CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3107 matches found

CVE•added 2025/02/06 7:27 p.m.•54 views

CVE-2024-52892

IBM Jazz for Service Management versions 1.1.3–1.1.3.23 are affected by CVE-2024-52892 due to a cross-site scripting vulnerability in the Web UI (via the searchWord parameter on the static help page). The vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript, potentially ...

6.1CVSS6.1AI score0.0071EPSS

Exploits0References1Affected Software1

NVD•added 2025/02/06 6:15 p.m.•7 views

CVE-2025-24981

MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. In affected versions unsafe parsing logic of the URL from markdown can lead to arbitrary JavaScript code due to a bypass to the existing guards around the javascript: protocol scheme in the URL. Th...

9.3CVSS0.00043EPSS

Exploits0References3

CNVD•added 2025/02/06 12:0 a.m.•6 views

IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2025-02824)

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A cross-site scripting...

6.4CVSS6.1AI score0.00129EPSS

Exploits0References1

CNVD•added 2025/02/06 12:0 a.m.•8 views

IBM Maximo Application Suite Cross-Site Scripting Vulnerability (CNVD-2025-02820)

IBM Maximo Application Suite is a single platform for intelligent asset management, monitoring, maintenance, computer vision, security and reliability from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Maximo Application Suite version 9.0.0. The...

6.1CVSS6.2AI score0.00242EPSS

Exploits0References1

Cvelist•added 2025/02/05 11:35 p.m.•16 views

CVE-2024-49793 IBM ApplinX Cross-Site Scripting

IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.4CVSS0.00124EPSS

Exploits0References1

Vulnrichment•added 2025/02/05 11:33 p.m.•9 views

CVE-2024-49792 IBM ApplinX Cross-Site Scripting

5.4CVSS5.2AI score0.00135EPSS

Exploits0References1

Cvelist•added 2025/02/05 11:26 p.m.•11 views

CVE-2024-49791 IBM ApplinX Cross-Site Scripting

6.4CVSS0.00135EPSS

Exploits0References1

Vulnrichment•added 2025/02/05 11:26 p.m.•6 views

CVE-2024-49791 IBM ApplinX Cross-Site Scripting

6.4CVSS6AI score0.00135EPSS

Exploits0References1

RedhatCVE•added 2025/02/05 10:52 p.m.•7 views

CVE-2022-1571

Cross-site scripting - Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. This vulnerability can be arbitrarily executed javascript code to steal user'cookie, perform HTTP request, get content of same origin page, etc...

9.9CVSS6.5AI score0.00322EPSS

Exploits1References1

Cvelist•added 2025/02/05 10:43 p.m.•12 views

CVE-2024-38317 IBM Aspera Shares Cross-Site Scripting

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

4.8CVSS0.00127EPSS

Exploits0References1

Vulnrichment•added 2025/02/05 10:43 p.m.•14 views

CVE-2024-38317 IBM Aspera Shares Cross-Site Scripting

4.8CVSS6.3AI score0.00127EPSS

Exploits0References1

RedhatCVE•added 2025/02/05 1:6 p.m.•5 views

CVE-2024-25648

A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. A...

8.8CVSS7.3AI score0.02641EPSS

Exploits1References1

CVE•added 2025/02/05 11:28 a.m.•54 views

CVE-2024-52365

CVE-2024-52365 affects IBM Cloud Pak for Business Automation (versions 18.0.0 through 22.0.2). Description confirms a stored cross-site scripting vulnerability that could allow authenticated users to embed arbitrary JavaScript in the Web UI, potentially disclosing credentials within a trusted ses...

6.4CVSS6.1AI score0.00151EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/02/05 11:28 a.m.•9 views

CVE-2024-52365 IBM Cloud Pak for Business Automation cross-site scripting

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thu...

6.4CVSS6AI score0.00151EPSS

Exploits0References1

Cvelist•added 2025/02/05 11:22 a.m.•15 views

CVE-2024-52364 IBM Cloud Pak for Business Automation cross-site scripting

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus...

5.4CVSS0.00518EPSS

Exploits0References1

Vulnrichment•added 2025/02/05 11:22 a.m.•10 views

CVE-2024-52364 IBM Cloud Pak for Business Automation cross-site scripting

5.4CVSS5.3AI score0.00518EPSS

Exploits0References1

RedhatCVE•added 2025/02/05 1:0 a.m.•5 views

CVE-2024-28798

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

7.2CVSS5.9AI score0.00296EPSS

Exploits0References1

RedhatCVE•added 2025/02/05 12:54 a.m.•4 views

CVE-2024-37166

ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting XSS vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version 2.0.0 contains updated...

8.9CVSS5.4AI score0.00213EPSS

Exploits0

NVD•added 2025/02/04 9:15 p.m.•4 views

CVE-2024-40700

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...

6.1CVSS0.0011EPSS

Exploits0References1

Cvelist•added 2025/02/04 8:36 p.m.•6 views

CVE-2024-40700 IBM Security Verify Access cross-site scripting

6.1CVSS0.0011EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by