CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNVD•added 2020/02/17 12:0 a.m.•2 views

iTop Cross-Site Scripting Vulnerability (CNVD-2020-10004)

iTop is open source ITIL ITSM software. A cross-site scripting vulnerability exists in iTop 2.6.0 and earlier versions. The vulnerability stems from the lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side code...

6.1CVSS6.4AI score0.0024EPSS

Exploits2References1

CNVD•added 2020/02/14 12:0 a.m.•1 views

Wowza Streaming Engine Code Execution Vulnerability

Wowza Streaming Engine is a streaming media server software from Wowza Media Systems. The program supports live streaming, VOD, online video chat, and remote recording. A security vulnerability exists in Wowza Streaming Engine. The vulnerability stems from the lack of proper validation of client...

7.8CVSS7.2AI score0.00085EPSS

CNVD•added 2020/02/12 12:0 a.m.•1 views

IBM Security Secret Cross-Site Scripting Vulnerability

IBM Security Secret Server is a set of privileged access management solutions from IBM USA. The product supports password management, privileged account identification and privileged session access monitoring and logging. A cross-site scripting vulnerability exists in IBM Security Secret. The...

6.1CVSS8.8AI score0.00219EPSS

6.1CVSS6.4AI score0.00753EPSS

Zimbra Collaboration Cross-Site Scripting Vulnerability (CNVD-2020-05089)

Zimbra Collaboration is a suite of email and collaboration solutions from Zimbra USA. The solution offers email, contacts, calendaring, file sharing, social networking, and more. A cross-site scripting vulnerability exists in Zimbra Collaboration. The vulnerability stems from the WEB application...

6.2CVSS6.4AI score0.00205EPSS

Dell EMC ECS Cross-Site Scripting Vulnerability

DELL EMC ELASTIC CLOUD STORAGE ECS software-defined object storage, designed for legacy and next-generation workloads, offers excellent scalability, flexibility and resiliency. Dell EMC ECS cross-site scripting vulnerability. The vulnerability stems from a lack of proper validation of client data...

CNVD•added 2020/02/11 12:0 a.m.•2 views

WSO2 API Manager Cross-Site Scripting Vulnerability (CNVD-2020-05094)

WSO2 API Manager is an open source api management platform , provides a series of api creation , release , lifecycle management , version control , monetization, governance and security features , used to support organizations to achieve soa. A cross-site scripting vulnerability exists in WSO2 AP...

4.8CVSS6.4AI score0.00434EPSS

6.1CVSS6.4AI score0.0062EPSS

Zimbra Collaboration Cross-Site Scripting Vulnerability (CNVD-2020-05087)

6.1CVSS6.5AI score0.08522EPSS

WordPress Auth0 wp-auth0 Cross-Site Scripting Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Auth0 wp-auth0. The vulnerability stems from the WEB application...

5.4CVSS6.4AI score0.00923EPSS

Zimbra Collaboration Cross-Site Scripting Vulnerability (CNVD-2020-05085)

CNVD•added 2020/02/11 12:0 a.m.•2 views

Red Hat Keycloak Cross-Site Scripting Vulnerability

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A cross-site scripting vulnerability exists in Red Hat keycloak versions prior to 9.0.0. The vulnerability stems from a lack of proper...

6.1CVSS6.5AI score0.00283EPSS

CNVD•added 2020/02/03 12:0 a.m.•2 views

F5 BIG-IP APM cross-site scripting vulnerability (CNVD-2020-50291)

F5 BIG-IP APM is a suite of access and security solutions from F5 USA. The product provides unified access to business-critical applications and networks. A cross-site scripting vulnerability exists in F5 BIG-IP APM. The vulnerability stems from a lack of proper validation of client data by the W...

5.4CVSS6.3AI score0.00275EPSS

CNVD•added 2020/02/03 12:0 a.m.•1 views

python-markdown2 cross-site scripting vulnerability

python-markdown is a library for python. A cross-site scripting vulnerability exists in python-markdown2 versions prior to 1.0.1.14. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-si...

6.1CVSS6.4AI score0.00328EPSS

CNVD•added 2020/01/23 12:0 a.m.•1 views

Cisco Email Security Appliance Cross-Site Scripting Vulnerability

Cisco Email Security Appliance ESA is an email security appliance from Cisco in the U.S. AsyncOS Software is the operating system that runs on it. A cross-site scripting vulnerability exists in the Cisco Email Security Appliance 13.0 and prior versions. The vulnerability stems from a lack of prop...

6.1CVSS6.3AI score0.00469EPSS

CNVD•added 2020/01/20 12:0 a.m.•1 views

UHP UHP-100 cross-site scripting vulnerability (CNVD-2020-07243)

The UHP-100 is a high-performance router designed for large-scale deployment in broadband VSAT networks. A cross-site scripting vulnerability exists in UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3. The vulnerability stems from a lack of proper validation of client data by the WEB application. An attacker...

6.1CVSS6.4AI score0.00328EPSS

CNVD•added 2020/01/20 12:0 a.m.•1 views

SAP Disclosure Management Cross-Site Scripting Vulnerability (CNVD-2020-03253)

SAP Disclosure Management is an automated financial disclosure management system from SAP. The system provides a collaborative financial disclosure process across teams, geographies, systems and data sources. A cross-site scripting vulnerability exists in SAP Disclosure Management versions prior ...

5.4CVSS6.1AI score0.00306EPSS

CNVD•added 2020/01/19 12:0 a.m.•4 views

WordPress chained-quiz cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. chained-quiz is a chained quiz creation plugin used in it. A cross-site scripting vulnerability exists in WordPress chained-quiz versi...

6.1CVSS6.3AI score0.02606EPSS

Exploits2References1

CNVD•added 2020/01/19 12:0 a.m.•2 views

Cacti Cross-Site Scripting Vulnerability (CNVD-2020-04005)

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to get the data , using RRDtool drawing graphs to analyze , and provide data and user management features . A cross-site scripting vulnerability exists in several files in Cac...

6.1CVSS7.1AI score0.03534EPSS

CNVD•added 2020/01/15 12:0 a.m.•1 views

WordPress flog cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress flog version 0.1. The vulnerability stems from a lack...

6.1CVSS6.3AI score0.00259EPSS

Exploits2References1

CNVD•added 2020/01/13 12:0 a.m.•2 views

OpenTrade Cross-Site Scripting Vulnerability

OpenTrade is an open source cryptocurrency trading platform. A cross-site scripting vulnerability exists in OpenTrade 0.2.0 and prior versions. The vulnerability stems from a lack of proper validation of client-side data in the WEB application. An attacker can exploit the vulnerability to execute...

7.6CVSS6.4AI score0.00399EPSS