CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4739 matches found

RedhatCVE•added 2022/05/20 10:40 p.m.•21 views

CVE-2020-26280

OpenSlides is a free, Web-based presentation and assembly system for managing and projecting agenda, motions, and elections of assemblies. OpenSlides version 3.2, due to unsufficient user input validation and escaping, it is vulnerable to persistant cross-site scripting XSS. In the web applicatio...

8.9CVSS2.4AI score0.01104EPSS

Exploits0References1

CNVD•added 2022/05/20 12:0 a.m.•15 views

Erudika Para Cross-Site Scripting Vulnerability

Erudika Para is a command-line interface from the Bulgarian company Erudika. cross-site scripting vulnerability exists in versions prior to Erudika Para v1.45.11, which stems from a function in Utils.java that lacks filtering and escaping for user data. An attacker could use this vulnerability to...

4.3CVSS4.4AI score0.00917EPSS

Exploits1Affected Software1

CNVD•added 2022/05/20 12:0 a.m.•17 views

Cisco UCS Director Cross-Site Scripting Vulnerability (CNVD-2022-68519)

Cisco UCS Director is a private cloud infrastructure-as-a-service IaaS heterogeneous platform from Cisco Cisco U.S. A cross-site scripting vulnerability exists in versions prior to Cisco UCS Director 6.6, which stems from a lack of data validation filtering of user-supplied data and output. An...

3.5CVSS2.4AI score0.00536EPSS

Exploits0Affected Software1

CNVD•added 2022/05/18 12:0 a.m.•20 views

Cybozu Garoon Cross-Site Scripting Vulnerability (CNVD-2022-54340)

Cybozu Garoon is a portal-based OA office system from Cybozu Japan. A cross-site scripting vulnerability exists in Cybozu Garoon, which is caused by a failure to adequately clean user-supplied data in the scheduler. An attacker could exploit the vulnerability to execute JavaScript code on the...

4.8CVSS2.5AI score0.00485EPSS

Exploits0References1

CNVD•added 2022/05/18 12:0 a.m.•31 views

WordPress BulletProof Securitys plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. WordPress BulletProof Securitys plugin versions prior to 6.1 have a cross-site scripting vulnerability that...

4.8CVSS1.1AI score0.00565EPSS

Exploits1References1

CNVD•added 2022/05/18 12:0 a.m.•14 views

Atmail Cross-Site Scripting Vulnerability (CNVD-2022-66695)

Atmail is an email hosting service from Atmail. Atmail version 6.5.0 contains a cross-site scripting vulnerability that originates from an incorrect parameter in index.php/admin/index/ and can be exploited to execute JavaScript code...

4.3CVSS3.3AI score0.0395EPSS

Exploits0Affected Software1

CNVD•added 2022/05/18 12:0 a.m.•26 views

GNUBOARD5 Cross-Site Scripting Vulnerability (CNVD-2022-70083)

GNUBOARD5 is a PHP and MySQL-based Web forum system. GNUBOARD5 versions 5.55 and 5.56 are vulnerable to a cross-site scripting vulnerability, which originates in bbs/memberconfirm.php and lacks a data validation filter for user-supplied data and output. An attacker could exploit this vulnerabilit...

4.3CVSS3.4AI score0.0067EPSS

Exploits1Affected Software1

OSV•added 2022/05/17 3:25 a.m.•26 views

GHSA-92MR-V722-F48M Improper Input Validation in Jupyter Notebook

The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types...

9.8CVSS6.9AI score0.01685EPSS

Exploits0References11

OSV•added 2022/05/17 12:23 a.m.•8 views

GHSA-V3H2-4J2R-WQJ8 Ignite Realtime Openfire Server has Cross-site Scripting vulnerability in admin console

The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protection...

4.8CVSS5.6AI score0.00728EPSS

Exploits0References3

OSV•added 2022/05/17 12:20 a.m.•15 views

GHSA-7WFQ-WMX2-3WR4 Withdrawn Advisory: Home Assistant Frontend XSS Vulnerability

Withdrawn Advisory This advisory has been withdrawn because we cannot confirm home-assistant-frontend is or was ever published to npm. Original Description In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS...

6.1CVSS6.2AI score0.00772EPSS

Exploits0References3

Prion•added 2022/05/16 6:15 p.m.•13 views

Cross site scripting

The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code...

4.3CVSS6.6AI score0.00817EPSS

Exploits0References2Affected Software16

CVE•added 2022/05/16 5:13 p.m.•86 views

CVE-2021-27442

The CVE-2021-27442 entry describes a cross-site scripting vulnerability in Weintek EasyWeb cMT (Weintek cMT product line). The issue is triggered in cross-site scripting during web page generation, allowing an unauthenticated remote attacker to inject JavaScript. Affected products include cMT mod...

9.4CVSS6.7AI score0.00817EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2022/05/16 5:13 p.m.•4 views

CVE-2021-27442 Weintek EasyWeb cMT Cross-site Scripting

The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code...

9.4CVSS6.3AI score0.00817EPSS

Exploits0References2

Cvelist•added 2022/05/16 5:13 p.m.•11 views

CVE-2021-27442 Weintek EasyWeb cMT Cross-site Scripting

The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code...

9.4CVSS8.9AI score0.00817EPSS

Exploits0References2

CNVD•added 2022/05/16 12:0 a.m.•17 views

InHand Networks InRouter302跨站脚本漏洞

InHand Networks InRouter Series is a series of routers from InHand Networks, U.S.A. A cross-site scripting vulnerability exists in InHand Networks InRouter302 V3.5.4, which can be exploited by attackers to cause arbitrary Javascript code...

6.1CVSS3.1AI score0.01362EPSS

Exploits1References1

OSV•added 2022/05/14 3:49 a.m.•15 views

GHSA-H7VH-6GMM-G7H9 Stored XSS in LavaLite 5.2.4

LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code...

5.4CVSS5.2AI score0.00734EPSS

Exploits0References2

Github Security Blog•added 2022/05/14 3:49 a.m.•21 views

Stored XSS in LavaLite 5.2.4

LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code...

5.4CVSS6.3AI score0.00734EPSS

Exploits0References3Affected Software1

OSV•added 2022/05/14 3:41 a.m.•7 views

GHSA-94HC-7QC9-34RF Canvs Canvas XSS Vulnerability

Canvs Canvas version 3.4.2 contains a Cross Site Scripting XSS vulnerability in User's details that can result in denial of service and execution of javascript code...

5.4CVSS5.5AI score0.00798EPSS

Exploits1References3

Github Security Blog•added 2022/05/14 3:41 a.m.•19 views

Dolibarr ERP and CRM contain XSS Vulnerability

Dolibarr version 6.0.2 contains a Cross Site Scripting XSS vulnerability in Product details that can result in execution of javascript code. The maintainers state that the issue is fixed in version 7.0.0...

5.4CVSS5.2AI score0.00935EPSS

Exploits1References4Affected Software1

Github Security Blog•added 2022/05/14 3:41 a.m.•11 views

Cross site scripting in Croogo

Croogo versions before 4.x contain a Cross Site Scripting XSS vulnerability in Page name that can result in execution of javascript code...

5.4CVSS5.3AI score0.00781EPSS

Exploits1References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by