CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4584 matches found

CNVD•added 2018/10/16 12:0 a.m.•3 views

Agentejo Cockpit Cross-Site Scripting Vulnerability

Agentejo Cockpit is a management system for managing structured content on websites. A cross-site scripting vulnerability exists in Agentejo Cockpit version 0.6.2. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

6.1CVSS6AI score0.00845EPSS

Exploits2References1

CNVD•added 2018/10/16 12:0 a.m.•3 views

nc-cms cross-site scripting vulnerability

nc-cms is a PHP-based embeddable lightweight CMS content management system. A cross-site scripting vulnerability exists in the index.php?action=edithtml&name=homecontent URI in nc-cms 2017-03-10 and earlier versions, which can be exploited by remote attackers to inject malicious JavaScript code...

4.8CVSS5AI score0.00621EPSS

Exploits0References1

OSV•added 2018/10/14 9:29 p.m.•3 views

CVE-2018-18291

A cross site scripting XSS vulnerability on ASUS RT-AC58U 3.0.0.4.3806516 devices allows remote attackers to inject arbitrary web script or HTML via AdvancedASUSDDNSContent.asp, AdvancedWSecurityContent.asp, AdvancedWirelessContent.asp, Logout.asp, MainLogin.asp, MobileQISLogin.asp, QISwizard.htm...

6.1CVSS5.5AI score0.0083EPSS

Exploits1References1

OSV•added 2018/10/10 9:29 p.m.•2 views

CVE-2018-18062

An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. A reflected XSS vulnerability allows remote attackers to inject arbitrary web script or HTML...

6.1CVSS5.9AI score0.00813EPSS

Exploits3References1

CNVD•added 2018/10/10 12:0 a.m.•3 views

Cross-Site Scripting Vulnerability in Multiple Cisco Products

Cisco Webex Events Center, etc. are video conferencing solutions from Cisco USA. A cross-site scripting vulnerability exists in the web-based management interface of several Cisco products, which can be exploited by remote attackers to execute arbitrary script code in the context of the affected...

6.1CVSS6.2AI score0.01373EPSS

Exploits0References1

CNVD•added 2018/09/26 12:0 a.m.•1 views

Multiple Apple products WebKit cross-site scripting vulnerability (CNVD-2018-21002)

Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser shipped with the Mac OS X and iOS operating systems. iTunes for Windows is a media player and application for the Windows platform. WebKit is one of the web browser engine components...

6.1CVSS6.8AI score0.01478EPSS

Exploits0References1

OSV•added 2018/09/22 2:29 a.m.•2 views

CVE-2018-17322

Cross-site scripting XSS vulnerability in index.php/index/category/index in YUNUCMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the area parameter...

6.1CVSS5.9AI score0.00756EPSS

Exploits1References1

CNVD•added 2018/09/21 12:0 a.m.•3 views

Micro Focus ArcSight Management Center Cross-Site Scripting Vulnerability

Micro Focus ArcSight Management Center ArcMC is a security management center from Micro Focus UK that centrally manages ArcSight e.g. HP ArcSight Logger, etc. deployments through a unified interface. A cross-site scripting vulnerability exists in Micro Focus ArcMC versions prior to 2.81, which ca...

6.5CVSS6.1AI score0.01266EPSS

Exploits0References1

OSV•added 2018/09/17 9:58 p.m.•10 views

GHSA-77PC-Q5Q7-QG9H Moderate severity vulnerability that affects rails-html-sanitizer

Withdrawn, accidental duplicate publish. Cross-site scripting XSS vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node...

6.1CVSS6AI score0.02047EPSS

Exploits0References2

CNVD•added 2018/09/12 12:0 a.m.•1 views

SAP NetWeaver WebDynpro Java Cross-Site Scripting Vulnerability

SAP Enterprise Financial Services is a set of enterprise financial services solutions from SAP. A cross-site scripting vulnerability exists in SAP NetWeaver, which arises from a failure to properly sanitize user-supplied input and can be exploited by a remote attacker to execute arbitrary script...

6.1CVSS6.3AI score0.01016EPSS

Exploits0References1

OSV•added 2018/09/10 11:29 p.m.•2 views

CVE-2018-16805

In b3log Solo 2.9.3, XSS in the Input page under the Publish Articles menu, with an ID of linkAddress stored in the link JSON field, allows remote attackers to inject arbitrary Web scripts or HTML via a crafted site name provided by an administrator...

4.8CVSS5.7AI score0.0076EPSS

Exploits0References1

CNVD•added 2018/09/10 12:0 a.m.•2 views

Cisco Tetration Analytics Cross-Site Scripting Vulnerability

Cisco Tetration Analytics is a hybrid cloud workload protection solution. The product features trust whitelisting, software vulnerability detection and network performance monitoring. A cross-site scripting vulnerability exists in the web-based management interface in Cisco Tetration Analytics,...

6.1CVSS6.2AI score0.00918EPSS

Exploits0References1

CNVD•added 2018/09/04 12:0 a.m.•1 views

IdeaCMS Cross-Site Scripting Vulnerability

IdeaCMS is a PHP and MySQL based enterprise website building system. A cross-site scripting vulnerability exists in IdeaCMS 2016-04-30 and earlier versions, which can be exploited by remote attackers to inject arbitrary Web script or HTML by sending the 'kw' parameter to...

6.1CVSS5.9AI score0.00655EPSS

Exploits0References1

CNVD•added 2018/08/30 12:0 a.m.•1 views

CyBroHttpServer Cross-Site Scripting Vulnerability

Cybrotech CyBroHttpServer is a communication server for reading/writing CyBro variables by name from Cybrotech UK. A cross-site scripting vulnerability exists in Cybrotech CyBroHttpServer version 1.0.3. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via a...

6.1CVSS5.8AI score0.03986EPSS

Exploits5References1

OSV•added 2018/08/28 8:29 p.m.•0 views

UBUNTU-CVE-2017-15429

Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

6.1CVSS7.4AI score0.01142EPSS

Exploits0References3

OSV•added 2018/08/28 7:29 p.m.•3 views

CVE-2017-15430

Insufficient data validation in Chromecast plugin in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

4.3CVSS7.4AI score0.00523EPSS

Exploits0References2

CNVD•added 2018/08/27 12:0 a.m.•2 views

Zyxel VMG3312-B10B cross-site scripting vulnerability (CNVD-2018-17658)

The Zyxel VMG3312 B10B is an Internet access gateway device from Hopkins ZyXEL Technology. A cross-site scripting vulnerability exists in the Zyxel VMG3312 B10B. A remote attacker can exploit this vulnerability by sending the 'hostname' parameter to the...

6.1CVSS6AI score0.00802EPSS

Exploits0References1

CNVD•added 2018/08/20 12:0 a.m.•2 views

tp5cms Cross-site Scripting Vulnerability

tp5cms is a content management system CMS framework written in the PHP language and based on technologies such as ThinkPHP, swiper and bootstrap. A cross-site scripting vulnerability exists in tp5cms 2017-05-25 and earlier versions. A remote attacker can exploit this vulnerability to inject...

6.1CVSS5.9AI score0.00675EPSS

Exploits1References1

CNVD•added 2018/08/14 12:0 a.m.•3 views

Cisco Small Business 300 Series (Sx300) Managed Switches Cross-Site Scripting Vulnerability

Cisco Small Business 300 Series Sx300 Managed Switches is a 300 series switch device from the American company Cisco Cisco. A cross-site scripting vulnerability exists in the web-based management interface of the Cisco Small Business 300 Series Sx300 Managed Switches, which stems from the interfa...

5.4CVSS5.5AI score0.00678EPSS

Exploits0References1

OSV•added 2018/08/10 4:29 p.m.•3 views

CVE-2018-14503

Cross-site scripting XSS vulnerability in intervalCheck.jsp in Coremail XT 3.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter...

6.1CVSS5.9AI score0.00793EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by