CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4584 matches found

OSV•added 2015/08/03 2:59 p.m.•6 views

CVE-2015-3440

Cross-site scripting XSS vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type...

5.8AI score

Exploits0References16

CNVD•added 2015/07/22 12:0 a.m.•1 views

Cisco WebEx Meeting Cross-Site Scripting Vulnerability

Cisco WebEx Meetings are web conferencing solutions. Cisco WebEx Meeting Center suffers from a cross-site scripting vulnerability in its implementation, which can be exploited by remote attackers to inject arbitrary web script or HTML via unspecified values...

6AI score

Exploits0References1

RedHat Linux•added 2015/07/21 10:14 a.m.•3 views

jquery-ui: XSS vulnerability in jQuery.ui.dialog title option

Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option...

6.1CVSS7.5AI score0.18351EPSS

Exploits1References4

CNVD•added 2015/07/13 12:0 a.m.•4 views

Cisco Hosted Collaboration Solution Cross-Site Scripting Vulnerability

Cisco Hosted Collaboration Solution HCS is a suite of hosted collaboration solutions from the U.S. company Cisco Cisco. The solution includes Cisco TelePresence, Customer Collaboration Contact Center and Unified Communications products to support customers in the public cloud, private cloud and...

4.3CVSS5.9AI score0.01546EPSS

Exploits0References1

CNVD•added 2015/07/12 12:0 a.m.•1 views

TYPO3 '404 Page not found handling' extension cross-site scripting vulnerability

TYPO3 is a free and open source content management system. 404 Page not found handling is a 404 Page not found handling extension plugin. A cross-site scripting vulnerability exists in the TYPO3 '404 Page not found handling' extension that allows remote attackers to exploit the vulnerability to...

5.8AI score

Exploits0References1

CNVD•added 2015/07/10 12:0 a.m.•2 views

Creative X-Cart Cross-Site Scripting Vulnerability

Creative X-Cart is a Russian company Creative open source PHP e-commerce software . The software provides favorites , order records and inventory management modules. A cross-site scripting vulnerability exists in Creative X-Cart 4.5.0 and earlier versions. A remote attacker can exploit this...

4.3CVSS5.9AI score0.01477EPSS

Exploits1References1

CNVD•added 2015/07/02 12:0 a.m.•1 views

ArcGIS Desktop/Engine/Server Cross-Site Scripting Vulnerability

The ArcGIS for Server software platform enables users to create, manage, and distribute GIS services over the Web and to support desktop software applications, mobile terminal applications, and Web mapping applications in the form of services. Multiple cross-site scripting vulnerabilities exist i...

6.3AI score

Exploits0References1

CNVD•added 2015/06/30 12:0 a.m.•4 views

Symantec Data Loss Prevention Enforce Server Cross-Site Scripting Vulnerability

Symantec Data Loss Prevention DLP is a data leakage protection solution from Symantec Symantec. The program provides data leakage protection management and reporting and other functions. A cross-site scripting vulnerability exists in the management console in Enforce Server in Symantec DLP versio...

4.3CVSS6.2AI score0.01984EPSS

Exploits0References1

CNVD•added 2015/06/30 12:0 a.m.•2 views

Siemens Climatix BACnet/IP Communication Module Cross-Site Scripting Vulnerability

The Siemens Climatix BACnet/IP communication module is a communication module for BACnet networks from Siemens, Germany. A cross-site scripting vulnerability exists in the integrated web server in the Siemens Climatix BACnet/IP communication module using firmware versions prior to 10.34. A remote...

4.3CVSS5.9AI score0.02544EPSS

Exploits1References1

OSV•added 2015/06/26 10:59 a.m.•3 views

CVE-2015-1159

Cross-site scripting XSS vulnerability in the cgiputs function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/...

5.3AI score

Exploits0References18

CNVD•added 2015/06/23 12:0 a.m.•1 views

Opsview Cross-Site Scripting Vulnerability

Opsview is a suite of enterprise-class network, server and application monitoring tools from Opsview UK. The tool can be integrated with monitoring systems such as Nagios Core and RRDTool. A cross-site scripting vulnerability exists in Opsview 4.6.2 and earlier versions. A remote attacker can...

4.3CVSS6AI score0.01565EPSS

Exploits4References1

CNVD•added 2015/06/18 12:0 a.m.•5 views

WordPress Genericons Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites on PHP and MySQL servers.Genericons is a set of free tools for creating blog icon fonts. A cross-site scripting vulnerability exists in the...

4.3CVSS5.8AI score0.03803EPSS

Exploits3References1

OSV•added 2015/06/17 6:59 p.m.•1 views

UBUNTU-CVE-2015-3429

Cross-site scripting XSS vulnerability in example.html in Genericons before 3.3.1, as used in WordPress before 4.2.2, allows remote attackers to inject arbitrary web script or HTML via a fragment identifier...

4.3CVSS6.1AI score0.03803EPSS

Exploits3References4

CNVD•added 2015/06/17 12:0 a.m.•2 views

McAfee ePolicy Orchestrator Product Configuration Feature Cross-Site Scripting Vulnerability

McAfee ePolicy Orchestrator is an industry-leading systems security management solution that helps organizations effectively defend against a wide range of malicious threats and attacks. A cross-site scripting vulnerability exists in the Product Configuration feature of the McAfee ePolicy...

4.3CVSS6.2AI score0.01801EPSS

Exploits0References1

BDU FSTEC•added 2015/06/05 12:0 a.m.•4 views

The vulnerability of Google Chrome browser allows a perpetrator to inject commands into the executed script.

The core/html/parser/HTMLConstructionSite.cpp file of the Google Chrome browser contains errors related to inheritance. Exploiting this vulnerability allows a malicious actor to inject commands into the script executed by remotely controlling the system, using a specially crafted Java script...

7.5CVSS7.8AI score0.01638EPSS

Exploits0References4Affected Software1

CNVD•added 2015/06/04 12:0 a.m.•3 views

Unspecified Cross-Site Scripting Vulnerability in Zenphoto

Zenphoto is a free photo gallery content management system developed by the Zenphoto team. The system manages images and supports multimedia such as audio and video. A cross-site scripting vulnerability exists in the image processor of Zenphoto versions prior to 1.4.7. A remote attacker can explo...

6.1AI score

Exploits0References1

CNVD•added 2015/06/04 12:0 a.m.•3 views

Apache Sling API and Sling Servlets Cross-Site Scripting Vulnerabilities

Apache Sling API is the United States Apache Apache Software Foundation's set of frameworks for building Web applications. Apache Sling Servlets Post is one of the container. Apache Sling API and Sling Servlets have a cross-site scripting vulnerability. Allow remote attackers to exploit the...

4.3CVSS6.2AI score0.06297EPSS

Exploits1References1

CNVD•added 2015/06/01 12:0 a.m.•2 views

IBM Business Process Manager Cross-Site Scripting Vulnerability (CNVD-2015-03501)

IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. The platform provides a range of tools related to process modeling, assembly, monitoring and deployment for business. A cross-site scripting vulnerability exists in IBM...

3.5CVSS6.2AI score0.0067EPSS

Exploits0References1

CNVD•added 2015/05/20 12:0 a.m.•5 views

WordPress plugin WP Photo Album stores cross-site scripting vulnerabilities

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin WP Photo Album. Due to the lack of user-supplied filters for scripts passed to the...

4.3CVSS6.2AI score0.02424EPSS

Exploits3References1

CNVD•added 2015/05/20 12:0 a.m.•3 views

Moodle 'mod/quiz:grade' cross-site scripting vulnerability

Moodle is an open source web-based teaching and learning application. A cross-site scripting vulnerability exists in Moodle versions prior to 2.6.11, 2.7.8, 2.8.6, and 2.9 due to a failure of the Quiz manual-grading feature to be implemented correctly, which allows remote attackers to conduct a...

3.5CVSS6.2AI score0.01459EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by