CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4584 matches found

OSV•added 2017/08/17 8:29 p.m.•1 views

CVE-2017-6776

A vulnerability in the web framework of Cisco Elastic Services Controller ESC could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface. The vulnerability is due to insufficient validation of user-supplied input by the affecte...

6.1CVSS5.8AI score

Exploits0References2

CNVD•added 2017/08/17 12:0 a.m.•2 views

Cisco AnyConnect Secure Mobility Client Software Cross-Site Scripting Vulnerability

The Cisco AnyConnect Secure Mobility Client is Cisco's next-generation VPN client. Cisco AnyConnect Secure Mobility Client suffers from a cross-site scripting vulnerability in the WebLaunch feature, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code...

6.1CVSS6.2AI score0.0122EPSS

Exploits0References1

CNVD•added 2017/08/15 12:0 a.m.•2 views

Synology Video Station Cross-Site Scripting Vulnerability

Synology Video Station is a video manager from Synology.Video Metadata Editor is one of the video metadata editors. A cross-site scripting vulnerability exists in Video Metadata Editor in Synology Video Station versions prior to 2.3.0-1435. A remote attacker can exploit the vulnerability to injec...

5.4CVSS5.2AI score0.00787EPSS

Exploits0References1

CNVD•added 2017/08/08 12:0 a.m.•2 views

Liferay Portal CE Cross-Site Scripting Vulnerability (NVD-C-2017-97626)

Liferay Portal is a J2EE-based portal solution from Liferay, Inc. The solution uses EJB as well as JMS and other technologies , and can be used as a Web publishing and sharing workspaces , enterprise collaboration platforms , social networks and so on. A cross-site scripting vulnerability exists ...

6.1CVSS6.2AI score0.00748EPSS

Exploits3References1

CNVD•added 2017/08/04 12:0 a.m.•3 views

Pegasystem PEGA Platform Cross-Site Scripting Vulnerability

Pegasystem PEGA Platform is a suite of application development platforms from Pegasystem UK. The platform is used to develop applications for BPM Business Process Management, Case Management, Real Time Decision Making and CRM Customer Relationship Management. A cross-site scripting vulnerability...

6.1CVSS5.9AI score0.02904EPSS

Exploits4References1

Vulnrichment•added 2017/08/02 4:0 p.m.•2 views

CVE-2017-2285

Cross-site scripting vulnerability in Simple Custom CSS and JS prior to version 3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1AI score0.01466EPSS

Exploits0References4

CNVD•added 2017/08/02 12:0 a.m.•2 views

MODX Revolution System Settings Module Cross-Site Scripting Vulnerability

MODX Revolution is the United States MODX company's set of PHP-based open source content management system CMS. The system supports online collaboration , search engine optimization SEO, add-ons , etc. System Settings module is one of the system settings module . A cross-site scripting...

6.1CVSS5.9AI score0.00602EPSS

Exploits0References1

CNVD•added 2017/08/02 12:0 a.m.•2 views

WordPress Etoile Ultimate Product Catalog Plugin Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress Etoile Ultimate Product Catalog is a product catalog editing and management component. Product Manually is a component for...

6.1CVSS6AI score0.00923EPSS

Exploits0References1

VulnCheck KEV•added 2017/08/01 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-20202

Web Developer for Chrome v0.4.9 contained malicious code that generated a domain via a DGA and fetched a remote script. The fetched script conditionally loaded follow-on modules that performed extensive ad substitution and malvertising, displayed fake “repair” alerts that redirected users to...

9.3CVSS5.9AI score0.00488EPSS

Exploits0References1

CNVD•added 2017/08/01 12:0 a.m.•2 views

Rocket.Chat Cross-Site Scripting Vulnerability

Rocket.Chat is an open source built in JavaScript using the Meteor fullstack framework developed by the Web chat server . A cross-site scripting vulnerability exists in the markdown link parsing code used for messages in Rocket.Chat. A remote attacker can exploit this vulnerability to inject...

6.1CVSS6.2AI score0.00726EPSS

Exploits0References1

CNVD•added 2017/08/01 12:0 a.m.•2 views

NetComm Wireless 4GT101W Router Cross-Site Scripting Vulnerability

NetComm Wireless 4GT101W routers is a wireless router product from NetComm Wireless Australia. A cross-site scripting vulnerability exists in NetComm Wireless 4GT101W routers running hardware version 0.01/software version V1.1.8.8/bootloader version 1.1.3. A remote attacker can exploit this...

5.4CVSS6.2AI score0.00513EPSS

Exploits1References1

OSV•added 2017/07/27 6:29 a.m.•5 views

CVE-2017-11677

Cross-site scripting XSS vulnerability in Hashtopus 1.5g allows remote attackers to inject arbitrary web script or HTML via the query string to admin.php...

6.1CVSS5.9AI score0.00943EPSS

Exploits1References2

CNVD•added 2017/07/25 12:0 a.m.•2 views

Green Packet DX-350 Cross-Site Scripting Vulnerability

The Green Packet DX-350 is a network access point device from Green Packet USA. A cross-site scripting vulnerability exists in the Green Packet DX-350 using firmware version 2.8.9.5-g1.4.8-atheeb. A remote attacker can exploit the vulnerability by sending the 'action' parameter to the ajax.cgi fi...

6.1CVSS6AI score0.00652EPSS

Exploits1References1

Prion•added 2017/07/24 1:29 a.m.•14 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Markdown parser in Loomio before 1.8.0 allows remote attackers to inject arbitrary web script or HTML via non-sanitized Markdown content in a new thread or a thread comment...

3.5CVSS5.4AI score0.01189EPSS

Exploits1References3Affected Software1

CNVD•added 2017/07/24 12:0 a.m.•1 views

Markdown Preview Plus extension cross-site scripting vulnerability

Markdown Preview Plus MPP extension for Chrome is a markdown a markup language preview plugin for Chrome. A cross-site scripting vulnerability exists in versions of the MPP extension for Chrome platform prior to 0.5.7. A remote attacker can exploit this vulnerability to inject arbitrary web scrip...

6.1CVSS5.8AI score0.00764EPSS

Exploits1References1

OSV•added 2017/07/22 12:29 a.m.•4 views

CVE-2017-2274

Cross-site scripting vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS5.9AI score0.0085EPSS

Exploits0References2

CNVD•added 2017/07/21 12:0 a.m.•4 views

Multiple Apple products WebKit cross-site scripting vulnerability (CNVD-2017-17204)

Apple iOS, Safari, and tvOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser that comes with Mac OS X and iOS operating systems; and tvOS is an operating system for smart TVs. webKit is an open source web...

6.1CVSS5.7AI score0.02913EPSS

Exploits0References1

CNVD•added 2017/07/20 12:0 a.m.•2 views

MetInfo cross-site scripting vulnerability (CNVD-2017-25435)

MetInfo is a Content Management System CMS developed using PHP and Mysql. A cross-site scripting vulnerability exists in MetInfo version 5.3.17. The vulnerability can be exploited by remote attackers to inject arbitrary web script or HTML via Client-IP or X-Forwarded-For HTTP packet headers...

6.1CVSS6AI score0.00802EPSS

Exploits1References1

CNVD•added 2017/07/20 12:0 a.m.•3 views

Sitecore Cross-Site Scripting Vulnerability

Sitecore is an online marketing content management system CMS from Sitecore, Denmark. The system supports content editing, multiple languages, multi-site deployment, digital asset management and more. A cross-site scripting vulnerability exists in Sitecore version 8.2, which stems from the...

5.4CVSS5.3AI score0.00604EPSS

Exploits1References1

CNVD•added 2017/07/19 12:0 a.m.•2 views

Biscom Secure File Transfer Cross-Site Scripting Vulnerability

Biscom Secure File Transfer SFT is a Web-based file transfer solution from Biscom USA. The solution has features such as file sharing, workspace creation and automatic file cleanup. A cross-site scripting vulnerability exists in the Package Name field in Biscom SFT. A remote attacker could exploi...

5.4CVSS5.3AI score0.00503EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by