CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5938 matches found

Prion•added 2018/12/31 2:29 p.m.•15 views

Remote code execution

Apache NetBeans incubating 9.0 NetBeans Proxy Auto-Configuration PAC interpretation is vulnerable for remote command execution RCE. Using the nashorn script engine the environment of the javascript execution for the Proxy Auto-Configuration leaks privileged objects, that can be used to circumvent...

7.5CVSS9.7AI score0.07755EPSS

Exploits0References2Affected Software1

Friends Of PHP•added 2018/12/29 8:39 p.m.•39 views

XSS vulnerability with unsafe link protocols

An XSS vulnerability CVE-2018-20583 has been identified in the following versions of this library: 0.15.6 0.15.7 0.16.0 0.17.0 0.17.1 0.17.2 0.17.3 0.17.4 0.17.5 0.18.0 It allows unsafe URLs to be added to links. The issue has been fixed in version 0.18.1. All users should upgrade to version 0.18...

6.1CVSS6AI score0.01597EPSS

Exploits1Affected Software1

CNVD•added 2018/12/27 12:0 a.m.•2 views

MetInfo Cross-Site Scripting Vulnerability (CNVD-2019-03299)

MetInfo is a content management system CMS developed using PHP and Mysql by China Mito Information Technology Ltd. A cross-site scripting vulnerability exists in MetInfo versions 6.x to 6.1.3, which can be exploited by remote attackers to execute JavaScript code by sending the 'urlarray' paramete...

6.1CVSS6.6AI score0.00665EPSS

Exploits1References1

Veeam•added 2018/12/24 12:0 a.m.•10 views

Veeam Explorer for Microsoft Exchange Javascript Execution Vulnerability

Challenge The vulnerability allows execution of arbitrary code in emails containing inline Javascript. NOTE: This has been corrected in Veeam Backup for MIcrosoft Office 365 version 3 and Veeam Backup & Replication version U4a. Cause The affected component is Veeam Explorer for Microsoft Exchange...

7.1AI score

Exploits0

CNVD•added 2018/12/24 12:0 a.m.•2 views

LimeSurvey cross-site scripting vulnerability (CNVD-2018-26471)

LimeSurvey formerly known as PHPSurveyor is a set of open source online survey program developed by the LimeSurvey team, which supports survey program development, questionnaire distribution and data collection. A cross-site scripting vulnerability exists in LimeSurvey. A remote attacker can...

6.1CVSS6.5AI score0.01114EPSS

Exploits0References1

OSV•added 2018/12/21 11:29 p.m.•15 views

CVE-2018-20322

LimeSurvey version 3.15.5 contains a Cross-site scripting XSS vulnerability in Survey Resource zip upload, resulting in Javascript code execution against LimeSurvey administrators. Fixed in version 3.15.6...

6.1CVSS6.4AI score

Exploits0References2

CVE•added 2018/12/21 10:0 p.m.•45 views

CVE-2018-20322

LimeSurvey 3.15.5 contains a cross-site scripting (XSS) vulnerability in the Survey Resource ZIP upload, allowing potentially executable JavaScript against LimeSurvey administrators. The issue is caused by insufficient input sanitization during ZIP upload of survey resources. The vulnerability is...

6.1CVSS6.3AI score0.01114EPSS

Exploits0References2Affected Software1

Tenable Nessus•added 2018/12/21 12:0 a.m.•25 views

Foxit PhantomPDF < 7.3.13 Multiple Vulnerabilities

According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 7.3.13. It is, therefore, affected by multiple vulnerabilities: - Unauthorized javascript execution when disabled. - Arbitrary Write supporting remote code...

5.9AI score

Exploits0References1

OSV•added 2018/12/20 10:1 p.m.•12 views

GHSA-J5RJ-G695-342R Fat Free CRM vulnerable to Cross-site Scripting

FatFreeCRM version =0.15.0 =0.16.0 =0.17.0 =0.17.2, and ==0.18.0 contains a Cross Site Scripting XSS vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appears to be exploitable via Content with Javascript payload will be executed...

6.1CVSS6.1AI score0.01687EPSS

Exploits0References7

Github Security Blog•added 2018/12/20 10:1 p.m.•36 views

Fat Free CRM vulnerable to Cross-site Scripting

6.1CVSS6AI score0.01687EPSS

Exploits0References7Affected Software1

Prion•added 2018/12/20 5:29 p.m.•11 views

Cross site scripting

WeBid version up to current version 1.2.2 contains a Cross Site Scripting XSS vulnerability in userlogin.php, register.php that can result in Javascript execution in the user's browser, injection of malicious markup into the page. This attack appear to be exploitable via The victim user must clic...

4.3CVSS6.3AI score0.0163EPSS

Exploits1References3Affected Software1

NVD•added 2018/12/20 5:29 p.m.•13 views

CVE-2018-1000868

6.1CVSS6.3AI score0.0163EPSS

Exploits1References3

OSV•added 2018/12/20 5:29 p.m.•16 views

CVE-2018-1000868

6.1CVSS6.3AI score

Exploits0References3

Cvelist•added 2018/12/20 5:0 p.m.•13 views

CVE-2018-1000868

6.3AI score0.0163EPSS

Exploits1References3

NVD•added 2018/12/20 3:29 p.m.•9 views

CVE-2018-1000842

FatFreeCRM version =0.15.0 =0.16.0 =0.17.0 =0.17.2, ==0.18.0 contains a Cross Site Scripting XSS vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appear to be exploitable via Content with Javascript payload will be executed on e...

6.1CVSS6.2AI score0.01687EPSS

Exploits0References4

OSV•added 2018/12/20 3:29 p.m.•14 views

CVE-2018-1000842

6.1CVSS6.2AI score

Exploits0References4

Prion•added 2018/12/20 3:29 p.m.•18 views

Improper access control

Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains a Other/Unknown vulnerability in function ContentSettingsObserver::AllowScript in contentsettingsobserver.cc that can result in Websites can run inline JavaScript even if script is blocked, making attackers easier to track user...

4.3CVSS4.8AI score0.01123EPSS

Exploits0References3Affected Software1

Prion•added 2018/12/20 3:29 p.m.•19 views

Cross site scripting

4.3CVSS6.1AI score0.01687EPSS

Exploits0References4Affected Software1

Cvelist•added 2018/12/20 3:0 p.m.•13 views

CVE-2018-1000813

Backdrop CMS version 1.11.0 and earlier contains a Cross Site Scripting XSS vulnerability in Sanitization of custom class names used on blocks and layouts. that can result in Execution of JavaScript from an unexpected source.. This attack appear to be exploitable via A user must be directed to an...

5.1AI score0.00741EPSS

Exploits0References1

CNVD•added 2018/12/17 12:0 a.m.•2 views

Pixars Tractor Cross-Site Scripting Vulnerability

Pixars Tractor is a web rendering solution. The product includes features such as resource sharing controls, Python module extensions, and more. A cross-site scripting vulnerability exists in Pixars Tractor 2.2 and prior versions, which can be exploited by remote attackers to inject and execute...

5.4CVSS6.7AI score0.00786EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by