori of Gehirn Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...

4.3CVSS6.1AI score0.00388EPSS

Exploits0References5

Japan Vulnerability Notes•added 2013/06/27 12:0 a.m.•28 views

JVN#07192063: EC-CUBE vulnerable to cross-site scripting

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN98665228. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the update ...

4.3CVSS5.8AI score0.00388EPSS

Exploits0

Prion•added 2013/06/21 7:55 p.m.•12 views

Cross site scripting

Cross-site scripting XSS vulnerability in the phptemplatepreprocessnode function in template.php in the Inf08 theme 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a taxonomy vocabulary name...

4.3CVSS5.7AI score0.00475EPSS

Exploits0References6Affected Software1

Cvelist•added 2013/05/10 9:0 p.m.•20 views

CVE-2013-3526

Cross-site scripting XSS vulnerability in js/taloaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter...

5.8AI score0.08185EPSS

Exploits1References5

Exploit DB•added 2013/03/29 12:0 a.m.•48 views

jPlayer - 'Jplayer.swf' Script Cross-Site Scripting

source: https://www.securityfocus.com/bid/59030/info jPlayer is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

7AI score

Exploits0

Prion•added 2013/03/06 1:10 p.m.•11 views

Cross site scripting

Cross-site scripting XSS vulnerability in Welcome.do in the Data Management Portal Web User Interface in IBM Tivoli Application Dependency Discovery Manager TADDM 7.2.x before 7.2.1.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

3.5CVSS5.4AI score0.00188EPSS

Exploits0References3Affected Software1

Exploit DB•added 2013/03/05 12:0 a.m.•22 views

WordPress Plugin Count Per Day - 'daytoshow' Cross-Site Scripting

source: https://www.securityfocus.com/bid/58307/info The Count Per Day plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An authenticated attacker may leverage this issue to execute arbitrary script code in the browser...

7.4AI score

Exploits0

Prion•added 2012/12/26 5:55 p.m.•12 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Mixpanel module 6.x-1.x before 6.x-1.1 in Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via the Maxpanel token...

2.1CVSS5.6AI score0.00335EPSS

Exploits0References6Affected Software1

Prion•added 2012/12/11 12:18 p.m.•17 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset data to discoveryServlet/WsDiscoveryServlet, as demonstrated by the DocRoot/ComputerInformation/output...

4.3CVSS6.1AI score0.01508EPSS

Exploits0References2Affected Software1

NVD•added 2012/12/03 9:55 p.m.•15 views

CVE-2012-5551

Multiple cross-site scripting XSS vulnerabilities in the MailChimp module 7.x-2.x before 7.x-2.7 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 a predictable "webhook URL key" and 2 improper sanitization of "Webhook variables from POST requests."...

4.3CVSS5.8AI score0.00285EPSS

Exploits0References4

exploitpack•added 2012/11/19 12:0 a.m.•30 views

Splunk 4.3.1 - Denial of Service

Splunk 4.3.1 - Denial of Service source: https://www.securityfocus.com/bid/56581/info Splunk is prone to multiple cross-site scripting vulnerabilities and a denial-of-service vulnerability because it fails to properly handle user-supplied input. An attacker may leverage these issues to cause...

7.3AI score

Exploits0

ATTACKERKB•added 2012/10/01 10:55 p.m.•2 views

CVE-2012-5233

Cross-site scripting XSS vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote authenticated users with edit stickynotes privileges to inject arbitrary web script or HTML via unspecified vecotrs...

2.1CVSS5.7AI score0.00324EPSS

Exploits0References7

OSV•added 2012/09/25 11:55 p.m.•9 views

CVE-2012-0869

Cross-site scripting XSS vulnerability in fup in Frams' Fast File EXchange FEX, aka fex before 20120215 allows remote attackers to inject arbitrary web script or HTML via the id parameter...

5.5AI score

Exploits0References11

exploitpack•added 2012/09/25 12:0 a.m.•12 views

WordPress Plugin Token Manager - tid Cross-Site Scripting

WordPress Plugin Token Manager - tid Cross-Site Scripting source: https://www.securityfocus.com/bid/55664/info The Token Manager plugin for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to...

6.7AI score

Exploits0

NVD•added 2012/09/17 8:55 p.m.•8 views

CVE-2012-1899

Multiple cross-site scripting XSS vulnerabilities in webfolio/admin/users/edit in Webfolio CMS 1.1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 First name, 2 Last name or 3 Email required fields...

4.3CVSS5.8AI score0.00285EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by