CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

46 matches found

CVE•added 2024/06/25 9:28 p.m.•45 views

CVE-2024-30112

CVE-2024-30112 concerns HCL Connections and describes a cross-site scripting (XSS) vulnerability. The issue allows an attacker to execute arbitrary script code in a user’s browser, which could enable theft of cookie-based authentication credentials and compromise of the user’s account, potentiall...

5.4CVSS5.7AI score0.01126EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2023/06/13 1:35 a.m.•25 views

CVE-2023-2121

A flaw was found in HashiCorp Vault and Vault Enterprise, where they are vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the key-value v2 kv-v2 diff viewer. A remote, authenticated attacker can inject malicious script into a Web page which would be...

4.3CVSS6.5AI score0.00574EPSS

Exploits0References4

Vulnrichment•added 2022/03/11 5:54 p.m.•6 views

CVE-2021-27414 User interface misrepresentation of critical information in Hitachi ABB Power Grids Ellipse EAM

An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management EAM versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials...

5.5CVSS6.4AI score0.00102EPSS

Exploits0References2

CNVD•added 2016/11/22 12:0 a.m.•1 views

OwnCloud Cross-Site Scripting Vulnerability (CNVD-2017-00095)

OwnCloud is a free and open source personal cloud storage solution from OwnCloud Germany. OwnCloud suffers from a cross-site scripting vulnerability that can be exploited by an attacker to steal cookie-based authentication credentials...

Exploits0References1

seebug.org•added 2014/07/01 12:0 a.m.•19 views

Rapid Classified 3.1 search.asp SH1 Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/21197/info Rapid Classified is prone to multiple input-validation issues, including multiple cross-site scripting issues and an SQL-injection issue, because the application fails to properly sanitize user-supplied input. ...

seebug.org•added 2014/07/01 12:0 a.m.•11 views

CyberShop Ultimate E-commerce Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/16473/info CyberShop Ultimate E-commerce is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage...

seebug.org•added 2014/07/01 12:0 a.m.•10 views

WordPress WP-FeedStats 2.1 HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25085/info The WP-FeedStats plugin for WordPress is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue may allow an attacker to execute HTML...

seebug.org•added 2014/07/01 12:0 a.m.•20 views

LocazoList Classifieds 1.0 SearchDB.ASP Input Validation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15812/info LocazoList Classifieds is prone to an input validation vulnerability that allows cross-site scripting and SQL injection attacks. An attacker may leverage this issue to have arbitrary script code executed in the...

seebug.org•added 2014/07/01 12:0 a.m.•16 views

aoblogger 2.3 login.php username Field SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/16286/info AOblogger is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of these vulnerabilities...

seebug.org•added 2014/07/01 12:0 a.m.•11 views

Jax PHP Scripts 1.0/1.34/2.14/3.31 petitionbook Script User IP Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/14482/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker may leverage any of the...

seebug.org•added 2014/07/01 12:0 a.m.•14 views

Blog System 1.x Multiple Input Validation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/39406/info Blog System is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include local file-include, SQL-injection, and...

seebug.org•added 2014/07/01 12:0 a.m.•14 views

Imatix Xitami 2.5 Server Side Includes Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10778/info It is reported that Imatix Xitami is affected by a cross-site scripting vulnerability in the server side includes test script. This issue is due to a failure of the application to properly sanitize user-supplie...

seebug.org•added 2014/07/01 12:0 a.m.•21 views

Qualiteam X-Cart 4.0.8 orders.php mode Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/13817/info X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. These vulnerabilities could permit remot...

seebug.org•added 2014/07/01 12:0 a.m.•15 views

SAP BusinessObjects 12 URI Redirection and Cross Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/37972/info SAP BusinessObjects is prone to multiple URI-redirection issues and multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. Attackers can exploit these issues to...

Exploit DB•added 2014/01/07 12:0 a.m.•21 views

Command School Student Management System - '/sw/admin_infraction_codes.php?id' SQL Injection

source: https://www.securityfocus.com/bid/64707/info Command School Student Management System is prone to the following security vulnerabilities: 1. Multiple SQL-injection vulnerabilities 2. A cross-site request forgery vulnerability 3. A cross-site scripting vulnerability 4. An HTML injection...

exploitpack•added 2013/06/26 12:0 a.m.•21 views

Motion - Multiple Vulnerabilities

Motion - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/60818/info Motion is prone to multiple security vulnerabilities including multiple buffer-overflow vulnerabilities, a cross-site scripting vulnerability and a cross-site request-forgery vulnerability. An attacker may...

Exploit DB•added 2012/09/10 12:0 a.m.•18 views

VICIDIAL Call Center Suite - Multiple SQL Injections

source: https://www.securityfocus.com/bid/55476/info VICIDIAL Call Center Suite is prone to multiple SQL-injection vulnerabilities and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to...

seebug.org•added 2012/05/09 12:0 a.m.•6 views

MyBB 1.6.7之前版本多个安全漏洞

BUGTRAQ ID: 53417 MyBB是一款流行的Web论坛程序。 MyBB 1.6.7之前版本在实现上存在多个安全漏洞，成功利用后可允许攻击者执行任意脚本代码、窃取Cookie身份验证凭证、控制应用、访问或修改数据或利用底层数据库中的其他漏洞并访问敏感数据。 0 MyBB 1.6.x MyBB 1.4.x 厂商补丁： MyBB ---- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.mybboard.com/...

exploitpack•added 2012/03/14 12:0 a.m.•9 views

Maxs Guestbook 1.0 - Multiple Remote Vulnerabilities

Maxs Guestbook 1.0 - Multiple Remote Vulnerabilities source: https://www.securityfocus.com/bid/52471/info Max's Guestbook is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary HTML and script code in the context of the affected browser,...

securityvulns•added 2011/03/10 12:0 a.m.•50 views

HTB22880: XSS vulnerability in CosmoShop

Vulnerability ID: HTB22880 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityincosmoshop1.html Product: CosmoShop Vendor: Zaunz Publishing GmbH http://www.cosmoshop.de/ Vulnerable Version: ePRO V10.05.00 Vendor Notification: 24 February 2011 Vulnerability Type: Stored XSS Cross Site...

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by