CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

362 matches found

Prion•added 2024/03/12 1:15 a.m.•38 views

Cross site scripting

Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - versions 7.89, 7.93, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. A successful attack can allow a malicious attacker to access and modify data through their ability to...

4.9CVSS5.4AI score0.00781EPSS

Exploits0References2

Positive Technologies•added 2024/03/11 12:0 a.m.•4 views

PT-2024-22122 · Sap · Sap Netweaver As Abap

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS ABAP versions 7.89, 7.93 Description: The issue is related to Cross-Site Scripting XSS due to insufficient encoding of user-controlled inputs in applications based on SAP GUI for HTML. This allows a malicious attacker to...

6.1CVSS6.2AI score0.00781EPSS

Exploits0References5

OSV•added 2024/02/13 3:15 a.m.•1 views

CVE-2024-24742

SAP CRM WebClient UI - version S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. An attacker wi...

4.1CVSS5.8AI score0.00222EPSS

Exploits0References2

ATTACKERKB•added 2024/02/13 2:15 a.m.•0 views

CVE-2024-22128

SAP NWBC for HTML - versions SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPBASIS 700, SAPBASIS 701, SAPBASIS 702, SAPBASIS 731, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. An unauthenticated attacker can inject malicious javascript to...

6.1CVSS5.4AI score0.01258EPSS

Exploits0References3

OSV•added 2024/02/13 2:15 a.m.•1 views

CVE-2024-22128

6.1CVSS5.8AI score0.01258EPSS

Exploits0References2

Prion•added 2024/02/13 2:15 a.m.•17 views

Cross site scripting

SAP NWBC for HTML - versions SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, SAPBASIS 700, SAPBASIS 701, SAPBASIS 702, SAPBASIS 731, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. An unauthenticated attacker can inject malicious...

4CVSS6.2AI score0.01258EPSS

Exploits0References2

Positive Technologies•added 2024/02/12 12:0 a.m.•2 views

PT-2024-3898 · Sap · Sap Crm Webclient Ui

Name of the Vulnerable Software and Affected Versions: SAP CRM WebClient UI versions S4FND 102 through S4FND 106 SAP CRM WebClient UI versions WEBCUIF 701 through WEBCUIF 801 Description: The SAP CRM WebClient UI does not sufficiently encode user-controlled inputs, resulting in a Cross-Site...

4.1CVSS5.8AI score0.00222EPSS

Exploits0References7

Positive Technologies•added 2024/02/12 12:0 a.m.•2 views

PT-2024-4069 · Sap · Sap Nwbc For Html

Name of the Vulnerable Software and Affected Versions: SAP NWBC for HTML - versions SAP UI 754 through SAP UI 758 SAP NWBC for HTML - versions SAP BASIS 700 through SAP BASIS 702 SAP NWBC for HTML - version SAP BASIS 731 Description: The issue arises from insufficient encoding of user-controlled...

6.1CVSS5.7AI score0.01258EPSS

Exploits0References8

Github Security Blog•added 2024/02/08 6:46 p.m.•39 views

Rancher API Server Cross-site Scripting Vulnerability

Impact A vulnerability has been identified in which unauthenticated cross-site scripting XSS in the API Server's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely. The attack vector was identifi...

8.3CVSS6.1AI score0.00347EPSS

Exploits0References10Affected Software1

Vulnrichment•added 2024/01/26 10:18 a.m.•7 views

CVE-2024-23894 Cross-Site Scripting (XSS) vulnerability in Cups Easy

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/stockissuancecreate.php, in the issuancedate parameter. Exploitation of this...

8.2CVSS7.1AI score0.00051EPSS

Exploits0References1

NVD•added 2024/01/26 10:15 a.m.•7 views

CVE-2024-23889

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/itemgroupcreate.php, in the itemgroupid parameter. Exploitation of this...

8.2CVSS7.2AI score0.0007EPSS

Exploits0References1

NVD•added 2024/01/26 9:15 a.m.•10 views

CVE-2024-23860

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/currencylist.php, in the description parameter. Exploitation of this vulnerability...

8.2CVSS7.2AI score0.00051EPSS

Exploits0References1

Vulnrichment•added 2024/01/26 9:13 a.m.•3 views

CVE-2024-23874 Cross-Site Scripting (XSS) vulnerability in Cups Easy

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/companymodify.php, in the address1 parameter. Exploitation of this vulnerability...

8.2CVSS7.1AI score0.00051EPSS

Exploits0References1

NVD•added 2024/01/25 2:15 p.m.•12 views

CVE-2024-23855

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/taxcodemodify.php, in multiple parameters. Exploitation of this vulnerability coul...

8.2CVSS7.2AI score0.00051EPSS

Exploits0References1

OSV•added 2024/01/25 12:15 p.m.•4 views

CVE-2023-6282

IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, which creates a Cross-Site Scripting XSS vulnerability via /icehrm/app/fileuploadpage.php, in multiple parameters. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload and partially...

6.1CVSS5.7AI score

Exploits0References1

Vulnrichment•added 2024/01/25 11:37 a.m.•10 views

CVE-2023-6282 Cross-Site Scripting vulnerability in IceHrm

5.4CVSS5.9AI score0.00076EPSS

Exploits0References1

Positive Technologies•added 2024/01/25 12:0 a.m.•5 views

PT-2024-14924 · Ice Hrm · Ice Hrm

Name of the Vulnerable Software and Affected Versions: IceHrm version 23.0.0.OS Description: The issue arises from insufficient encoding of user-controlled input, leading to a Cross-Site Scripting XSS vulnerability. This vulnerability can be exploited via the /icehrm/app/fileupload page.php...

6.1CVSS5.9AI score0.00076EPSS

Exploits0References5

CNNVD•added 2024/01/25 12:0 a.m.•1 views

Cups Easy Cross-Site Scripting Vulnerability

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. A cross-site scripting vulnerability exists in Cups Easy version 1.0, which stems from insufficiently encoded user-controlled input that results in multiple parameters in...

8.2CVSS6.3AI score0.00051EPSS

Exploits0References2

OSV•added 2024/01/09 2:15 a.m.•0 views

CVE-2024-21738

SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation...

5.4CVSS5.8AI score0.00259EPSS

Exploits0References2

CNNVD•added 2024/01/09 12:0 a.m.•2 views

SAP NetWeaver ABAP Server 跨站脚本漏洞

SAP NetWeaver ABAP Server is a German SAP SAP company used as a Web application server for SAP products. A cross-site scripting vulnerability exists in SAP NetWeaver ABAP Server, which stems from a cross-site scripting XSS vulnerability due to insufficient encoding of user-controlled input. An...

5.4CVSS5.5AI score0.00259EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by