CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4739 matches found

Packet Storm•added 2019/01/12 12:0 a.m.•189 views

AudioCode 400HD Cross Site scripting

CVE-2018-10091 Stored XSS vulnerabilities in AudioCode IP phones Description The AudioCodes 400HD series of IP phones is a range of easy-to-use, feature-rich desktop devices for the service provider hosted services, enterprise IP telephony and contact center markets. Most of user inputs in the CG...

5.2AI score0.00787EPSS

Exploits3

Packet Storm•added 2019/01/07 12:0 a.m.•52 views

Base Soundtouch 18.1.4 Cross Site Scripting

CWE-80 XSS Bose Soundtouch App Internal reference: - Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 18.1.4 and maybe older versions, too not tested Vulnerable component: IOS Frontend of the application Report confidence: Unconfirmed Solution status: Could be fixed by vendor?...

6.4AI score0.01058EPSS

Exploits2

NVD•added 2019/01/03 8:29 p.m.•23 views

CVE-2018-18244

Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header...

6.1CVSS6.5AI score0.00803EPSS

Exploits1References2

Cvelist•added 2019/01/03 8:0 p.m.•18 views

CVE-2018-18244

Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header...

6.5AI score0.00803EPSS

Exploits1References2

Prion•added 2018/12/26 4:29 p.m.•20 views

Cross site scripting

Cross-site scripting XSS vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0723...

4.3CVSS6.1AI score0.00772EPSS

Exploits0References1Affected Software1

Prion•added 2018/12/26 4:29 p.m.•26 views

Cross site scripting

4.3CVSS6.1AI score0.00772EPSS

Exploits0References1Affected Software1

NVD•added 2018/12/26 4:29 p.m.•21 views

CVE-2018-0723

6.1CVSS6AI score0.00772EPSS

Exploits0References1

NVD•added 2018/12/26 4:29 p.m.•12 views

CVE-2018-0724

6.1CVSS6AI score0.00772EPSS

Exploits0References1

Cvelist•added 2018/12/26 4:0 p.m.•22 views

CVE-2018-0723

6AI score0.00772EPSS

Exploits0References1

Prion•added 2018/12/21 11:29 p.m.•13 views

Cross site scripting

LimeSurvey version 3.15.5 contains a Cross-site scripting XSS vulnerability in Survey Resource zip upload, resulting in Javascript code execution against LimeSurvey administrators. Fixed in version 3.15.6...

4.3CVSS6.4AI score0.01114EPSS

Exploits0References2Affected Software1

NVD•added 2018/12/20 11:29 p.m.•15 views

CVE-2018-12651

A Reflected Cross Site Scripting XSS Vulnerability was discovered in Adrenalin 5.4 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the ShiftEmployeeSearch.aspx prntFrmName or prntDDLCntrlName parameter...

6.1CVSS6AI score0.0086EPSS

Exploits1References2

Prion•added 2018/12/20 10:29 p.m.•26 views

Design/Logic Flaw

Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with...

7.5CVSS9.5AI score0.82251EPSS

Exploits1References4Affected Software2

OSV•added 2018/12/20 10:29 p.m.•35 views

CVE-2018-17246

9.8CVSS7.2AI score

Exploits0References4

Prion•added 2018/12/20 3:29 p.m.•12 views

Cross site scripting

Microweber version = 1.0.7 contains a Cross Site Scripting XSS vulnerability in Admin login form template that can result in Execution of JavaScript code...

4.3CVSS6.1AI score0.01323EPSS

Exploits1References2Affected Software1

Prion•added 2018/12/20 3:29 p.m.•19 views

Cross site scripting

FreshDNS version 1.0.3 and prior contains a Cross Site Scripting XSS vulnerability in Account data form; Zone editor that can result in Execution of attacker's JavaScript code in victim's session. This attack appear to be exploitable via The attacker stores a specially crafted string as their Ful...

3.5CVSS5.5AI score0.00826EPSS

Exploits0References2Affected Software1

Cvelist•added 2018/12/20 3:0 p.m.•16 views

CVE-2018-1000826

Microweber version = 1.0.7 contains a Cross Site Scripting XSS vulnerability in Admin login form template that can result in Execution of JavaScript code...

6AI score0.01323EPSS

Exploits1References2

Cvelist•added 2018/12/20 3:0 p.m.•21 views

CVE-2018-1000847

5.5AI score0.00826EPSS

Exploits0References2

Cvelist•added 2018/12/17 4:0 p.m.•19 views

CVE-2018-1889

IBM Security Guardium 10.0 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152080...

5.4CVSS5.2AI score0.00968EPSS

Exploits0References3

Talos•added 2018/12/11 12:0 a.m.•63 views

Adobe Acrobat Reader DC Text Field Value Remote Code Execution Vulnerability

Summary A specific JavaScript code embedded in a PDF file can lead to a heap corruption when opening a PDF document in Adobe Acrobat Reader DC 2019.8.20071. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need t...

9.8CVSS7.1AI score0.09744EPSS

Exploits0

CVE•added 2018/11/30 2:0 p.m.•49 views

CVE-2018-0716

CVE-2018-0716 is a cross-site scripting vulnerability affecting QNAP QTS components, notably QTS 4.2.6 build 20180711 and QTS 4.3.x series (Qsync Central 3.0.2–3.0.4 and earlier). The underlying issue allows remote attackers to inject JavaScript in the compromised application. The connected docum...

6.1CVSS6.2AI score0.00772EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by