CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5006 matches found

Prion•added 2021/12/20 3:15 a.m.•12 views

Cross site scripting

Chain Sea ai chatbot backend has improper filtering of special characters in URL parameters, which allows a remote attacker to perform JavaScript injection for XSS reflected Cross-site scripting attack without authentication...

4.3CVSS6.1AI score0.00192EPSS

Exploits0References1

CNNVD•added 2021/12/20 12:0 a.m.•2 views

Chain Sea Ai Chatbot System跨站脚本漏洞

Chain Sea Ai Chatbot System is an intelligent human customer service software from Chain Sea, China. Chain Sea Ai Chatbot System is vulnerable to a cross-site scripting vulnerability, which is caused by the product not filtering special characters in URL parameters and can be exploited for JS...

6.1CVSS5.2AI score0.00192EPSS

Exploits0References1

CNNVD•added 2021/12/14 12:0 a.m.•2 views

UiPath Assistant 注入漏洞

UiPath Assistant is a specialized tool for UiPath designed to make it easy and fun for users to interact with bots from the desktop. UiPath Assistant 21.4.4 suffers from a security vulnerability that stems from user control data provided to the --process-start parameter of the uipath-assistant://...

9.8CVSS8.4AI score0.00607EPSS

Exploits0References2

CNVD•added 2021/12/13 12:0 a.m.•20 views

Fortinet FortiWeb Cross-Site Scripting Vulnerability (CNVD-2021-99662)

Fortinet FortiWeb is a Web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures Web applications and protects sensitive database content. A cross-site scripting vulnerability exists,...

6.1CVSS0.6AI score0.00374EPSS

Exploits0References1

Snyk•added 2021/12/08 3:18 p.m.•1 views

Malicious Package

Overview discordjs-lofy is a malicious package. This package injecting malicious Javascript code into the Discord client. Remediation Avoid using all malicious instances of the discordjs-lofy package...

9.8CVSS7.1AI score

Exploits0References2

Veracode•added 2021/12/02 2:16 p.m.•14 views

Cross-Site Scripting (XSS)

kevinpapst/kimai2 is vulnerable to cross-site scripting. The vulnerability exists in commentContent function of MarkdownExtension.php because the markdown doesn't use safe mode which allows an attacker to inject and execute arbitrary javascript...

9CVSS3.3AI score0.00433EPSS

Exploits1References4Affected Software1

Veracode•added 2021/12/02 2:48 a.m.•17 views

Cross-site Scripting (XSS)

kevinpapst/kimai2 is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the project, customer, and activity attributes in the setEntries function of KimaiRecentActivities.js as it does not properly escape the user inputs...

6.1CVSS2.8AI score0.00206EPSS

Exploits1References4Affected Software1

CNNVD•added 2021/12/02 12:0 a.m.•2 views

IBM Cognos Analytics 跨站脚本漏洞

IBM Cognos Analytics is a business intelligence software from IBM Corporation. The software includes reports, dashboards and scorecards, and can assist companies in adjusting their decisions by analyzing content such as key factors and key people. IBM Cognos Analytics has a security vulnerability...

6.1CVSS5.9AI score0.00239EPSS

Exploits0References5

Veracode•added 2021/11/30 3:20 p.m.•16 views

Cross Site Scripting (XSS)

@backstage/plugin-auth-backend is vulnerable to Cross Site Scripting. The vulnerability exists in makeCreateEnv of index.ts because the code doesn't enable authorization which allows an attacker to inject and execute arbitrary javascript...

7.4CVSS3.3AI score0.00311EPSS

Exploits0References4Affected Software1

Cvelist•added 2021/11/30 11:28 a.m.•11 views

CVE-2021-42119 Stored XSS in Search Function in TopEase

Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 via the Search Functionality allows authenticated users with Object Modification privileges to inject arbitrary HTML and JavaScript in object attributes, which is then...

7.3CVSS7.1AI score0.00416EPSS

Exploits0References1

OSV•added 2021/11/23 8:15 p.m.•0 views

CVE-2021-36332

Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, directing end user to arbitrary and potentially malicious websites...

5.4CVSS5.9AI score

Exploits0References1

NVD•added 2021/11/23 8:15 p.m.•10 views

CVE-2021-36332

5.4CVSS0.00112EPSS

Exploits0References1

Cvelist•added 2021/11/23 8:0 p.m.•14 views

CVE-2021-36332

5.4CVSS5.9AI score0.00112EPSS

Exploits0References1

CVE•added 2021/11/23 8:0 p.m.•36 views

CVE-2021-36332

CVE-2021-36332 affects Dell EMC CloudLink 7.1 and earlier. The issue is a HTML/JavaScript injection (input validation) vulnerability that could be exploited remotely by a low-privilege attacker to redirect end users to arbitrary or malicious websites. Multiple connected sources corroborate the vu...

5.4CVSS5.6AI score0.00112EPSS

Exploits0References1Affected Software1

Veracode•added 2021/11/23 3:58 a.m.•17 views

Cross-site Scripting (XSS)

plupload is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the file.name field as it does not properly encode the user input file name...

6.1CVSS1.9AI score0.0024EPSS

Exploits1References3Affected Software1

Veracode•added 2021/11/18 6:26 a.m.•35 views

Cross-Site Scripting (XSS)

ckeditor4 is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization of HTML in the Advance Content Filter ACF module which allows an attacker to inject maliciously crafted HTML containing Javascript code...

8.2CVSS1.4AI score0.00076EPSS

Exploits0References10Affected Software2

OSV•added 2021/11/15 10:15 a.m.•1 views

CVE-2021-42838

Grand Vice info Co. webopac7 book search field parameter does not properly restrict the input of special characters, thus unauthenticated attackers can inject JavaScript syntax remotely, and further perform reflective XSS attacks...

6.1CVSS5.8AI score0.00496EPSS

Exploits0References1

Prion•added 2021/11/15 10:15 a.m.•9 views

Cross site scripting

4.3CVSS6.1AI score0.00496EPSS

Exploits0References1Affected Software1

Packet Storm•added 2021/11/15 12:0 a.m.•287 views

PHP Laravel 8.70.1 Cross Site Request Forgery / Cross Site Scripting

Exploit Title: PHP Laravel 8.70.1 - Cross Site Scripting XSS to Cross Site Request Forgery CSRF Date: 14/11/2021 Exploit Author: Hosein Vita Vendor Homepage: https://laravel.com/ Software Link: https://laravel.com/docs/4.2 Version: Laravel Framework 8.70.1 Tested on: Windows/Linux Description: We...

7.1AI score

Exploits0

CNNVD•added 2021/11/15 12:0 a.m.•4 views

欣学英资讯 webopac7 跨站脚本漏洞

XinXueYing Info Webopac7 is an online public access catalog of China XinXueYing Info. It is used for users to access library services over the Internet. A cross-site scripting vulnerability exists in XinXueYing Info webopac7, which originates from a book search field parameter that does not...

6.1CVSS5.9AI score0.00496EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by