CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4981 matches found

Veracode•added 2018/09/04 2:59 a.m.•14 views

Cross-site Scripting (XSS)

mayan-edms is vulnerable to cross-site scripting XSS attacks. The library does not properly escape tag labels, allowing a malicious user to inject and execute arbitrary Javascript...

6.1CVSS6AI score0.0029EPSS

Exploits1References3Affected Software1

Veracode•added 2018/09/03 7:23 a.m.•17 views

Cross-site Scripting (XSS)

exceljs is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize the cells in the table, allowing a malicious user to inject and execute arbitrary Javascript...

6.1CVSS5.9AI score0.00174EPSS

Exploits1References2Affected Software1

Hacker One•added 2018/08/30 2:29 a.m.•31 views

X (Formerly Twitter): HTTPS is not validating TLS mac codes

https://twitterflightschool.com is prone to POODLE and also a stronger variant of POODLE which allows a MITM attacker to actively decrypt bytes from an HTTPS request. This attack is possible because the device terminating this TLS connection responds differently to a bad record mac when the last...

5.8AI score

Exploits0

CNVD•added 2018/08/28 12:0 a.m.•2 views

QNAP Photo Station Cross-Site Scripting Vulnerability

QNAP Photo Station is a web-based photo album application from QNAP Systems that supports organizing and sharing photos and movies on a NAS over the Internet. A cross-site scripting vulnerability exists in QNAP Photo Station 5.7.0 and prior versions. A remote attacker can exploit the vulnerabilit...

6.1CVSS6AI score0.06683EPSS

Exploits5References1

OSV•added 2018/08/27 1:29 p.m.•1 views

CVE-2018-0715

Cross-site scripting vulnerability in QNAP Photo Station versions 5.7.0 and earlier could allow remote attackers to inject Javascript code in the compromised application...

6.1CVSS5.9AI score0.06683EPSS

Exploits5References2

Hacker One•added 2018/08/27 6:36 a.m.•26 views

PortSwigger Web Security: Browser Self XSS Protection not implemented

Hi Self XSS Protection not used ,An attacker can trick users to insert JavaScript in browser console. A Self-XSS scam usually works by promising to help you access somebody else's account. Instead, the scammer tricks you into gaining access to your account for fraud, spam and tricking more people...

1AI score

Exploits0

Veracode•added 2018/08/27 6:30 a.m.•28 views

Cross-Site Scripting (XSS)

Mort Bay jetty is vulnerable to cross-site scripting XSS. The server response from a directory listing request is not sanitized and allows an attacker to inject arbitrary Javascript into a victim's browser via a ; semicolon character...

4.3CVSS8.5AI score0.0044EPSS

Exploits0References8Affected Software2

Prion•added 2018/08/25 7:29 p.m.•10 views

Cross site scripting

Cross-site scripting XSS vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status - Active Client Table" page via the hostname field in a DHCP request...

4.3CVSS6AI score0.00299EPSS

Exploits0References1Affected Software1

NVD•added 2018/08/25 7:29 p.m.•7 views

CVE-2018-15874

Cross-site scripting XSS vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status - Active Client Table" page via the hostname field in a DHCP request...

6.1CVSS6AI score0.00299EPSS

Exploits0References1

NVD•added 2018/08/25 7:29 p.m.•11 views

CVE-2018-15875

Cross-site scripting XSS vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request...

6.1CVSS6.1AI score0.00299EPSS

Exploits0References1

CVE•added 2018/08/25 7:0 p.m.•45 views

CVE-2018-15874

The connected CNVD entry describes a Cross-Site Scripting (XSS) vulnerability in D-Link DIR-615 routers using version 20.07, exploitable by injecting JavaScript into the Status → Active Client Table via the hostname field in DHCP requests. Affected component: the DHCP hostname handling on DIR-615...

6.1CVSS6AI score0.00299EPSS

Exploits0References1Affected Software1

CNVD•added 2018/08/22 12:0 a.m.•1 views

Cross-site scripting vulnerability in multiple IBM products (CNVD-2018-24626)

IBM Rational Collaborative Lifecycle Management CLM is a set of collaborative lifecycle management solutions.Rational Quality Manager RQM is a set of collaborative, web-based quality management solutions. IBM Rational Collaborative Lifecycle Management CLM is a collaborative lifecycle management...

5.4CVSS5.5AI score0.00105EPSS

Exploits0References1

Veracode•added 2018/08/20 7:17 a.m.•28 views

Cross-Site Scripting (XSS)

This is Due to the unescaped quotes in dojox/Grid/DataGrid when editing rows, which would allow an attacker to inject arbitrary HTML and Javascript into a victim's browser. Which makes dojox vulnerable to cross-site scripting...

9.8CVSS8.9AI score0.00704EPSS

Exploits2References4Affected Software2

NVD•added 2018/08/16 6:29 p.m.•10 views

CVE-2018-10139

The PAN-OS response for GlobalProtect Gateway in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. PAN-OS 8.1 is NOT affected...

6.1CVSS6.3AI score0.00764EPSS

Exploits0References3

OSV•added 2018/08/16 6:29 p.m.•2 views

CVE-2018-10139

6.1CVSS5.9AI score0.00764EPSS

Exploits0References3

Cvelist•added 2018/08/16 6:0 p.m.•13 views

CVE-2018-10139

6.3AI score0.00764EPSS

Exploits0References3

CNVD•added 2018/08/09 12:0 a.m.•2 views

IBM Rhapsody Model Manager Cross-Site Scripting Vulnerability

IBM Rhapsody Model Manager is a suite of collaborative design model management software from IBM. The software supports the use of centralized system repositories for storing, sharing, searching and managing design models, as well as automated software design reviews. A cross-site scripting...

5.4CVSS5.6AI score0.00182EPSS

Exploits0References1

CNVD•added 2018/08/03 12:0 a.m.•1 views

IBM Maximo Asset Management Cross-Site Scripting Vulnerability (CNVD-2018-14693)

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. A cross-site...

5.4CVSS5.6AI score0.00216EPSS

Exploits0References1

CNVD•added 2018/07/27 12:0 a.m.•5 views

WordPress Mondula Multi Step Form Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . Mondula Multi Step Form is used in one of the drag-and-drop form builder plugin . A cross-site scripting...

6.1CVSS6.2AI score0.00826EPSS

Exploits2References1

CNVD•added 2018/07/24 12:0 a.m.•1 views

IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2018-13986)

IBM Sterling B2B Integrator is a suite of software from IBM USA that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A cross-site scripting vulnerability exists in IBM Sterling B...

5.4CVSS5.4AI score0.02374EPSS

Exploits4References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by