Lucene search
K

3251 matches found

CNVD
CNVD
added 2015/08/22 12:0 a.m.2 views

Drupal Ctools Module Cross-Site Scripting Vulnerability

Drupal is a free and open source content management system developed in PHP. ctools is one of the API modules used to improve the development experience. A cross-site scripting vulnerability exists in the Drupal Ctools module, which allows remote attackers to exploit the vulnerability to inject...

6AI score
Exploits0References1
Openbugbounty
Openbugbounty
added 2015/07/14 5:19 p.m.11 views

epigraf.su XSS vulnerability

Vulnerable URL: http://epigraf.su/search?a=0=%3Cscript%3Ealert%28%2FXSSPOSED%2F%29%3B%3C%2Fscript%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1931551 Google Pagerank| 1 VIP...

6.3AI score
Exploits0
CNVD
CNVD
added 2015/07/02 12:0 a.m.2 views

IBM Security Network Protection Cross-Site Scripting Vulnerability

IBM Security Network Protection is a next-generation network intrusion prevention system. The system monitors application usage, website access and operation execution within the network to avoid attacks from malware, botnets and other threats. IBM Security Network Protection suffers from a...

6.1CVSS6AI score0.01165EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2015/06/30 12:0 a.m.35 views

(0Day) SolarWinds Storage Manager AuthenticationFilter Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AuthenticationFilter class. The issue lies in the ability to subvert th...

10CVSS7.4AI score0.93162EPSS
Exploits1References3
0day.today
0day.today
added 2015/06/13 12:0 a.m.40 views

Opsview <= 4.6.2 - Multiple XSS Vulnerabilities

Exploit for php platform in category web applications Exploit title: Opsview 4.6.2 - Multiple XSS Date: 07-06-2015 Vendor homepage: www.opsview.com Version: 4.6.2 CVE: CVE-2015-4420 Author: Dolev Farhi @dolevf Tested On: Kali Linux + Windows 7 Details: -------- Opsview is a monitoring system base...

7.1AI score0.01565EPSS
Exploits4
CNVD
CNVD
added 2015/05/20 12:0 a.m.5 views

Multiple Scripting Cross-Site Scripting Vulnerabilities in concrete5

Concrete5 is an open source content management software. Multiple Concrete5 scripts fail to properly filter user-submitted input, allowing remote attackers to exploit vulnerabilities to inject malicious scripts or HTML code that can capture sensitive information or hijack user sessions when...

4.3CVSS7AI score0.02111EPSS
Exploits2References1
Patchstack
Patchstack
added 2015/05/15 12:0 a.m.8 views

WordPress Get Off Malicious Scripts Plugin <= 4.15.17 - Reflected XSS

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

2AI score
Exploits0References1Affected Software1
CNVD
CNVD
added 2015/05/11 12:0 a.m.2 views

AlienVault OSSIM NBE import hostname/IP cross-site scripting vulnerability

AlienVault OSSIM or Open Source Security Information Management is a popular open source security management system. AlienVault OSSIM handles NBE imported hostname/ip with a cross-site scripting vulnerability that allows remote attackers to exploit the vulnerability to inject malicious scripts or...

5.9AI score
Exploits0References1
CNVD
CNVD
added 2015/05/03 12:0 a.m.3 views

Multiple Cross-Site Scripting Vulnerabilities in Cisco Finesse Server

Cisco Finesse Server is an agent and management desktop developed by Cisco. Cisco Finesse Server has multiple cross-site scripting vulnerabilities that can be exploited by remote attackers to inject malicious script or HTML code that can be used to gain access to sensitive information or hijack...

4.3CVSS6.7AI score0.0136EPSS
Exploits0References1
Openbugbounty
Openbugbounty
added 2015/04/13 12:17 a.m.16 views

shop.megaheinz.com XSS vulnerability

Open Bug Bounty ID: OBB-58133 Description| Value ---|--- Affected Website:| shop.megaheinz.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

6.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/02/27 6:57 a.m.2 views

Cross-site Scripting Vulnerability in Hitachi IT Operations Analyzer

Overview A cross-site scripting vulnerability was found in the online help of Hitachi IT Operations Analyzer. Impact Remote users can exploit a cross-site scripting vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasur...

4.3CVSS6.2AI score
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/02/16 2:12 a.m.3 views

Cross-site Scripting Vulnerability in Hitachi Command Suite Products

Overview The online help of Hitachi Command Suite Products contains a cross-site scripting vulnerability. Impact A remote attacker can exploit this vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...

4.3CVSS6.5AI score0.01148EPSS
Exploits0References4
Check Point Advisories
Check Point Advisories
added 2014/10/14 12:0 a.m.0 views

SolarWinds Storage Manager AuthenticationFilter Authentication Bypass

An authentication bypass vulnerability exists in SolarWinds Storage Manager. The vulnerability is due to a flaw within the AuthenticationFilter class. A remote unauthenticated attacker could exploit this vulnerability by bypassing the authentication filter and uploading malicious scripts to the...

2.4AI score
Exploits0
Huawei
Huawei
added 2014/10/11 12:0 a.m.21 views

Security Advisory-XSS Security Vulnerability on Huawei E355

Huawei E355 portable 3G wireless routers have the stored cross-site scripting XSS vulnerability. Attackers can exploit the vulnerability to plant malicious scripts into the configuration file to interrupt the services of legitimate users. Vulnerability ID: HWPSIRT-2014-0516 The CVE No. of the...

4.3CVSS5AI score0.00798EPSS
Exploits0Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2014/08/27 12:0 a.m.41 views

SolarWinds Storage Manager AuthenticationFilter Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AuthenticationFilter class. The issue lies in the ability to subvert th...

10CVSS1.9AI score
Exploits0References1
Huawei
Huawei
added 2014/08/06 12:0 a.m.23 views

Security Advisory-CSRF Vulnerability in Huawei HiLink Products

Several Huawei HiLink products have the CSRF Vulnerability. When users use these devices to visit websites that contain malicious scripts, the malicious scripts can exploit the vulnerability to change the configurations or use the functions of products. Vulnerability ID: HWPSIRT-2014-0243 This...

6.8CVSS6AI score0.00922EPSS
Exploits4Affected Software4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.12 views

Inktomi Traffic Server 4.0/5.x Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7596/info Inktomi Traffic Server is prone to a cross-site scripting vulnerability. This is due to insufficient sanitization of input passed to the proxy, which will be echoed back in error pages under some circumstances. ...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

PHPay 2.2 Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7310/info It has been reported that user-supplied input to phPay is not sufficiently sanitized. This lack of sanitization provides an opportunity for an attacker to launch cross-site scripting attacks. It is possible for ...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

Winn Guestbook 2.4.8c - Stored XSS Vulnerability

No description provided by source. Exploit Title: Winn Guestbook v2.4.8c Stored XSS Date: 12/29/11 Author: G13 Software Link: http://code.google.com/p/winn-guestbook/, http://www.winn.ws Version: 2.4.8c Category: webapps php CVE: 2011-5026 Vulnerability There is no sanitation on the input of the...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

ASPPlayground.NET 3.2 SR1 Remote Arbitrary File Upload Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14070/info ASPPlayground.NET is prone to a remote arbitrary file-upload vulnerability. Exploiting this issue may allow remote attackers to upload arbitrary files including malicious scripts and possibly execute the script...

7.1AI score
Exploits0
Rows per page
Query Builder