CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

348 matches found

Prion•added 2017/09/18 4:29 a.m.•17 views

Cross site scripting

Cross Site Scripting XSS exists in NexusPHP 1.5.beta5.20120707 via the PATHINFO to location.php, related to PHPSELF...

4.3CVSS6AI score0.0024EPSS

Exploits1References1Affected Software1

NVD•added 2017/09/18 4:29 a.m.•8 views

CVE-2017-14534

Cross Site Scripting XSS exists in NexusPHP 1.5.beta5.20120707 via the PATHINFO to location.php, related to PHPSELF...

6.1CVSS6AI score0.0024EPSS

Exploits1References1

Cvelist•added 2017/09/18 4:0 a.m.•13 views

CVE-2017-14534

Cross Site Scripting XSS exists in NexusPHP 1.5.beta5.20120707 via the PATHINFO to location.php, related to PHPSELF...

6AI score0.0024EPSS

Exploits1References1

CVE•added 2017/09/18 4:0 a.m.•48 views

CVE-2017-14534

NVD and multiple public feeds confirm CVE-2017-14534 affects NexusPHP 1.5.beta5.20120707. The vulnerability is a Cross Site Scripting (XSS) flaw exploitable via PATH_INFO to location.php, related to PHP_SELF. Impact is limited to partial integrity impact with no confidentiality/availability effec...

6.1CVSS5.9AI score0.0024EPSS

Exploits1References1Affected Software1

Prion•added 2017/08/31 6:29 p.m.•14 views

Cross site scripting

Cross Site Scripting XSS exists in NexusPHP 1.5.beta5.20120707 via the PATHINFO to ipsearch.php, related to PHPSELF...

4.3CVSS6AI score0.0024EPSS

Exploits0References1Affected Software1

NVD•added 2017/08/31 6:29 p.m.•15 views

CVE-2017-14070

Cross Site Scripting XSS exists in NexusPHP 1.5.beta5.20120707 via the PATHINFO to ipsearch.php, related to PHPSELF...

6.1CVSS6AI score0.0024EPSS

Exploits0References1

CVE•added 2017/08/31 6:0 p.m.•45 views

CVE-2017-14070

The CVE-2017-14070 entry describes a Cross Site Scripting (XSS) vulnerability in NexusPHP 1.5.beta5.20120707. The issue arises via PATH_INFO to ipsearch.php and is related to PHP_SELF. Multiple sources (NVD, Red Hat, CNVD, CNVD-derived entries) confirm the affected software and the vulnerability ...

6.1CVSS5.9AI score0.0024EPSS

Exploits0References1Affected Software1

Cvelist•added 2017/08/31 6:0 p.m.•17 views

CVE-2017-14070

Cross Site Scripting XSS exists in NexusPHP 1.5.beta5.20120707 via the PATHINFO to ipsearch.php, related to PHPSELF...

6AI score0.0024EPSS

Exploits0References1

NVD•added 2017/08/18 6:29 p.m.•10 views

CVE-2017-12948

Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATHINFO to wp-admin/admin.php, related to PHPSELF...

6.1CVSS6.1AI score0.0021EPSS

Exploits1References1

Prion•added 2017/08/18 6:29 p.m.•9 views

Design/Logic Flaw

Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATHINFO to wp-admin/admin.php, related to PHPSELF...

4.3CVSS6AI score0.0021EPSS

Exploits1References1Affected Software1

Cvelist•added 2017/08/18 6:0 p.m.•11 views

CVE-2017-12948

Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATHINFO to wp-admin/admin.php, related to PHPSELF...

6.1AI score0.0021EPSS

Exploits1References1

UbuntuCve•added 2017/07/17 1:18 p.m.•23 views

CVE-2017-1000016

A weakness was discovered where an attacker can inject arbitrary values in to the browser cookies. This is a re-issue of an incomplete fix from PMASA-2016-18...

7.5CVSS7.2AI score0.00488EPSS

Exploits0References2

OSV•added 2017/06/06 4:29 p.m.•8 views

CVE-2017-9451

Cross site scripting XSS vulnerability in pages.editform.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATHINFO in an acp.php URL, due to use of unsanitized $SERVER'PHPSELF' to generate URLs...

6.1CVSS5.9AI score

Exploits0References2

CVE•added 2017/06/06 4:0 p.m.•40 views

CVE-2017-9451

CVE-2017-9451 corresponds to a cross-site scripting (XSS) vulnerability in flatCore 1.4.6, affecting pages.edit_form.php. The issue arises from using unsanitized $_SERVER['PHP_SELF'] to generate URLs, allowing remote attackers to inject arbitrary JavaScript via the PATH_INFO in an acp.php URL. Th...

6.1CVSS6AI score0.00217EPSS

Exploits0References2Affected Software1

NVD•added 2017/04/18 5:59 p.m.•13 views

CVE-2017-7897

A cross-site scripting XSS vulnerability in the MantisBT 2.3.x before 2.3.2 Timeline include page, used in My View myviewpage.php and User Information viewuserpage.php pages, allows remote attackers to inject arbitrary code if CSP settings permit it through crafted PATHINFO in a URL, due to use o...

6.1CVSS6AI score0.00251EPSS

Exploits1References4

Prion•added 2017/04/18 5:59 p.m.•11 views

Cross site scripting

4.3CVSS6.1AI score0.00251EPSS

Exploits1References4Affected Software1

Cvelist•added 2017/04/18 5:0 p.m.•21 views

CVE-2017-7897

6AI score0.00251EPSS

Exploits1References4

UbuntuCve•added 2016/07/03 1:59 a.m.•34 views

CVE-2016-5702

phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHPSELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI...

4.3CVSS6.8AI score0.00248EPSS

Exploits0References2

seebug.org•added 2016/03/31 12:0 a.m.•17 views

WordPress Altos Connect Widget 1.3.0 XSS 漏洞

文件：/wp-content/plugins/altos-connect/jquery-validate/demo/demo/captcha/index.php 上代码 " id="refreshimg" title="Click to refresh image"" width="132" height="46" alt="Captcha image" / Enter the characters as seen on the image above case insensitive: 第三行中...

7AI score

Exploits0

securityvulns•added 2015/07/14 12:0 a.m.•51 views

phpLiteAdmin v1.1 CSRF & XSS Vulnerabilities

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPLITEADMIN0705.txt Vendor: ================================ bitbucket.org/phpliteadmin Product: ================================ phpLiteAdmin v1.1 Advisory Information:...

7.3AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by