CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19 matches found

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-9531

Malware in sbrugna...

6.1CVSS6.2AI score0.03724EPSS

Exploits5References5

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2013-6682

Malware in sbrugna...

6.1CVSS6.3AI score0.00664EPSS

Exploits2References5

OSV•added 2025/05/06 4:46 a.m.•1 views

MAL-2025-3620 Malicious code in flashcanvas (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d2a7c1d4db3a33aaeb6b2b80bf058332cdd082406999470a56960c36f28ad99d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score

Exploits0References3

OSSF Malicious Packages•added 2025/05/06 4:46 a.m.•2 views

Malicious code in flashcanvas (npm)

6.9AI score

Exploits0References3

NVD•added 2019/11/22 6:15 p.m.•9 views

CVE-2013-6880

Open redirect in proxy.php in FlashCanvas before 1.6 allows remote attackers to redirect users to arbitrary web sites and conduct cross-site scripting XSS attacks via the HTTP Referer header...

6.1CVSS6AI score0.00664EPSS

Exploits2References4

Prion•added 2019/11/22 6:15 p.m.•6 views

Cross site scripting

Open redirect in proxy.php in FlashCanvas before 1.6 allows remote attackers to redirect users to arbitrary web sites and conduct cross-site scripting XSS attacks via the HTTP Referer header...

4.3CVSS6AI score0.00664EPSS

Exploits2References4Affected Software1

Cvelist•added 2019/11/22 5:37 p.m.•10 views

CVE-2013-6880

Open redirect in proxy.php in FlashCanvas before 1.6 allows remote attackers to redirect users to arbitrary web sites and conduct cross-site scripting XSS attacks via the HTTP Referer header...

6AI score0.00664EPSS

Exploits2References4

CVE•added 2019/11/22 5:37 p.m.•68 views

CVE-2013-6880

CVE-2013-6880 is an open redirect vulnerability in FlashCanvas’s proxy.php (versions prior to 1.6) that can redirect users to arbitrary sites and enable XSS via the Referer header. Affected: FlashCanvas 1.5 and possibly older; fix: upgrade to FlashCanvas 1.6 or later. The issue status is active i...

6.1CVSS6AI score0.00664EPSS

Exploits2References4Affected Software1

CNVD•added 2019/04/03 12:0 a.m.•1 views

OpenEMR Cross-Site Scripting Vulnerability (CNVD-2019-14077)

OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. A security vulnerability exists in the flashcanvas.swf file in versions of OpenEMR...

6.1CVSS6.8AI score0.01384EPSS

Exploits0References1

0day.today•added 2018/10/12 12:0 a.m.•44 views

SugarCRM 6.5.26 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: SugarCRM 6.5.26 - Cross-Site Scripting Exploit Author: Purplemet Security Author Website: https://www.purplemet.com/ Vendor Homepage: https://www.sugarcrm.com/ Software Link: https://sourceforge.net/projects/sugarcrm/ Version:...

0.1AI score0.03724EPSS

Exploits5

exploitpack•added 2018/10/12 12:0 a.m.•17 views

SugarCRM 6.5.26 - Cross-Site Scripting

SugarCRM 6.5.26 - Cross-Site Scripting Exploit Title: SugarCRM 6.5.26 - Cross-Site Scripting Date: 2018-09-29 Exploit Author: Purplemet Security Author Website: https://www.purplemet.com/ Vendor Homepage: https://www.sugarcrm.com/ Software Link: https://sourceforge.net/projects/sugarcrm/ Version:...

4.3CVSS0.03724EPSS

Exploits5

CNVD•added 2018/10/12 12:0 a.m.•2 views

SugarCRM Community Edition Cross-Site Scripting Vulnerability

SugarCRM Community Edition is an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing for different customer needs, managing and distributing sales leads, and enabling information sharing and tracking of sales representatives. A...

6.1CVSS6AI score0.03724EPSS

Exploits5References1

OSV•added 2018/10/10 9:29 p.m.•0 views

CVE-2018-17784

Multiple vulnerabilities in YUI and FlashCanvas embedded in SugarCRM Community Edition 6.5.26 could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack on a targeted system...

6.1CVSS5.7AI score

Exploits0References3

NVD•added 2018/10/10 9:29 p.m.•8 views

CVE-2018-17784

6.1CVSS6.1AI score0.03724EPSS

Exploits5References3

Prion•added 2018/10/10 9:29 p.m.•12 views

Cross site scripting

4.3CVSS6AI score0.03724EPSS

Exploits5References3Affected Software1

CVE•added 2018/10/10 9:0 p.m.•54 views

CVE-2018-17784

CVE-2018-17784: SugarCRM Community Edition 6.5.26 contains multiple XSS vulnerabilities in YUI/FlashCanvas, via components such as uploader.swf, io.swf and flashcanvas.swf. An unauthenticated, remote attacker can inject arbitrary web scripts on a target system. Evidence across sources confirms th...

6.1CVSS6AI score0.03724EPSS

Exploits5References3Affected Software1

Tenable Nessus•added 2014/02/11 12:0 a.m.•11 views

FlashCanvas <= 1.5 Reflected Cross-site Scripting Attack

Binary data 8110.prm...

6.1CVSS7.3AI score0.00664EPSS

Exploits2References4

securityvulns•added 2014/01/09 12:0 a.m.•48 views

FlashCanvas 1.5 proxy.php XSS Vulnerability

Advisory Information Title: FlashCanvas proxy.php XSS Vulnerability Date published: 11 December 2013 Reference: CVE-2013-6880 Advisory Summary Script does not adequately verify the Referer header before requesting via curl the remote URL specified in the ‘url’ GET parameter and rendering it. Vend...

0.1AI score0.00664EPSS

Exploits2

seebug.org•added 2013/12/17 12:0 a.m.•21 views

FlashCanvas 'proxy.php'跨站脚本漏洞

Bugtraq ID:64251 CVE ID:CVE-2013-6880 FlashCanvas是一个JavaScript库，可使Internet Explorer支持HTML5 Canvas。 FlashCanvas 'proxy.php'脚本不充分校验Referer Header数据，允许远程攻击者利用漏洞提交特制的GET请求，可获取敏感信息或劫持用户会话。 0 FlashCanvas 1.5 厂商补丁： FlashCanvas ----- FlashCanvas 1.6已经修复该漏洞，请到厂商的主页下载： http://flashcanvas.net/...

6.5AI score0.00664EPSS

Exploits2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by