CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7649 matches found

Cvelist•added 2019/08/07 4:38 p.m.•30 views

CVE-2019-14748

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer or no mitigations implemented for file content checks; also, the output is not handled...

5.7AI score0.02733EPSS

Exploits5References5

CVE•added 2019/08/07 4:38 p.m.•84 views

CVE-2019-14748

CVE-2019-14748 affects osTicket versions prior to 1.10.7 and 1.12.x prior to 1.12.1. The ticket creation form allows file uploads without sufficient content validation and improper output handling, causing persistent XSS (e.g., uploading a .html file) that can lead to cookie theft or malicious ac...

5.4CVSS5.5AI score0.02733EPSS

Exploits5References5Affected Software1

0day.today•added 2019/08/06 12:0 a.m.•50 views

1CRM On-Premise Software 8.5.7 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications 1CRM On-Premise Software 8.5.7 Stored XSS //////////////////////////////////////////////////////////////////////////////////// Exploit Title: 1CRM On-Premise Software 8.5.7 - Cross-Site Scripting Date: 19/07/2019 Exploit Author: Kusol...

3.5CVSS0.01709EPSS

Exploits5

OSV•added 2019/08/01 10:15 p.m.•3 views

CVE-2019-5401

A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. The attack exploits an xss injection by setting the attack vector in one of the switch persistent configuration fields management URL, location, contact. But admin privileges are required to configure the...

4.8CVSS5.8AI score0.0054EPSS

Exploits0References1

Exploit DB•added 2019/08/01 12:0 a.m.•134 views

Ultimate Loan Manager 2.0 - Cross-Site Scripting

Exploit Title:Web Studio Ultimate Loan Manager V2.0 - Persistent Cross Site Scripting Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: http://www.webstudio.co.zw/ Software Link: https://codecanyon.net/item/ultimate-loan-manager/19891884 Version: V2.0 Category: Webapps Software...

6.1CVSS6.5AI score0.00978EPSS

Exploits5

NVD•added 2019/07/31 6:15 p.m.•21 views

CVE-2019-3958

Insufficient output sanitization in WallacePOS 1.4.3 allows a remote, authenticated attacker to conduct persistent cross-site scripting XSS attacks via a crafted sales transaction...

5.4CVSS5.1AI score0.00855EPSS

Exploits1References1

OSV•added 2019/07/31 6:15 p.m.•15 views

CVE-2019-3958

Insufficient output sanitization in WallacePOS 1.4.3 allows a remote, authenticated attacker to conduct persistent cross-site scripting XSS attacks via a crafted sales transaction...

5.4CVSS5.5AI score

Exploits0References1

Cvelist•added 2019/07/31 5:26 p.m.•24 views

CVE-2019-3958

Insufficient output sanitization in WallacePOS 1.4.3 allows a remote, authenticated attacker to conduct persistent cross-site scripting XSS attacks via a crafted sales transaction...

5.1AI score0.00855EPSS

Exploits1References1

NVD•added 2019/07/30 3:15 p.m.•16 views

CVE-2018-20864

cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain SEC-454...

6.5CVSS6.5AI score0.00772EPSS

Exploits0References1

Packet Storm•added 2019/07/29 12:0 a.m.•185 views

GigToDo 1.3 Cross Site Scripting

Exploit Title: GigToDo - Freelance Marketplace Script v1.3 Persistent XSS Injection Google Dork: - Date: 2019/07/28 Author: m0ze Vendor Homepage: https://www.gigtodoscript.com Software Link: https://codecanyon.net/item/gigtodo-freelance-marketplace-script/23855397 Version: = 1.3 Tested on:...

7.4AI score

Exploits0

0day.today•added 2019/07/29 12:0 a.m.•25 views

GigToDo 1.3 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: GigToDo - Freelance Marketplace Script v1.3 Persistent XSS Injection Author: m0ze Vendor Homepage: https://www.gigtodoscript.com Software Link: https://codecanyon.net/item/gigtodo-freelance-marketplace-script/23855397 Version: =...

7.1AI score

Exploits0

exploitpack•added 2019/07/29 12:0 a.m.•27 views

GigToDo 1.3 - Cross-Site Scripting

GigToDo 1.3 - Cross-Site Scripting Exploit Title: GigToDo - Freelance Marketplace Script v1.3 Persistent XSS Injection Google Dork: - Date: 2019/07/28 Author: m0ze Vendor Homepage: https://www.gigtodoscript.com Software Link: https://codecanyon.net/item/gigtodo-freelance-marketplace-script/238553...

6.8AI score

Exploits0

FreeBSD•added 2019/07/29 12:0 a.m.•55 views

Gitlab -- Multiple Vulnerabilities

Gitlab reports: GitHub Integration SSRF Trigger Token Impersonation Build Status Disclosure SSRF Mitigation Bypass Information Disclosure New Issue ID IDOR Label Name Enumeration Persistent XSS Wiki Pages User Revokation Bypass with Mattermost Integration Arbitrary File Upload via Import Project...

3.6AI score

Exploits0References1

Hacker One•added 2019/07/28 10:22 a.m.•30 views

Nextcloud: Persistent XSS via filename in projects

CVSS ---- Medium 5.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Description ----------- Affected: Talk / Spreed 6.0.3 The name of a file is echoed without encoding when moving the mouse onto it in the projects tab of a conversation, leading to persistent XSS. A successful attack requires an...

3.5CVSS1.6AI score0.0084EPSS

Exploits0

The Hacker News•added 2019/07/23 1:57 p.m.•1 views

Learn Ethical Hacking From Scratch — 2019 Training Bundle

The world of cybersecurity is fast-paced and ever-changing. New attacks are unleashed every day, and companies around the world lose millions of dollars as a result. The only thing standing in the way of cybercrime is a small army of ethical hackers. These cybersecurity experts are employed to fi...

7.1AI score

Exploits0

Tenable Nessus•added 2019/07/22 12:0 a.m.•28 views

Juniper Junos Space < 17.2R2 Persistent XSS Vulnerability (JSA10881)

According to its self-reported version number, the version of Junos Space running on the remote device is 17.2R2, and is therefore affected by a persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director. A remote authenticated attacker can exploit tha...

8CVSS6.4AI score0.00862EPSS

Exploits0References2

Packet Storm•added 2019/07/18 12:0 a.m.•115 views

WordPress OneSignal 1.17.5 Cross Site Scripting

history.pushState'', 'SHPA', '/' input type="hidden" name="wphttpreferer" valu...

7.4AI score

Exploits0

exploitpack•added 2019/07/18 12:0 a.m.•39 views

WordPress Plugin OneSignal 1.17.5 - subdomain Persistent Cross-Site Scripting

WordPress Plugin OneSignal 1.17.5 - subdomain Persistent Cross-Site Scripting Exploit Title: WordPress Plugin OneSignal 1.17.5 - Persistent Cross-Site Scripting Date: 2019-07-18 Vendor Homepage: https://www.onesignal.com Software Link:...

6.7AI score

Exploits0

Exploit DB•added 2019/07/18 12:0 a.m.•423 views

WordPress Plugin OneSignal 1.17.5 - 'subdomain' Persistent Cross-Site Scripting

Exploit Title: WordPress Plugin OneSignal 1.17.5 - Persistent Cross-Site Scripting Date: 2019-07-18 Vendor Homepage: https://www.onesignal.com Software Link: https://wordpress.org/plugins/onesignal-free-web-push-notifications/ Affected version: 1.17.5 Exploit Author: LiquidWorm Tested on: Linux...

7.4AI score

Exploits0

0day.today•added 2019/07/18 12:0 a.m.•37 views

WordPress OneSignal 1.17.5 Plugin (subdomain) Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress Plugin OneSignal 1.17.5 - Persistent Cross-Site Scripting Date: 2019-07-18 Vendor Homepage: https://www.onesignal.com Software Link: https://wordpress.org/plugins/onesignal-free-web-push-notifications/ Affected version...

7.1AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by