CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4979 matches found

CNVD•added 2018/07/18 12:0 a.m.•2 views

Atlassian JIRA Server Cross-Site Scripting Vulnerability (CNVD-2018-18120)

Atlassian JIRA Server is a defect tracking management system from Atlassian Australia. The system is mainly used to track and manage all kinds of problems and defects in the work. A cross-site scripting vulnerability exists in the IncomingMailServers resource in Atlassian JIRA Server. A remote...

6.1CVSS5.9AI score0.00191EPSS

Exploits0References1

OSV•added 2018/07/16 8:29 p.m.•1 views

CVE-2017-17541

A Cross-site Scripting XSS vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature...

6.1CVSS5.8AI score

Exploits0References3

NVD•added 2018/07/16 1:29 p.m.•14 views

CVE-2018-5229

The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the name of user submitted add-on names...

5.4CVSS5.2AI score0.00175EPSS

Exploits0References1

Exploit DB•added 2018/07/16 12:0 a.m.•29 views

macOS/iOS - JavaScript Injection Bug in OfficeImporter

QuickLook is a widely used feature in macOS/iOS which allows you to preview various formats such as pdf, docx, pptx, etc. The way it uses to show office files is quite interesting. First it parses the office file and converts it to HTML code using OfficeImport and renders it using WebKit. The...

7AI score

Exploits0

exploitpack•added 2018/07/16 12:0 a.m.•19 views

macOSiOS - JavaScript Injection Bug in OfficeImporter

macOSiOS - JavaScript Injection Bug in OfficeImporter QuickLook is a widely used feature in macOS/iOS which allows you to preview various formats such as pdf, docx, pptx, etc. The way it uses to show office files is quite interesting. First it parses the office file and converts it to HTML code...

0.2AI score

Exploits0

0day.today•added 2018/07/16 12:0 a.m.•30 views

macOS / iOS - JavaScript Injection Bug in OfficeImporter Exploit

Exploit for multiple platform in category dos / poc QuickLook is a widely used feature in macOS/iOS which allows you to preview various formats such as pdf, docx, pptx, etc. The way it uses to show office files is quite interesting. First it parses the office file and converts it to HTML code usi...

Exploits0

Hacker One•added 2018/07/13 10:22 a.m.•81 views

Shopify: Preview bar: Incomplete message origin validation results in XSS

The JavaScript code at https://cdn.shopify.com/s/assets/storefront/bars/previewbarinjector-73a4756a265c637c998799750759ae548e7f68b136e8e93e83132904afc3d30d.js loaded by the shop front when a theme is previewed installs a message event listener. The following check is used to reject invalid event...

5.9AI score

Exploits0

CNVD•added 2018/07/11 12:0 a.m.•1 views

IBM Rational Team Concert Cross-Site Scripting Vulnerability (CNVD-2018-23254)

IBM Rational Team Concert RTC is the U.S. IBM's set of Jazz-based platform and support for decentralized teams for real-time collaboration related to software lifecycle management solutions. A cross-site scripting vulnerability exists in IBM RTC versions 5.0 through 5.0.2 and 6.0 through 6.0.5. A...

5.4CVSS5.5AI score0.0018EPSS

Exploits0References1

CNVD•added 2018/07/11 12:0 a.m.•1 views

IBM Rational Quality Manager Cross-Site Scripting Vulnerability (CNVD-2018-23251)

IBM Rational Quality Manager is the collaborative center for business-driven software and system quality across virtually any platform and any type of test. The software helps teams seamlessly share information, use automation to accelerate projects, and report metrics for targeted release...

5.4CVSS5.5AI score0.00182EPSS

Exploits0References1

CNVD•added 2018/07/11 12:0 a.m.•2 views

Fortinet FortiAnalyzer Cross-Site Scripting Vulnerability (CNVD-2018-13761)

Fortinet FortiManager and FortiAnalyzer are both products of Fortinet, Inc. Fortinet FortiManager is a centralized network security management solution.FortiAnalyzer is a centralized network security reporting solution. A cross-site scripting vulnerability exists in Fortinet FortiManager version...

6.1CVSS6.1AI score0.00166EPSS

Exploits0References1

CNVD•added 2018/07/11 12:0 a.m.•1 views

IBM Rational Quality Manager Cross-Site Scripting Vulnerability (CNVD-2018-23248)

5.4CVSS5.5AI score0.00182EPSS

Exploits0References1

Hacker One•added 2018/07/10 4:20 p.m.•2209 views

Pornhub: Stored XSS on the https://www.redtube.com/users/[profile]/collections

Researcher successfully closed the image 'alt' attribute and injected javascript by submitting an XSS payload as the collection title. This led to stored cross-site scripting on the user's collections page, executed against any users who visited the user's collections. The user's favorites page w...

5.8AI score

Exploits0

CNVD•added 2018/07/10 12:0 a.m.•1 views

Stored Cross-site Scripting Vulnerabilities in Qingdao Easoft Tianchuang Ranzhi Collaboration Management System (QDTMS)

Ranch Coworking Management System is an enterprise coworking system. A stored cross-site scripting vulnerability exists in several places in Ranzhi Collaboration Management System. Attackers can insert malicious js code in the page to get user cookies and other information, resulting in user...

6.3AI score

Exploits0

CNVD•added 2018/07/09 12:0 a.m.•1 views

IBM FileNet Content Manager Cross-Site Scripting Vulnerability (CNVD-2018-13447)

IBM FileNet Content Manager is a content management solution for the FileNet P8 platform from IBM USA. The solution combines document management with ready-to-use workflow tools to manage images, video, Web content, compliance documents, and more. A cross-site scripting vulnerability exists in IB...

5.4CVSS5.6AI score0.00216EPSS

Exploits0References1

CNVD•added 2018/07/09 12:0 a.m.•0 views

Jirafeau cross-site scripting vulnerability (CNVD-2018-13451)

Jirafeau is a file sharing website system. A cross-site scripting vulnerability exists in the search file by name form in Jirafeau versions prior to 3.4.1. A remote attacker can exploit this vulnerability to inject JavaScript and manipulate the user session...

6.1CVSS6AI score0.00353EPSS

Exploits1References1

CNVD•added 2018/07/09 12:0 a.m.•1 views

IBM Planning Analytics Cross-Site Scripting Vulnerability

IBM Planning Analytics is a suite of business planning and analytics solutions from IBM USA. The solution supports automated execution of processes such as business planning, budgeting and analysis. A cross-site scripting vulnerability exists in IBM Planning Analytics versions 2.0.0 through 2.0.4...

6.1CVSS6.7AI score0.00166EPSS

Exploits0References1

CNVD•added 2018/07/05 12:0 a.m.•1 views

IBM RQM/RCLM Cross-Site Scripting Vulnerability (CNVD-2018-12635)

IBM Rational Quality Manager is a Web-based collaborative quality management solution.IBM Rational Collaborative Lifecycle Management is an application lifecycle management solution. A cross-site scripting vulnerability exists in the implementation of IBM Rational Quality Manager and IBM Rational...

5.4CVSS5.4AI score0.00162EPSS

Exploits0References1

CNVD•added 2018/07/04 12:0 a.m.•1 views

PAN-OS cross-site scripting vulnerability (CNVD-2018-13464)

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. A cross-site scripting vulnerability exists in the PAN-OS session browser in Palo Alto Networks PAN-OS. An attacker could exploit this vulnerability to inject arbitrary JavaScript...

5.4CVSS5.4AI score0.00355EPSS

Exploits0References1

CNVD•added 2018/07/04 12:0 a.m.•1 views

PAN-OS cross-site scripting vulnerability (CNVD-2018-13468)

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. A cross-site scripting vulnerability exists in the PAN-OS Web interface administration page in Palo Alto Networks PAN-OS. An attacker could exploit this vulnerability to inject...

5.4CVSS5.4AI score0.00355EPSS

Exploits0References1

OSV•added 2018/07/03 9:29 p.m.•1 views

CVE-2018-9337

The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML...

5.4CVSS5.9AI score0.00355EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by