CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4584 matches found

OSV•added 2021/07/07 2:15 p.m.•3 views

CVE-2020-24145

Cross Site Scripting XSS vulnerability in the CM Download Manager aka cm-download-manager plugin 2.7.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted deletescreenshot action...

6.1CVSS6.5AI score0.00996EPSS

Exploits0References2

OSV•added 2021/06/22 2:15 a.m.•1 views

CVE-2021-20735

Cross-site scripting vulnerability in ETUNA EC-CUBE plugins Delivery slip number plugin 3.0 series 1.0.10 and earlier, Delivery slip number csv bulk registration plugin 3.0 series 1.0.8 and earlier, and Delivery slip number mail plugin 3.0 series 1.0.8 and earlier allows remote attackers to injec...

6.1CVSS6.5AI score0.01121EPSS

Exploits0References4

OSV•added 2021/06/22 2:15 a.m.•1 views

CVE-2021-20741

Cross-site scripting vulnerability in Hitachi Application Server Help Hitachi Application Server V10 Manual Windows version 10-11-01 and earlier and Hitachi Application Server V10 Manual UNIX version 10-11-01 and earlier allows a remote attacker to inject an arbitrary script via unspecified vecto...

6.1CVSS5.9AI score0.00754EPSS

Exploits0References2

OSV•added 2021/06/22 2:15 a.m.•2 views

CVE-2021-20743

Cross-site scripting vulnerability in EC-CUBE Email newsletters management plugin for EC-CUBE 3.0 series versions prior to version 1.0.4 allows a remote attacker to inject an arbitrary script by leading a user to a specially crafted page and to perform a specific operation...

6.1CVSS6.8AI score0.00754EPSS

Exploits0References2

OSV•added 2021/06/22 2:15 a.m.•3 views

CVE-2021-20742

Cross-site scripting vulnerability in EC-CUBE Business form output plugin for EC-CUBE 3.0 series versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script via unspecified vector...

6.1CVSS6.8AI score0.00757EPSS

Exploits0References2

OSV•added 2021/06/22 2:15 a.m.•2 views

CVE-2021-20734

Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors...

6.1CVSS5.9AI score0.01044EPSS

Exploits1References2

BDU FSTEC•added 2021/06/09 12:0 a.m.•4 views

The vulnerability of the PayAction.class.php script of the software controller for the centralized control of wireless networks by D-Link Central WiFi Manager CWM(100) allows a hacker to inject any desired web script or HTML code.

The vulnerability of the PayAction.class.php script of the software controller for the centralized control of wireless networks by D-Link Central WiFi Manager CWM100 is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a remote attacker t...

6.4CVSS6.5AI score0.02369EPSS

Exploits0References4Affected Software1

OSV•added 2021/05/24 4:15 a.m.•3 views

CVE-2021-20723

Reflected cross-site scripting vulnerability in MailForm01 free edition versions which the last updated date listed at the top of descriptions in the program file is from 2014 December 12 to 2018 July 27 allows a remote attacker to inject an arbitrary script via unspecified vectors...

6.1CVSS5.8AI score0.00777EPSS

Exploits0References2

CNNVD•added 2021/05/20 12:0 a.m.•4 views

FusionPBX 跨站脚本漏洞

FusionPBX is a scalable, multi-threaded communications platform. The platform can be used as a call center server, fax server, VOIP server, voicemail server, conference server and voice application server. A security vulnerability exists in FusionPBX 4.5.7, which allows remote malicious users to...

6.1CVSS5.8AI score0.00723EPSS

Exploits0References2

BDU FSTEC•added 2021/05/19 12:0 a.m.•6 views

The vulnerability of the programmatically defined Cisco SD-WAN API component allows attackers to execute cross-site scripting (XSS) attacks.

The vulnerability of the programmable Cisco SD-WAN API component is related to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting XSS attacks remotely...

6.4CVSS5.6AI score0.00635EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2021/05/10 12:0 a.m.•3 views

PT-2021-19681 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle version 3.10.3 Description: The issue allows remote attackers to execute arbitrary web script or HTML via the Description field, which is a Cross Site Scripting XSS issue. Recommendations: For Moodle version 3.10.3, update to a newer...

7.5CVSS6.5AI score0.01157EPSS

Exploits1References27

CNNVD•added 2021/04/28 12:0 a.m.•6 views

safe FME Server 跨站脚本漏洞

safe FME Server is an application from safe Canada. A web data conversion application. A cross-site scripting vulnerability exists in safe FME Server that could allow a remote attacker to inject arbitrary web script or HTML code execution by modifying the username...

5.4CVSS6.2AI score0.01287EPSS

Exploits1References4

VulnCheck KEV•added 2021/04/12 12:0 a.m.•3 views

VulnCheck KEV: CVE-2013-7389

Multiple cross-site scripting XSS vulnerabilities in D-Link DIR-645 Router Rev. A1 with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the 1 deviceid parameter to parentalcontrols/bind.php, 2 RESULT parameter to info.php, or 3 receiver...

4.3CVSS5.8AI score0.27753EPSS

Exploits1References1

OSV•added 2021/04/09 6:15 p.m.•4 views

CVE-2020-23762

Cross Site Scripting XSS vulnerability in the Larsens Calender plugin Version = 1.2 for WordPress allows remote attackers to execute arbitrary web script via the "titel" column on the "Eintrage hinzufugen" tab...

5.4CVSS6.1AI score0.00798EPSS

Exploits2References2

OSV•added 2021/04/07 8:15 a.m.•2 views

CVE-2021-20691

Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors...

6.1CVSS6.5AI score0.00756EPSS

Exploits0References1

OSV•added 2021/04/07 8:15 a.m.•1 views

CVE-2021-20689

Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors...

6.1CVSS5.9AI score0.00756EPSS

Exploits0References1

OSV•added 2021/04/07 8:15 a.m.•3 views

CVE-2021-20684

Cross-site scripting vulnerability in MagazinegerZ v.1.01 allows remote attackers to inject an arbitrary script via unspecified vectors...

6.1CVSS5.9AI score0.00756EPSS

Exploits0References1

OSV•added 2021/04/07 8:15 a.m.•1 views

CVE-2021-20686

Cross-site scripting vulnerability in Kagemai 0.8.8 allows remote attackers to inject an arbitrary script via unspecified vectors...

6.1CVSS5.9AI score0.00756EPSS

Exploits0References1

CNVD•added 2021/03/29 12:0 a.m.•8 views

BaserCMS JavaScript Input Improper Neutralization Vulnerability (CNVD-2021-23789)

BaserCMS is an open source enterprise-level content management system cms. A JavaScript Input Improper Neutralization vulnerability exists in the page editing feature in BaserCMS versions prior to 4.4.5. A remote authenticated attacker can exploit this vulnerability to inject arbitrary scripts...

5.4CVSS6.3AI score0.00731EPSS

Exploits0References1

OSV•added 2021/03/18 1:15 a.m.•3 views

CVE-2021-20628

Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Note that this vulnerability occurs only when using Mozilla Firefox...

6.1CVSS6.2AI score0.0081EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by