CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

248 matches found

CVE•added 2019/04/26 8:6 p.m.•48 views

CVE-2019-11533

CVE-2019-11533 affects ProjectSend prior to r1070, with a cross-site scripting (XSS) vulnerability that could allow remote attackers to inject arbitrary script/HTML. The issue stems from insufficient input sanitization in the affected component, enabling client-side script execution in the contex...

6.1CVSS6AI score0.01186EPSS

Exploits0References2Affected Software1

OSV•added 2019/01/15 9:29 p.m.•2 views

CVE-2019-0027

A persistent cross-site scripting XSS vulnerability in the Snort Rules configuration of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform...

5.4CVSS5.8AI score0.00624EPSS

Exploits0References1

Positive Technologies•added 2018/12/11 12:0 a.m.•3 views

PT-2018-2034 · Microsoft · Sharepoint Server

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Description: A cross-site-scripting XSS issue exists due to improper sanitization of specially crafted web requests to an affected SharePoint server. This could allow a remote attack...

5.4CVSS6.1AI score0.01587EPSS

Exploits0References8

CNVD•added 2018/06/15 12:0 a.m.•3 views

GetPocket Cross-Site Scripting Vulnerability

Pocket is the app to quickly save, discover, and recommend stories that interest you. A cross-site scripting vulnerability exists in GetPocket, which can be exploited by remote attackers to inject malicious script code or redirect users to malicious websites/phishing pages...

6.5AI score

Exploits0References1

CNVD•added 2018/05/14 12:0 a.m.•2 views

HP Network Automation Cross-Site Scripting Vulnerability (CNVD-2018-12125)

HP Network Automation Software is network configuration and management automation software. A cross-site scripting vulnerability exists in HP Network Automation, which could be exploited by remote attackers to inject malicious script or HTML code that, when viewed with malicious data, could gain...

6.1CVSS6AI score0.01553EPSS

Exploits0References1

OSV•added 2018/05/11 12:0 a.m.•2 views

UBUNTU-CVE-2018-5152

WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for the interception of username and an encrypted password during login to Firef...

6.5CVSS6.8AI score0.01651EPSS

Exploits0References4

UbuntuCve•added 2018/03/14 12:0 a.m.•19 views

CVE-2018-5135

WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged "about:" pages. This vulnerability affects Firefox 59...

7.5CVSS7.1AI score0.01548EPSS

Exploits0References3

CNVD•added 2018/03/02 12:0 a.m.•2 views

NAT32 HTTPD Cross-Site Scripting Vulnerability

NAT32 is a network sharing application. A cross-site scripting vulnerability exists in the NAT32 HTTPD component, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code that can be used to obtain sensitive information or hijack a user session when...

6.1CVSS6.2AI score0.02886EPSS

Exploits5References1

CNVD•added 2018/01/26 12:0 a.m.•1 views

WBCE CMS Cross-Site Scripting Vulnerability (CNVD-2018-02994)

WBCE CMS is an easy-to-use open source content management system based on PHP/MySQL. A cross-site scripting vulnerability exists in WBCE CMS 1.3.1. A remote authenticated administrator can use the "Modify Page" screen to inject arbitrary web script or HTML...

4.8CVSS6.1AI score0.00643EPSS

Exploits1References1

CNVD•added 2017/10/09 12:0 a.m.•2 views

HP UCMDB Foundation Software Cross-Site Scripting Vulnerability

HP UCMDB Foundation Software is able to provide users with bottom-up capabilities that include four parts: infrastructure auto-discovery, data modeling, service mapping definition and service impact analysis. A cross-site scripting vulnerability exists in HP UCMDB Foundation Software, which could...

6.1CVSS6.3AI score0.01181EPSS

Exploits0References1

CNVD•added 2017/08/30 12:0 a.m.•2 views

Coremail Cross-Site Scripting Vulnerability

Coremail mail system is a large-scale enterprise mail system independently developed by the company. A cross-site scripting vulnerability exists in Coremail XT3.0, which allows remote attackers to inject arbitrary Web script or HTML via hyperlinks in document attachments...

6.1CVSS5.5AI score0.00906EPSS

Exploits3References1

CNVD•added 2017/08/02 12:0 a.m.•2 views

WordPress Easy Testimonials Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports in PHP and MySQL servers to set up a personal blog site.WordPress Easy Testimonials is one of the plug-ins that can add information to the sidebar. A cross-site...

6.1CVSS5.9AI score0.0078EPSS

Exploits1References1

OSV•added 2017/07/07 1:29 p.m.•3 views

CVE-2017-2224

Cross-site scripting vulnerability in Event Calendar WD prior to version 1.0.94 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS5.9AI score0.01466EPSS

Exploits0References5

CNVD•added 2017/06/01 12:0 a.m.•1 views

WordPress Simple Slideshow Manager Cross-Site Scripting Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in Wordpress Simple Slideshow Manager, which can be exploited by remote attackers...

6.3AI score

Exploits0References1

CNVD•added 2017/05/23 12:0 a.m.•3 views

Atlassian JIRA Server Cross-Site Scripting Vulnerability

Atlassian JIRA Server is a defect tracking management system. A cross-site scripting vulnerability exists in Atlassian JIRA Server, which can be exploited by remote attackers to inject malicious script or HTML code to obtain sensitive information or hijack user sessions...

4.8CVSS6.2AI score0.00779EPSS

Exploits0References1

CNVD•added 2017/03/24 12:0 a.m.•2 views

MantisBT Cross-Site Scripting Vulnerability (CNVD-2017-04990)

MantisBT is the MantisBT team of a Web-based open source defect tracking system . MantisBT suffers from a cross-site scripting vulnerability that allows remote attackers to exploit the vulnerability to inject malicious script or HTML code that can be used to obtain sensitive information or hijack...

6.1CVSS6.2AI score0.00813EPSS

Exploits0References1

CNVD•added 2016/10/07 12:0 a.m.•1 views

Aternity Web Server Cross-Site Scripting Vulnerability

Aternity webserver is a web server. Aternity suffers from a cross-site scripting vulnerability that allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to obtain sensitive information or hijack user sessions when malicious data is viewed...

6.1CVSS6AI score0.01233EPSS

Exploits0References1

CNVD•added 2016/07/24 12:0 a.m.•1 views

TYPO3 Static Methods since 2007 Extended Cross-Site Scripting Vulnerability

TYPO3 is a free and open source content management system maintained by the Swiss TYPO3 Association. A cross-site scripting vulnerability in TYPO3 Static Methods since 2007 allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to gain acce...

6.2AI score

Exploits0References1

CNVD•added 2016/05/21 12:0 a.m.•2 views

Epoch Web Mailing List Cross-Site Scripting Vulnerability

Epoch Web Mailing List is a set of web mailing lists from Epoch Japan. Epoch Web Mailing List suffers from a cross-site scripting vulnerability that can be exploited by remote attackers to inject malicious script or HTML code, which can be used to obtain sensitive information or hijack a user's...

6.1CVSS6AI score0.01417EPSS

Exploits0References1

CNVD•added 2016/05/19 12:0 a.m.•2 views

Chamlio LMS Cross-Site Scripting Vulnerability

Chamilo is an open source e-learning and content management system. A cross-site scripting vulnerability exists in Chamilo LMS, which allows remote attackers to inject malicious script code into the client side of the affected application module...

6.5AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by