CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4739 matches found

CNVD•added 2022/06/27 12:0 a.m.•28 views

74cms Cross-Site Scripting Vulnerability (CNVD-2022-58894)

74cms is a PHP and MySQL-based online recruitment system from China Xunyi Technology Co. 74cmsSE version v3.5.1 contains a cross-site scripting vulnerability, which originates from the lack of user-supplied data and output data validation filtering in /index/notice/show. An attacker could exploit...

4.3CVSS3.3AI score0.00568EPSS

Exploits1Affected Software1

CNVD•added 2022/06/27 12:0 a.m.•37 views

74cms cross-site scripting vulnerability (CNVD-2022-58888)

74cms is a PHP and MySQL-based online recruitment system from China Xunyi Technology Company. 74cmsSE version v3.5.1 contains a cross-site scripting vulnerability that originates from the path /company/account/safety/trade lack of data validation filtering of user-supplied data and output. An...

4.3CVSS3.3AI score0.00568EPSS

Exploits1Affected Software1

CNVD•added 2022/06/27 12:0 a.m.•22 views

74cms cross-site scripting vulnerability (CNVD-2022-58889)

74cms is a PHP and MySQL-based online recruitment system from China Xunyi Technology. 74cmsSE version v3.5.1 contains a cross-site scripting vulnerability that originates from the path /company/downresume/total/nature lack of data validation filtering of user-supplied data and output. An attacker...

4.3CVSS3.2AI score0.00568EPSS

Exploits1Affected Software1

CNVD•added 2022/06/27 12:0 a.m.•26 views

Jenkins Cross-Site Scripting Vulnerability (CNVD-2022-65922)

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins suffers from a cross-site scripting vulnerability that stems from the title attribute and alt attribute not being...

4.3CVSS2.2AI score0.01243EPSS

Exploits0Affected Software2

CNVD•added 2022/06/27 12:0 a.m.•22 views

Jenkins Cross-Site Scripting Vulnerability (CNVD-2022-65924)

Jenkins is an application of the Jenkins open source. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins suffers from a cross-site scripting vulnerability that stems from the fact that the help icon does not...

4.3CVSS1.8AI score0.01243EPSS

Exploits0Affected Software2

CNVD•added 2022/06/27 12:0 a.m.•19 views

PMB Cross-Site Scripting Vulnerability

PMB is a 100% free reference tool for document management from the PMB Services team. A cross-site scripting vulnerability exists in PMB version 7.3.10, which stems from missing filtering and escaping of the id parameter in index.php. An attacker could exploit this vulnerability to execute...

4.3CVSS3.5AI score0.01785EPSS

Exploits1Affected Software1

CNVD•added 2022/06/27 12:0 a.m.•28 views

74cms Cross-Site Scripting Vulnerability (CNVD-2022-58890)

74cms is a PHP and MySQL-based online recruitment system from China Xunyi Technology Company. 74cmsSE version v3.5.1 contains a cross-site scripting vulnerability, which originates from the path /company/service/increment/add/im missing data validation filters for user-supplied data and output. A...

4.3CVSS3.4AI score0.00568EPSS

Exploits1Affected Software1

CNVD•added 2022/06/27 12:0 a.m.•33 views

74cms Cross-Site Scripting Vulnerability (CNVD-2022-58893)

74cms is a PHP and MySQL-based online recruitment system from China Xunyi Technology Company. 74cms version v3.5.1 contains a cross-site scripting vulnerability, which originates from the path /index/jobfairol/show/ lack of data validation filtering for user-supplied data and output. An attacker...

4.3CVSS3.3AI score0.00568EPSS

Exploits1Affected Software1

CNVD•added 2022/06/24 12:0 a.m.•32 views

Jenkins Image Tag Parameter Plugin Cross-Site Scripting Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plug-ins to support building, deploying, and automating any project. cross-site scripting vulnerability exists in Jenkins Image Tag Parameter Plug...

3.5CVSS1.6AI score0.00553EPSS

Exploits0Affected Software1

CNVD•added 2022/06/24 12:0 a.m.•34 views

Jenkins Stash Branch Parameter Plugin跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exis...

5.4CVSS1.9AI score0.00653EPSS

Exploits0References1

CNVD•added 2022/06/24 12:0 a.m.•14 views

Zoo Management System Cross-Site Scripting Vulnerability

Zoo Management System is a zoo management system. version 1.0 of Zoo Management System is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit this vulnerability to execute JavaScript cod...

4.3CVSS4AI score0.00783EPSS

Exploits3Affected Software1

CNVD•added 2022/06/23 12:0 a.m.•20 views

Unioncms Cross-Site Scripting Vulnerability

Unioncms is a content management system of China Union Capital Network Technology Unioncms Company. Unioncms v1.0.13 version of a cross-site scripting vulnerability, an attacker can exploit the vulnerability in the client to execute JavaScript code...

5.4CVSS5.3AI score0.00372EPSS

Exploits1References1

CNVD•added 2022/06/23 12:0 a.m.•28 views

Contec SolarView Compact Cross-Site Scripting Vulnerability (CNVD-2022-61892)

Contec SolarView Compact is an application from Contec Japan, Inc. Contec SolarView Compact v6.0 contains a cross-site scripting vulnerability that originates in the component SolarAiConf.php, which lacks a data validation filter for user-supplied data and output. An attacker could exploit this...

6.1CVSS3.1AI score0.04248EPSS

Exploits1References1

The Hacker News•added 2022/06/22 10:8 a.m.•27 views

Newly Discovered Magecart Infrastructure Reveals the Scale of Ongoing Campaign

A newly discovered Magecart skimming campaign has its roots in a previous attack activity going all the way back to November 2021. To that end, it has come to light that two malware domains identified as hosting credit card skimmer code — "scanalytic.org" and "js.staticounter.net" — are part of a...

7.1AI score

Exploits0

CNVD•added 2022/06/22 12:0 a.m.•18 views

Mautic Cross-Site Scripting Vulnerability

Mautic is a marketing automation software. The software monitors and manages websites, sends emails and manages customer resources. A cross-site scripting vulnerability exists in Mautic versions prior to 4.3.0, which can be exploited by an attacker to execute JavaScript code on the client side...

9.6CVSS6.1AI score0.6118EPSS

Exploits0References1

CNVD•added 2022/06/22 12:0 a.m.•23 views

Microweber Cross-Site Scripting Vulnerability

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A cross-site scripting vulnerability exists in Microweber versions prior to 1.2.17, whic...

6.5CVSS6AI score0.02907EPSS

Exploits1References1

CNVD•added 2022/06/21 12:0 a.m.•16 views

InvenTree Cross-Site Scripting Vulnerability

InvenTree is an open source inventory management system from InvenTree Open Source. Provides powerful low-level inventory control and parts tracking . A cross-site scripting vulnerability exists in InvenTree versions prior to 0.7.2, which stems from the application's lack of filtering and escapin...

8.4CVSS5.2AI score0.00734EPSS

Exploits1References1

CNVD•added 2022/06/21 12:0 a.m.•21 views

Trendnet IP-110wn prefix parameter cross-site scripting vulnerability

Trendnet IP-110wn is a wireless network camera from Trendnet. A cross-site scripting vulnerability exists in the Trendnet IP-110wn camera fwtv-ip110wnv2 1.2.2.68 version, which stems from a lack of checksum filtering of user-supplied and output data in the prefix parameter in /admin/general.cgi. ...

6.1CVSS6AI score0.00655EPSS

Exploits1References1

CNVD•added 2022/06/20 12:0 a.m.•19 views

Online Fire Reporting System跨站脚本漏洞

Online Fire Reporting System is an online fire reporting system from Carlo Montero's personal developer. Online Fire Reporting System v1.0 is vulnerable to a cross-site scripting vulnerability that originates in /ofrs/classes/Master.php due to a lack of data validation of user-supplied The...

4.8CVSS3.1AI score0.00466EPSS

Exploits1References1

CNVD•added 2022/06/17 12:0 a.m.•20 views

WordPress Hotel Booking plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Hotel Booking plugin 3.0 and earlier versions contain a cross-site scripting vulnerability. An...

5.4CVSS1.4AI score0.00482EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by