CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4577 matches found

CNVD•added 2017/11/01 12:0 a.m.•4 views

WordPress user-login-history plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers. user-login-history plugin is one of the user login tracking plugin. A cross-site scripting vulnerability exists in...

6.1CVSS5.8AI score0.0027EPSS

Exploits2References1

CNVD•added 2017/10/30 12:0 a.m.•3 views

Fortinet FortiOS Cross-Site Scripting Vulnerability (CNVD-2017-36080)

Fortinet FortiOS is a set of security operating system developed by the U.S. Fiat Fortinet company dedicated to FortiGate network security platform. The system provides users with firewall, antivirus, IPSec/SSL VPN, Web content filtering and anti-spam and other security features. A cross-site...

6.1CVSS6.7AI score0.00349EPSS

Exploits0References1

CNVD•added 2017/10/27 12:0 a.m.•1 views

Redmine cross-site scripting vulnerability (CNVD-2017-31961)

Redmine is a set of open source Web-based project management and defect tracking tools . The tool provides project management , issue tracking and role-based access control and other features . A cross-site scripting vulnerability exists in the Textile and Markdown text formatting and project hom...

6.1CVSS5.9AI score0.00353EPSS

Exploits0References1

OSV•added 2017/10/26 8:29 p.m.•1 views

DEBIAN-CVE-2012-4377

Cross-site scripting XSS vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image...

6.1CVSS6AI score0.00998EPSS

Exploits0References1

OSV•added 2017/10/26 8:29 p.m.•3 views

CVE-2012-4378

Multiple cross-site scripting XSS vulnerabilities in MediaWiki before 1.18.5 and 1.19.x before 1.19.2, when unspecified JavaScript gadgets are used, allow remote attackers to inject arbitrary web script or HTML via the userlang parameter to w/index.php...

6.1CVSS6.1AI score

Exploits0References16

OSV•added 2017/10/26 8:29 p.m.•0 views

UBUNTU-CVE-2012-4377

Cross-site scripting XSS vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image...

6.1CVSS7AI score0.00998EPSS

Exploits0References3

CNVD•added 2017/10/24 12:0 a.m.•2 views

phpMyFaq admin/tags.main.php file cross-site scripting vulnerability

phpMyFAQ is phpMyFAQ team developed a set of open source fully database-driven FAQ question and answer system . The system supports multiple languages, multiple databases, etc., and includes modules such as content management system and community. A cross-site scripting vulnerability exists in th...

6.1CVSS6.1AI score0.00223EPSS

Exploits0References1

CNVD•added 2017/10/23 12:0 a.m.•1 views

TP-LINK TL-MR3220 Cross-Site Scripting Vulnerability

TP-LINK TL-MR3220 wireless routers is a wireless router product from China P&L TP-LINK. A cross-site scripting vulnerability exists in the Wireless MAC Filtering page in the TP-LINK TL-MR3220 wireless router. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

6.1CVSS5.8AI score0.00536EPSS

Exploits4References1

CNVD•added 2017/10/20 12:0 a.m.•1 views

Cisco WebEx Meeting Center Cross-Site Scripting Vulnerability (CNVD-2017-32118)

Cisco WebEx Meeting Center is a set of WebEx meeting solutions in the United States Cisco Cisco company's network of online meeting products. The product invites others to join the meeting via e-mail or instant messaging IM, and supports online product demonstrations, information sharing, and mor...

6.1CVSS5.8AI score0.00232EPSS

Exploits0References1

CNVD•added 2017/10/20 12:0 a.m.•3 views

SAP Customer Relationship Management Java administration console cross-site scripting vulnerability

SAP Customer Relationship Management CRM is a set of customer relationship management solutions from SAP. The program includes sales management , marketing management , customer service systems and other modules . Java administration console is one of the Java administration console . A cross-sit...

6.1CVSS6.3AI score0.00326EPSS

Exploits0References1

CNVD•added 2017/10/20 12:0 a.m.•1 views

Foreman Cross-Site Scripting Vulnerability (CNVD-2017-34618)

Foreman is a set of lifecycle management tools for use in physical and virtual servers. The tool provides features such as service provisioning, configuration management, and status reporting. A cross-site scripting vulnerability exists in the search auto-completion feature in Foreman versions...

5.4CVSS5.7AI score0.0026EPSS

Exploits1References1

CNVD•added 2017/10/18 12:0 a.m.•3 views

WordPress uDesign Theme Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports the PHP and MySQL servers to set up a personal blog site. uDesign aka U-Design is one of the theme plug-ins. A cross-site scripting vulnerability exists in WordPress...

6.1CVSS5.8AI score0.00335EPSS

Exploits1References1

CNVD•added 2017/10/18 12:0 a.m.•1 views

ATutor cross-site scripting vulnerability (CNVD-2017-32279)

ATutor is an open source Web-based learning content management system LCMS developed by the ATutor team. The system includes teaching content management, forums, chat rooms and other modules. A cross-site scripting vulnerability exists in versions prior to Atutor 2.2.3, which stems from the progr...

5.4CVSS5.5AI score0.00206EPSS

Exploits1References1

CNVD•added 2017/10/17 12:0 a.m.•4 views

Issuetracker phpBugTracker cross-site scripting vulnerability (CNVD-2017-30874)

Issuetracker phpBugTracker is a web-based defect tracking system. The system provides features such as project management and defect tracking services. A cross-site scripting vulnerability exists in Issuetracker phpBugTracker versions prior to 1.7.0. A remote attacker can exploit this vulnerabili...

4.8CVSS4.9AI score0.00278EPSS

Exploits0References1

CNVD•added 2017/10/12 12:0 a.m.•2 views

MISP cross-site scripting vulnerability (CNVD-2017-30341)

MISP is a suite of open source software solutions for collecting, storing, distributing and sharing cybersecurity metrics and threats cybersecurity event analysis and malware analysis. A cross-site scripting vulnerability exists in quickDelete in versions of MISP prior to 2.4.81. A remote attacke...

6.1CVSS6AI score0.00266EPSS

Exploits0References1

CNVD•added 2017/10/11 12:0 a.m.•1 views

HP ArcSight Enterprise Security Manager Cross-Site Scripting Vulnerability (CNVD-2017-30915)

HP ArcSight ESM Enterprise Security Manager and ESM Express are both enterprise security management software with event correlation and security analysis capabilities from Hewlett Packard Enterprise HPE. The software collects, correlates and reports on enterprise-wide security events in real time...

6.1CVSS6.7AI score0.00362EPSS

Exploits0References1

ATTACKERKB•added 2017/10/03 1:29 a.m.•1 views

CVE-2015-7980

Cross-site scripting XSS vulnerability in the Compass Rose module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "embedding a JavaScript library from an external source that was not reliable."...

6.1CVSS5.8AI score0.00696EPSS

Exploits0References6

CNVD•added 2017/09/27 12:0 a.m.•2 views

Ipython Cross-Site Scripting Vulnerability

IPython is an enhanced version of Python's native interactive shell developed by the IPython team. A cross-site scripting vulnerability exists in version 3.x of Ipython prior to 3.2. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

6.1CVSS6.2AI score0.00522EPSS

Exploits0References1

CNVD•added 2017/09/26 12:0 a.m.•1 views

Cross-site scripting vulnerability in WebKit component of multiple Apple products (CNVD-2017-34457)

Apple iOS and others are products of Apple Inc. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser that comes with the Mac OS X and iOS operating systems. iCloud for Windows is a cloud service based on the Windows platform. WebKit is...

6.1CVSS5.6AI score0.00723EPSS

Exploits1References1

CNVD•added 2017/09/25 12:0 a.m.•2 views

Telaxus EPESI cross-site scripting vulnerability (CNVD-2017-32705)

Telaxus EPESI is a Polish company Telaxus open source customer relationship management system based on PHP/Ajax framework CRM. The system provides schedule management , multi-user address book , proxy matters and other functions . A cross-site scripting vulnerability exists in the 'Tasks...

5.4CVSS5.2AI score0.00358EPSS

Exploits5References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by