CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SUSE CVE•added 2023/02/15 5:22 a.m.•1 views

SUSE CVE-2015-1159

Cross-site scripting XSS vulnerability in the cgiputs function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/...

4.3CVSS6.1AI score0.58776EPSS

Exploits5References8

OSV•added 2022/05/12 8:15 p.m.•1 views

CVE-2022-23165

Sysaid – Sysaid 14.2.0 Reflected Cross-Site Scripting XSS - The parameter "helpPageName" used by the page "/help/treecontent.jsp" suffers from a Reflected Cross-Site Scripting vulnerability. For an attacker to exploit this Cross-Site Scripting vulnerability, it's necessary for the affected produc...

6.1CVSS5.9AI score

CNNVD•added 2022/05/12 12:0 a.m.•2 views

Sysaid Technologies Sysaid 跨站脚本漏洞

Sysaid Technologies SysAid is a suite of IT service management solutions from Sysaid Technologies, Israel. Sysaid Technologies Sysaid version 14.2.0 suffers from a cross-site scripting vulnerability that originates from a lack of filtering and escaping of the parameter helpPageName used by the pa...

6.1CVSS6.2AI score0.00146EPSS

Exploits0References2

ATTACKERKB•added 2022/05/09 11:39 a.m.•2 views

CVE-2022-23165

6.1CVSS6.4AI score0.00146EPSS

Exploits0References2

OSV•added 2021/10/19 1:15 p.m.•1 views

CVE-2021-38466

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not perform sufficient input validation on client requests from the help page. This may allow an attacker to perform a reflected cross-site scripting attack, which could allow an attacker to run code on behalf of the client...

6.1CVSS6.4AI score

CNNVD•added 2021/01/26 12:0 a.m.•1 views

Wing FTP 跨站脚本漏洞

Wing FTP Server is a cross-platform FTP server software. A cross-site scripting vulnerability exists in Wing FTP version 6.4.4, where an arbitrary IFRAME element can be included in a help page via a specially crafted link, which can be exploited by an attacker to execute sandbox arbitrary HTML an...

6.1CVSS6.4AI score0.52763EPSS

Exploits1References3

OSV•added 2019/11/13 8:15 p.m.•0 views

CVE-2019-18793

Parallels Plesk Panel 9.5 allows XSS in target/locales/tr-TR/help/index.htm? via the "fileName" parameter...

6.1CVSS5.8AI score

Hacker One•added 2019/05/03 3:32 p.m.•26 views

Shopify: help.shopify.com Cross Site Scripting

Hello Security Team. Tested windows 10 and edge Microsoft Edge 44.17763.1.0 , internet explorer Test Url : https://help.shopify.com/it/partners/resources/marketing-pack-for-accountants Payload: ?v0sjx'-alert1-'uyvvr=1 Proof Url: Open Url: edge , internet explorer , click me "Condividi il tuo...

7.1AI score

OSV•added 2017/09/28 1:29 a.m.•1 views

CVE-2017-14524

Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a 1 URL in the startat parameter to xda/help/en/default.htm or 2 /%09/ slash encoded horizontal tab slash...

6.1CVSS5.9AI score

Exploits0References2

CNVD•added 2017/09/16 12:0 a.m.•1 views

Cross-site scripting vulnerability in S-CMS /admin/help.asp page

S-CMS is a corporate website building system developed by Zibo Shining Network Technology Co. A cross-site scripting vulnerability exists in the /admin/help.asp page in S-CMS v3.0 build20170911. Allows an attacker to construct XSS statements and perform pop-up box operations to obtain sensitive...

5.7AI score

Openbugbounty•added 2017/09/08 4:8 a.m.•10 views

360.io XSS vulnerability

Vulnerable URL: https://360.io/help/myaccount/!prettyPhoto/x,%3Csvg/onload=alert%27openbugbounty%27%3E/x Details: Description| Value ---|--- Patched:| No Latest check for patch:| 07.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 636457 VIP website status:| ...

OSV•added 2017/07/12 8:29 p.m.•1 views

CVE-2017-11195

Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is reflected in an IFRAME element, if the value contains two quotes. It properly sanitizes quotes and tags, so one cannot simply close the src with a quote and inject after that. However, an attacker can...

6.1CVSS5.8AI score0.00388EPSS

Exploits0References3

Openbugbounty•added 2017/07/04 12:16 p.m.•9 views

filodiretto.it XSS vulnerability

Vulnerable URL: https://www.filodiretto.it/site/res/asp/prompthelp.asp?From=1"...

6.9AI score

Openbugbounty•added 2017/05/11 9:47 p.m.•11 views

landroverinsurance.com XSS vulnerability

Vulnerable URL: https://www.landroverinsurance.com/Verex/html/help.html%3C!%27/%22/%27/%22/--%3E%3C/Script%3E%3CImage%20Srcset=K%20/;%20Onerror=confirm%60OPENBUGBOUNTY%60%20//%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 04.08.2017 Vulnerability type:| XSS...

Openbugbounty•added 2016/12/29 3:34 p.m.•18 views

holidayautos.co.uk XSS vulnerability

Vulnerable URL: https://www.holidayautos.co.uk/help/'"--!...

6.9AI score

Openbugbounty•added 2016/04/12 2:24 a.m.•12 views

help.webex.com XSS vulnerability

Vulnerable URL: https://help.webex.com/tags?tags=%22%3E%3C/option%3E%3C%20/select%3E%3Cbody/onpageshow=prompt%28%29%3E%22%3E%3Csvg/onload=prompt%28/OPENBUGBOUNTY/%29%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...

Openbugbounty•added 2016/01/12 7:51 a.m.•6 views

ebates.com XSS vulnerability

Vulnerable URL: http://www.ebates.com/help/customercare/whereismyrebate.do Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 518 Google Pagerank| 5 VIP website status:| Yes Check...