CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

890 matches found

Prion•added 2018/09/21 4:29 p.m.•14 views

Cross site scripting

An XSS issue was discovered in Subsonic Media Server 6.1.1. The podcast subscription form is affected by a stored XSS vulnerability in the add parameter to podcastReceiverAdmin.view; no administrator access is required. By injecting a JavaScript payload, this flaw could be used to manipulate a...

4.3CVSS5.8AI score0.00675EPSS

Exploits1References1Affected Software1

NVD•added 2018/09/21 4:29 p.m.•12 views

CVE-2018-11352

The Wallabag application 2.2.3 to 2.3.2 is affected by one cross-site scripting XSS vulnerability that is stored within the configuration page. This vulnerability enables the execution of a JavaScript payload each time an administrator visits the configuration page. The vulnerability can be...

4CVSS4.2AI score0.00721EPSS

Exploits1References1

OSV•added 2018/09/21 4:29 p.m.•12 views

CVE-2018-11352

4CVSS5.7AI score

Exploits0References1

Cvelist•added 2018/09/21 4:0 p.m.•12 views

CVE-2018-11352

4.1AI score0.00721EPSS

Exploits1References1

RedhatCVE•added 2018/08/22 7:49 a.m.•38 views

CVE-2018-1000225

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting XSS vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to...

9.6CVSS4.2AI score0.01262EPSS

Exploits0References2

NVD•added 2018/08/20 8:29 p.m.•20 views

CVE-2018-1000225

6.1CVSS6.9AI score0.01262EPSS

Exploits0References2

Prion•added 2018/08/20 8:29 p.m.•15 views

Cross site scripting

4.3CVSS6.5AI score0.01262EPSS

Exploits0References2

UbuntuCve•added 2018/08/20 8:29 p.m.•35 views

CVE-2018-1000225

6.1CVSS6.8AI score0.01262EPSS

Exploits0References4

Prion•added 2018/07/07 5:29 p.m.•8 views

Cross site scripting

script.php in Jirafeau before 3.4.1 is affected by two stored Cross-Site Scripting XSS vulnerabilities. These are stored within the shared files description file and allow the execution of a JavaScript payload each time an administrator searches or lists uploaded files. These two injections could...

4.3CVSS5.9AI score0.01208EPSS

Exploits1References1Affected Software1

Cvelist•added 2018/07/07 5:0 p.m.•11 views

CVE-2018-11351

6AI score0.01208EPSS

Exploits1References1

CNVD•added 2018/06/20 12:0 a.m.•3 views

ShopNx 1 Arbitrary File Upload Vulnerability

ShopNx 1 an Angular 5 single page application. ShopNx 1 suffers from an arbitrary file upload vulnerability that allows an attacker to upload a malicious html file or other file containing a JavaScript payload to steal user credentials...

7.2AI score

Exploits0References1

NVD•added 2018/06/19 9:29 p.m.•9 views

CVE-2018-12519

An issue was discovered in ShopNx through 2017-11-17. The vulnerability allows a remote attacker to upload any malicious file to a Node.js application. An attacker can upload a malicious HTML file that contains a JavaScript payload to steal a user's credentials...

8.8CVSS8.5AI score0.07864EPSS

Exploits5References2

Prion•added 2018/06/19 9:29 p.m.•14 views

Hardcoded credentials

4CVSS8.5AI score0.07864EPSS

Exploits5References2

Cvelist•added 2018/06/19 9:0 p.m.•18 views

CVE-2018-12519

8.6AI score0.07864EPSS

Exploits5References2

CVE•added 2018/06/19 9:0 p.m.•57 views

CVE-2018-12519

Summary of CVE-2018-12519 : ShopNx (AngularJS/Node.js/MongoDB-based single-page shopping app) up to 2017-11-17 is vulnerable to an arbitrary file upload in the server-side application. The vulnerability allows a remote attacker to upload a malicious HTML file containing JavaScript payloads, enabl...

8.8CVSS8.5AI score0.07864EPSS

Exploits5References2Affected Software1

Packet Storm•added 2018/05/22 12:0 a.m.•24 views

Private Message PHP Script 2.0 Cross Site Scripting

Exploit Title: Private Message PHP Script 2.0 - Persistent Cross-Site scripting Date: 2018-05-20 Exploit Author: Borna nematzadeh L0RD Vendor Homepage: https://codecanyon.net/item/private-message-php-script/21027192?srank=1 Version: 2.0 Tested on: Windows Description : Private Message PHP Script...

Exploits0

0day.today•added 2018/05/21 12:0 a.m.•39 views

Private Message PHP Script 2.0 - Persistent Cross-Site scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Private Message PHP Script 2.0 - Persistent Cross-Site scripting Exploit Author: Borna nematzadeh L0RD Vendor Homepage: https://codecanyon.net/item/private-message-php-script/21027192?srank=1 Version: 2.0 Tested on: Windows...

Exploits0

The Hacker News•added 2018/05/12 6:45 a.m.•2 views

Severe Bug Discovered in Signal Messaging App for Windows and Linux

Security researchers have discovered a severe vulnerability in the popular end-to-end encrypted Signal messaging app for Windows and Linux desktops which could allow remote attackers to execute malicious code on recipients system just by sending a message—without requiring any user interaction...

7.5AI score

Exploits0

0day.today•added 2018/01/14 12:0 a.m.•56 views

Zimbra Collaboration Suite Cross Site Scripting Vulnerability

Exploit for php platform in category web applications COMPASS SECURITY ADVISORY https://www.compass-security.com CVE ID : CVE-2017-8802 Product: Zimbra Collaboration Suite ZCS 1 Vendor: Synacor Inc. 2 Subject: Stored Cross-Site Scripting XSS Vulnerability Risk: High Effect: Exploitable by Anonymo...

3.5CVSS5.9AI score0.01288EPSS

Exploits2

Hacker One•added 2017/11/10 11:6 p.m.•9 views

RubyGems: [gem server] Stored XSS via crafted JavaScript URL inclusion in Gemspec

Hi, A JavaScript URL injection in the homepage field within a Gemspec file can be leveraged to achieve stored XSS on the default gem server web interface, referenced here. When you install RubyGems, it adds the gem server command to your system. This is the fastest way to start hosting gems. As...

6.6AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by