CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4577 matches found

CNVD•added 2018/07/27 12:0 a.m.•3 views

GitLab CE and EE Cross-Site Scripting Vulnerability (CNVD-2019-06641)

GitLab is a set of open source applications developed using Ruby on Rails to implement a self-hosted Git version control system project repository, which has similar functionality to Github for accessing the contents of a project's files, commit history, bug lists, and more. A cross-site scriptin...

5.4CVSS5.4AI score0.00088EPSS

Exploits0References1

CNVD•added 2018/07/24 12:0 a.m.•1 views

idreamsoft iCMS cross-site scripting vulnerability (CNVD-2018-14096)

idreamsoft iCMS is an open source content management system CMS based on PHP and MySQL. A cross-site scripting vulnerability exists in versions of idreamsoft iCMS prior to 7.0.10. The vulnerability can be exploited by a remote attacker to inject arbitrary web script or HTML via the fourth and fif...

6.1CVSS5.9AI score0.0024EPSS

Exploits1References1

CNVD•added 2018/07/24 12:0 a.m.•1 views

Code Execution Vulnerability in POSCMS v3.2.0 (Free Edition)

POSCMS PhpOpenSourceCMS is a PHP and MySQL based, open source, cross-platform web content management system CMS. A code execution vulnerability exists in POSCMS v3.2.0 free version. The vulnerability is due to improper filtering of user input in the background, an attacker can exploit the...

7.7AI score

Exploits0

CNVD•added 2018/07/23 12:0 a.m.•1 views

Cisco Unified Presence Cross-Site Scripting Vulnerability (CNVD-2018-14097)

Cisco Unified Communications Manager CUCM, Unified CM is a call processing component of a unified communications system from Cisco.Cisco Unified Communications Manager IM and Presence Cisco Unified Communications Manager IM and Presence Service is a CUCM-based instant messaging IM and status...

6.1CVSS6.2AI score0.00351EPSS

Exploits0References1

CNVD•added 2018/07/19 12:0 a.m.•2 views

Cisco Webex Cross-Site Scripting Vulnerability (CNVD-2018-14204)

Cisco WebEx is the United States Cisco Cisco company's set of Web conferencing tools, the tool can assist off-site office workers to coordinate and collaborate.WebEx services include Web conferencing, telepresence video conferencing and enterprise instant messaging IM. A cross-site scripting...

6.1CVSS6.2AI score0.0021EPSS

Exploits0References1

CNVD•added 2018/07/17 12:0 a.m.•1 views

Rocket.Chat Cross-Site Scripting Vulnerability

Rocket.Chat is an open source built in JavaScript using the Meteor fullstack framework developed by the Web chat server . A cross-site scripting vulnerability exists in the registration form of Rocket.Chat versions prior to 0.66. A remote attacker can exploit this vulnerability to inject arbitrar...

5.4CVSS5.3AI score0.00192EPSS

Exploits0References1

CNVD•added 2018/07/12 12:0 a.m.•2 views

Atlassian Fisheye and Crucible Cross-Site Scripting Vulnerabilities (CNVD-2018-13083)

Atlassian FishEye and Crucible are both products of the Australian company Atlassian, FishEye is a suite of software for deep viewing of source code repositories and Crucible is a suite of code review tools. A cross-site scripting vulnerability exists in the review attachment resource in Atlassia...

5.4CVSS5.4AI score0.00167EPSS

Exploits0References1

CNVD•added 2018/07/12 12:0 a.m.•2 views

PHP Scripts Mall Auditor Website Cross-Site Scripting Vulnerability

PHP Scripts Mall Auditor Website is an accounting auditor website system script by PHP Scripts Mall India. A cross-site scripting vulnerability exists in PHP Scripts Mall Auditor Website version 2.0.1. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with th...

6.1CVSS6AI score0.00234EPSS

Exploits4References1

CNVD•added 2018/07/12 12:0 a.m.•3 views

Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability

Microsoft Active Directory Federation Services ADFS is an Active Directory Federation Service from Microsoft. The service provides Web Single Sign-On SSO technology, which enables authentication of a user to multiple websites or applications during a single session. A cross-site scripting...

5.4CVSS6AI score0.00694EPSS

Exploits0References1

The Hacker News•added 2018/07/11 8:56 a.m.•1 views

Malicious Software Packages Found On Arch Linux User Repository

Yet another incident which showcases that you should not explicitly trust user-controlled software repositories. One of the most popular Linux distrosArch Linux has pulled as many as three user-maintained software repository AUR packages after it was found hosting malicious code. Arch Linux is an...

6.8AI score

Exploits0

CNVD•added 2018/07/11 12:0 a.m.•4 views

Sencha Ext JS Cross-Site Scripting Vulnerability

Sencha Ext JS is a JavaScript-based application framework . The framework supports the use of Ajax, DHTML and DOM scripts to build interactive cross-platform Web applications . A cross-site scripting vulnerability exists in the getTip method of Action Columns in Sencha Ext JS versions 4 through 6...

6.1CVSS6AI score0.00318EPSS

Exploits1References1

CNVD•added 2018/07/09 12:0 a.m.•1 views

Grails Fields Plugin Cross-Site Scripting Vulnerability

Grails Fields plugin is a field property definition plugin . A cross-site scripting vulnerability exists in the use of display tags in Grails Fields plugin version 2.2.7. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

6.1CVSS6AI score0.00345EPSS

Exploits1References1

OSV•added 2018/06/30 2:29 p.m.•2 views

CVE-2018-7475

Cross-site scripting XSS vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or HTML...

6.1CVSS5.9AI score0.00329EPSS

Exploits1References2

CNVD•added 2018/06/27 12:0 a.m.•1 views

Mozilla Firefox Cross-Site Scripting Vulnerability (CNVD-2018-12400)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A cross-site scripting vulnerability exists in Mozilla Firefox versions prior to 59, where the program fails to properly validate user-submitted input. The vulnerability can be exploited by a...

6.1CVSS7.2AI score0.00468EPSS

Exploits0References1

OSV•added 2018/06/26 2:29 p.m.•1 views

CVE-2018-0565

Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS5.9AI score0.00238EPSS

Exploits0References2

CNVD•added 2018/06/25 12:0 a.m.•1 views

MyBB Recent Threads plugin cross-site scripting vulnerability

MyBB aka MyBulletinBoard is a free and web-based forum software developed by the MyBB team using PHP and MySQL.Recent Threads plugin is used in which a plugin for displaying recent and unread messages. A cross-site scripting vulnerability exists in versions of the MyBB Recent Threads plugin prior...

5.4CVSS5.3AI score0.00189EPSS

Exploits5References1

CNVD•added 2018/06/22 12:0 a.m.•2 views

phpMyAdmin cross-site scripting vulnerability (CNVD-2018-11976)

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A cross-site scripting vulnerability exists in the...

6.1CVSS6.2AI score0.00393EPSS

Exploits0References1

CNVD•added 2018/06/20 12:0 a.m.•1 views

Open Monograph Press Cross-Site Scripting Vulnerability

Public Knowledge Project PKP Open Monograph Press OMP is an open source software platform for scholarly publishing. The platform is used to manage and edit workflows to produce and distribute scholarly publications through internal and external review and editing. A cross-site scripting...

6.1CVSS5.9AI score0.00412EPSS

Exploits1References1

CNVD•added 2018/06/19 12:0 a.m.•3 views

CA Privileged Access Manager Cross-Site Scripting Vulnerability

CA Privileged Access Manager is a privileged access manager from CA USA that centralizes privileged user policies across multiple physical and virtual environments and manages and controls access used to IT resources. A cross-site scripting vulnerability exists in version 2.x of CA Privileged...

6.1CVSS6AI score0.00239EPSS

Exploits0References1

ATTACKERKB•added 2018/06/18 6:29 p.m.•3 views

CVE-2018-9027

A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link...

6.1CVSS5.4AI score0.00239EPSS

Exploits0References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by