CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4739 matches found

Cvelist•added 2018/03/12 9:0 p.m.•23 views

CVE-2018-7563

An issue was discovered in GLPI through 9.2.1. The application is affected by XSS in the query string to front/preference.php. An attacker is able to create a malicious URL that, if opened by an authenticated user with debug privilege, will execute JavaScript code supplied by the attacker. The...

6.4AI score0.01111EPSS

Exploits0References2

CNVD•added 2018/03/07 12:0 a.m.•2 views

Magento cross-site scripting vulnerability (CNVD-2018-04517)

Magento is an open source PHP e-commerce system from Magento, which provides permission management, search engine and payment gateway. Magento has a cross-site scripting vulnerability that can be exploited by attackers to inject malicious JavaScript script code...

6.3AI score

Exploits0References1

Prion•added 2018/03/06 3:29 p.m.•17 views

Design/Logic Flaw

PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 Application is vulnerable to stored XSS within the "Add New" function for a Management User. Within the "Add New" section, the application does not sanitize user supplied input to the name parameter, and renders injected JavaScript...

3.5CVSS5.1AI score0.00568EPSS

Exploits2References1Affected Software1

Cvelist•added 2018/03/06 3:0 p.m.•19 views

CVE-2018-7650

5AI score0.00548EPSS

Exploits1References1

Prion•added 2018/03/05 4:29 p.m.•17 views

Cross site scripting

Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Manager 4.6.1. In certain scenarios it was possible to execute arbitrary JavaScript code in the context of vulnerable application, via user.Context in the Object Selector,...

4.3CVSS6.4AI score0.008EPSS

Exploits0References2Affected Software1

CVE•added 2018/03/05 4:0 p.m.•50 views

CVE-2017-7427

CVE-2017-7427 affects Micro Focus Identity Manager/iManager Plug-in (version 2.7.7.7 and prior to 4.6.1). The vulnerability is a family of multiple cross-site scripting (XSS) flaws that allow an attacker to execute arbitrary JavaScript in the context of the vulnerable application. Exploitation pa...

6.1CVSS6.1AI score0.008EPSS

Exploits0References2Affected Software1

Cvelist•added 2018/02/27 5:0 a.m.•37 views

CVE-2018-4911

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript API related to bookmark functionality. The...

9.1AI score0.11749EPSS

Exploits0References3

CNVD•added 2018/02/26 12:0 a.m.•1 views

Facetag Cross-Site Scripting Vulnerability

Piwigo is a web-based photo album software from Piwigo team. The software supports photo publishing, management, multiple browsing categories, tags, time, etc. Facetag extension is one of the face tagging plugins. A cross-site scripting vulnerability exists in version 0.0.3 of the Piwigo Facetag...

6.1CVSS6.3AI score0.0143EPSS

Exploits1References1

Prion•added 2018/02/22 7:29 p.m.•14 views

Cross site scripting

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138821...

3.5CVSS5.1AI score0.00758EPSS

Exploits0References3Affected Software1

Prion•added 2018/02/21 9:29 p.m.•18 views

Cross site scripting

IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128461...

3.5CVSS5.2AI score0.00836EPSS

Exploits0References4Affected Software1

NVD•added 2018/02/21 9:29 p.m.•15 views

CVE-2017-1604

IBM Maximo Anywhere 7.5 and 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132851...

5.4CVSS5.3AI score0.00758EPSS

Exploits0References3

Prion•added 2018/02/21 1:29 a.m.•14 views

Cross site scripting

An issue was discovered on RLE Wi-MGR/FDS-Wi 6.2 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP...

4.3CVSS6.2AI score0.00793EPSS

Exploits1References1Affected Software2

Cvelist•added 2018/02/21 1:0 a.m.•24 views

CVE-2018-7278

An issue was discovered on RLE Protocol Converter FDS-PC / FDS-PC-DP 2.1 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP...

6.3AI score0.00793EPSS

Exploits1References1

Cvelist•added 2018/02/21 1:0 a.m.•17 views

CVE-2018-7277

6.3AI score0.00793EPSS

Exploits1References1

Prion•added 2018/02/09 11:29 p.m.•11 views

Cross site scripting

Dolibarr version 6.0.2 contains a Cross Site Scripting XSS vulnerability in Product details that can result in execution of javascript code...

3.5CVSS5.3AI score0.00921EPSS

Exploits1References1Affected Software1

NVD•added 2018/02/09 11:29 p.m.•17 views

CVE-2017-1000507

Canvs Canvas version 3.4.2 contains a Cross Site Scripting XSS vulnerability in User's details that can result in denial of service and execution of javascript code...

5.4CVSS5.5AI score0.00785EPSS

Exploits1References1

NVD•added 2018/02/09 11:29 p.m.•31 views

CVE-2017-1000509

Dolibarr version 6.0.2 contains a Cross Site Scripting XSS vulnerability in Product details that can result in execution of javascript code...

5.4CVSS5.3AI score0.00921EPSS

Exploits1References1

Prion•added 2018/02/09 11:29 p.m.•14 views

Cross site scripting

Mautic version 2.11.0 and earlier contains a Cross Site Scripting XSS vulnerability in Company's name that can result in denial of service and execution of javascript code...

4.3CVSS6.1AI score0.01107EPSS

Exploits1References1Affected Software1

Prion•added 2018/02/09 11:29 p.m.•15 views

Cross site scripting

Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripting XSS vulnerability in Page name that can result in execution of javascript code...

3.5CVSS5.3AI score0.00769EPSS

Exploits1References1Affected Software1

Prion•added 2018/02/09 11:29 p.m.•16 views

Cross site scripting

Invoice Plane version 1.5.4 and earlier contains a Cross Site Scripting XSS vulnerability in Client's details that can result in execution of javascript code . This vulnerability appears to have been fixed in 1.5.5 and later...

4.3CVSS6.2AI score0.01059EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by