CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4584 matches found

CNNVD•added 2021/03/15 12:0 a.m.•5 views

Tecnoteca openMAINT 跨站脚本漏洞

Tecnoteca openMAINT is an application from the Italian company Tecnoteca. It is based on the CMDBuild software, from which it inherits basic functionality and configuration mechanisms. A security vulnerability exists in openMAINT 2.1-3.3-b, which can be exploited by remote attackers to inject...

6.1CVSS6.5AI score0.03029EPSS

Exploits2References3

CNVD•added 2021/03/12 12:0 a.m.•4 views

Batflat Cross-Site Scripting Vulnerability (CNVD-2021-18015)

Batflat is a simple, lightweight content management system CMS. A cross-site scripting vulnerability exists in Galleries in Batflat 1.3.6. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via field names...

5.4CVSS6AI score0.00601EPSS

Exploits1References1

OSV•added 2021/03/11 5:15 p.m.•1 views

CVE-2021-27679

Cross-site scripting XSS vulnerability in Navigation in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name...

5.4CVSS6.2AI score0.00601EPSS

Exploits1References1

OSV•added 2021/03/05 11:2 a.m.•3 views

OESA-2021-1068 python-lxml security update

The lxml XML toolkit is a Pythonic binding for the C libraries libxml2 and libxslt. It is unique in that it combines the speed and XML feature completeness of these libraries with the simplicity of a native Python API, mostly compatible but superior to the well-known ElementTree API. The latest...

6.1CVSS6.6AI score0.03934EPSS

Exploits1References2

OSV•added 2021/03/05 10:15 a.m.•1 views

CVE-2021-20663

Cross-site scripting vulnerability in in Role authority setting screen of Movable Type 7 r.4705 and earlier Movable Type 7 Series, Movable Type Advanced 7 r.4705 and earlier Movable Type Advanced 7 Series, Movable Type 6.7.5 and earlier Movable Type 6.7 Series, Movable Type Premium 1.39 and...

6.1CVSS6.5AI score0.0081EPSS

Exploits0References2

OSV•added 2021/03/05 10:15 a.m.•1 views

CVE-2021-20664

Cross-site scripting vulnerability in in Asset registration screen of Movable Type 7 r.4705 and earlier Movable Type 7 Series, Movable Type Advanced 7 r.4705 and earlier Movable Type Advanced 7 Series, Movable Type 6.7.5 and earlier Movable Type 6.7 Series, Movable Type Premium 1.39 and earlier,...

6.1CVSS6.5AI score0.0081EPSS

Exploits0References2

OSV•added 2021/03/02 5:15 p.m.•3 views

CVE-2020-23518

Cross Site Scripting XSS vulnerability in UltimateKode Neo Billing - Accounting, Invoicing And CRM Software up to version 3.5 which allows remote attackers to inject arbitrary web script or HTML...

5.4CVSS6.2AI score0.02001EPSS

Exploits2References1

OSV•added 2021/01/28 11:15 a.m.•1 views

CVE-2021-20620

Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors...

6.1CVSS6.9AI score0.01044EPSS

Exploits0References3

OSV•added 2021/01/28 11:15 a.m.•3 views

CVE-2021-20622

Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors...

6.1CVSS6.9AI score0.01044EPSS

Exploits0References3

CNNVD•added 2021/01/26 12:0 a.m.•5 views

Egavilan Media Bakeshop Online Ordering System Cross-Site Scripting Vulnerability

Egavilan Media Bakeshop Online Ordering System is a Javascript-based code repository from Egavilan Media that supports interaction with git repositories. A cross-site scripting vulnerability exists in Bakeshop Online Ordering System that could allow a remote attacker to inject arbitrary web scrip...

4.8CVSS5.9AI score0.00709EPSS

Exploits1References2

CNVD•added 2021/01/25 12:0 a.m.•6 views

WESEEK GROWI cross-site scripting vulnerability (CNVD-2021-16351)

WESEEK GROWI is a suite of team collaboration software from Weseek Japan. A cross-site scripting vulnerability exists in WESEEK GROWI, which can be exploited by a remote attacker to inject arbitrary script via an unspecified vector...

6.1CVSS6.2AI score0.01044EPSS

Exploits0References1

CNNVD•added 2021/01/19 12:0 a.m.•4 views

Rocketgenius Gravity Forms Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via imported GF forms...

4.8CVSS5.8AI score0.00616EPSS

Exploits0References2

CNVD•added 2021/01/09 12:0 a.m.•2 views

CuteSoft Cute Editor Cross-Site Scripting Vulnerability

CuteSoft Cute Editor is a U.S. CuteSoft company can be used to edit PHP and ASP HTML editor. A cross-site scripting vulnerability exists in Cute Editor for ASP.NET version 6.4, which allows remote attackers to execute scripts in the victim's web browser using specially crafted URLs...

6.1CVSS6.3AI score0.02932EPSS

Exploits1References1

OSV•added 2021/01/08 7:15 p.m.•1 views

DEBIAN-CVE-2020-16030

Insufficient data validation in Blink in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

6.1CVSS7.7AI score0.00652EPSS

Exploits0References1

OSV•added 2020/12/26 2:15 a.m.•2 views

CVE-2020-27515

A Cross Site Scripting XSS vulnerability in Savsoft Quiz v5.0 allows remote attackers to inject arbitrary web script or HTML via the Skype ID field...

6.1CVSS6.5AI score0.01309EPSS

Exploits1References3

CNVD•added 2020/12/25 12:0 a.m.•3 views

TerraMaster TOS Cross-Site Scripting Vulnerability (CNVD-2020-75161)

TerraMaster TOS is a Linux-based operating system developed for TerraMaster Cloud Storage NAS servers. A cross-site scripting vulnerability exists in TerraMaster TOS 4.2.06 and earlier versions. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via the mod...

5.4CVSS6AI score0.00664EPSS

Exploits1References1

CNVD•added 2020/12/21 12:0 a.m.•3 views

Xinuos Openserver Cross-Site Scripting Vulnerability

Xinuos Openserver is a FreeBSD-based operating system from the American company Xinuos. Xinuo suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client data in the application parameter section. A remote attacker can exploit this vulnerability by...

6.1CVSS6AI score0.08142EPSS

Exploits3References1

CNNVD•added 2020/12/16 12:0 a.m.•4 views

DELL Dell EMC iDRAC9 Cross-Site Scripting Vulnerability

DELL Dell EMC iDRAC9 is a system management solution comprising hardware and software from Dell USA. The solution provides remote management, crash system recovery and power control for Dell PowerEdge systems. A cross-site scripting vulnerability exists in the Dell EMC iDRAC9 version 4.32.10.00 a...

6.1CVSS6.2AI score0.00991EPSS

Exploits0References2

OSV•added 2020/12/15 9:15 p.m.•3 views

CVE-2020-35416

Multiple cross-site scripting XSS vulnerabilities exist in PHPJabbers Appointment Scheduler 2.3, in the index.php admin login webpage with different request parameters, allows remote attackers to inject arbitrary web script or HTML...

6.1CVSS6.4AI score0.02678EPSS

Exploits4References3

OSV•added 2020/12/03 12:15 p.m.•1 views

CVE-2020-5638

Cross-site scripting vulnerability in desknet's NEO desknet's NEO Small License V5.5 R1.5 and earlier, and desknet's NEO Enterprise License V5.5 R1.5 and earlier allows remote attackers to inject arbitrary script via unspecified vectors...

6.1CVSS6.2AI score0.00772EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by