CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4584 matches found

OSV•added 2016/05/07 10:59 a.m.•1 views

CVE-2016-0901

Cross-site scripting XSS vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0900...

6.1CVSS5.9AI score0.01624EPSS

Exploits0References3

CNVD•added 2016/05/06 12:0 a.m.•2 views

Secure Item Hub Persistent Input Validation Vulnerability

Secure Item Hub app is able to transfer files between iphone or ipad and computer on the same wifi network. A persistent input validation vulnerability exists in Secure Item Hub, which could allow a remote attacker to inject malicious persistent script code on the application side of the mobile a...

7.1AI score

Exploits0References1

OSV•added 2016/04/22 6:59 p.m.•3 views

CVE-2016-3126

Cross-site scripting XSS vulnerability in the Management Console in BlackBerry Enterprise Server BES 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

6.1CVSS5.9AI score0.01018EPSS

Exploits0References2

OSV•added 2016/04/22 6:59 p.m.•2 views

CVE-2016-1918

6.1CVSS5.9AI score0.01018EPSS

Exploits0References2

OSV•added 2016/04/18 10:59 a.m.•3 views

CVE-2016-1652

Cross-site scripting XSS vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/modulesystem.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS...

6.1CVSS7AI score0.01064EPSS

Exploits0References10

CNVD•added 2016/04/15 12:0 a.m.•1 views

SilverStripe CMS & Framework Cross-Site Scripting Vulnerability

SilverStripe CMS & Framework is New Zealand SilverStripe company's set of open source programming framework and content management system CMS. A cross-site scripting vulnerability exists in SilverStripe CMS & Framework versions prior to 3.1.16 and 3.2.x prior to 3.2.1, which can be exploited by...

6.1CVSS6.2AI score0.01535EPSS

Exploits0References1

OSV•added 2016/04/14 2:59 p.m.•2 views

CVE-2016-4016

Cross-site scripting XSS vulnerability in SAP Manufacturing Integration and Intelligence aka MII, formerly xMII 15 allows remote attackers to inject arbitrary web script or HTML via the title parameter to webdynpro/resources/sap.com/xappsxmiiuiadminnavigation/NavigationApplication, aka SAP Securi...

6.1CVSS5.9AI score0.01452EPSS

Exploits2References4

CNVD•added 2016/04/14 12:0 a.m.•3 views

Microsoft Edge Elevation of Privilege Vulnerability

Microsoft Edge is the web browser built into the Windows 10 version. Microsoft Edge suffers from an elevation of privilege vulnerability in its implementation due to the program failing to properly validate JavaScript.A remote attacker could exploit this vulnerability to run scripts with elevated...

6.5CVSS6.9AI score0.6877EPSS

Exploits0References1

CNVD•added 2016/04/14 12:0 a.m.•3 views

IBM Financial Transaction Manager for Corporate Payment Services Cross-Site Scripting Vulnerability

IBM Financial Transaction Managerfor Corporate Payment Services is a financial transaction manager product that focuses on monitoring, tracking, and reporting financial payments and transactions. A cross-site scripting vulnerability in IBM FTM for Corporate Payment Services on multiple platforms...

5.4CVSS6.2AI score0.00657EPSS

Exploits0References1

OSV•added 2016/04/13 4:59 p.m.•2 views

UBUNTU-CVE-2015-8807

Cross-site scripting XSS vulnerability in the renderVarInputnumber function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors...

6.1CVSS5.9AI score0.02061EPSS

Exploits1References4

CNVD•added 2016/04/12 12:0 a.m.•3 views

LOCKON EC-CUBE Social-button Premium Plugin Cross-Site Scripting Vulnerability

LOCKON EC-CUBE is an open source e-commerce website building platform developed by Japan LOCKON Co. A cross-site scripting vulnerability exists in version 1.0 of the Social-button Premium plugin for LOCKON EC-CUBE 2.13.x. The vulnerability can be exploited to inject arbitrary Web script or HTML. ...

6.1CVSS6.2AI score0.01625EPSS

Exploits0References1

OSV•added 2016/04/08 3:59 p.m.•3 views

CVE-2016-1375

Cross-site scripting XSS vulnerability in Cisco IP Interoperability and Collaboration System 4.101 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy12339...

6.1CVSS5.9AI score0.00773EPSS

Exploits0References1

OSV•added 2016/04/07 9:59 p.m.•0 views

UBUNTU-CVE-2016-2511

Cross-site scripting XSS vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php...

6.1CVSS6.9AI score0.01711EPSS

Exploits4References3

CNVD•added 2016/04/07 12:0 a.m.•2 views

Menubook plugin cross-site scripting vulnerability

Menubook plugin for baserCMS is a menu list plugin for baserCMS. A cross-site scripting vulnerability in Menubook plugin for baserCMS before 0.9.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS6AI score0.01009EPSS

Exploits0References1

CNVD•added 2016/04/01 12:0 a.m.•1 views

Huawei Agile Controller-Campus Cross-Site Scripting Vulnerability

Huawei Agile Controller-Campus is a multi-service converged, open and compatible controller product from Huawei, China. A cross-site scripting vulnerability exists in the portal authentication page of Huawei Agile Controller-Campus version V100R001C00SPC315, which can be exploited by a remote...

6.1CVSS6.3AI score0.00764EPSS

Exploits0References1

RedHat Linux•added 2016/03/22 4:49 p.m.•2 views

jenkins: API tokens of other users available to admins (SECURITY-200)

Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user...

6.5CVSS7.4AI score0.01491EPSS

Exploits0References5

OSV•added 2016/03/03 3:59 p.m.•1 views

CVE-2016-1355

Cross-site scripting XSS vulnerability in the Device Management UI in the management interface in Cisco FireSIGHT System Software 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy41687...

6.1CVSS5.9AI score0.00765EPSS

Exploits0References2

OSV•added 2016/03/03 3:59 p.m.•6 views

CVE-2016-1354

Cross-site scripting XSS vulnerability in Cisco Unified Communications Domain Manager UCDM 8.x before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCud41176...

6.1CVSS5.9AI score0.00773EPSS

Exploits0References1

Vulnrichment•added 2016/03/02 11:0 a.m.•5 views

CVE-2016-2279

Cross-site scripting XSS vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L before 28.011+ allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.5AI score0.07531EPSS

Exploits5References3

OSV•added 2016/03/01 11:59 a.m.•12 views

CVE-2016-2560

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...

6.1CVSS6.4AI score

Exploits0References11

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by