CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4577 matches found

CNVD•added 2016/04/14 12:0 a.m.•2 views

IBM Financial Transaction Manager for Corporate Payment Services Cross-Site Scripting Vulnerability

IBM Financial Transaction Managerfor Corporate Payment Services is a financial transaction manager product that focuses on monitoring, tracking, and reporting financial payments and transactions. A cross-site scripting vulnerability in IBM FTM for Corporate Payment Services on multiple platforms...

5.4CVSS6.2AI score0.00129EPSS

Exploits0References1

CNVD•added 2016/04/14 12:0 a.m.•2 views

Microsoft Edge Elevation of Privilege Vulnerability

Microsoft Edge is the web browser built into the Windows 10 version. Microsoft Edge suffers from an elevation of privilege vulnerability in its implementation due to the program failing to properly validate JavaScript.A remote attacker could exploit this vulnerability to run scripts with elevated...

6.5CVSS6.9AI score0.23862EPSS

Exploits0References1

OSV•added 2016/04/13 4:59 p.m.•2 views

UBUNTU-CVE-2015-8807

Cross-site scripting XSS vulnerability in the renderVarInputnumber function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors...

6.1CVSS5.9AI score0.00676EPSS

Exploits1References4

CNVD•added 2016/04/12 12:0 a.m.•1 views

LOCKON EC-CUBE Social-button Premium Plugin Cross-Site Scripting Vulnerability

LOCKON EC-CUBE is an open source e-commerce website building platform developed by Japan LOCKON Co. A cross-site scripting vulnerability exists in version 1.0 of the Social-button Premium plugin for LOCKON EC-CUBE 2.13.x. The vulnerability can be exploited to inject arbitrary Web script or HTML. ...

6.1CVSS6.2AI score0.00314EPSS

Exploits0References1

OSV•added 2016/04/08 3:59 p.m.•2 views

CVE-2016-1375

Cross-site scripting XSS vulnerability in Cisco IP Interoperability and Collaboration System 4.101 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy12339...

6.1CVSS5.9AI score

Exploits0References1

OSV•added 2016/04/07 9:59 p.m.•0 views

UBUNTU-CVE-2016-2511

Cross-site scripting XSS vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php...

6.1CVSS6.9AI score0.00544EPSS

Exploits4References3

CNVD•added 2016/04/07 12:0 a.m.•2 views

Menubook plugin cross-site scripting vulnerability

Menubook plugin for baserCMS is a menu list plugin for baserCMS. A cross-site scripting vulnerability in Menubook plugin for baserCMS before 0.9.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS6AI score0.00322EPSS

Exploits0References1

CNVD•added 2016/04/01 12:0 a.m.•1 views

Huawei Agile Controller-Campus Cross-Site Scripting Vulnerability

Huawei Agile Controller-Campus is a multi-service converged, open and compatible controller product from Huawei, China. A cross-site scripting vulnerability exists in the portal authentication page of Huawei Agile Controller-Campus version V100R001C00SPC315, which can be exploited by a remote...

6.1CVSS6.3AI score0.00114EPSS

Exploits0References1

RedHat Linux•added 2016/03/22 4:49 p.m.•0 views

jenkins: API tokens of other users available to admins (SECURITY-200)

Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user...

6.5CVSS7.4AI score0.00165EPSS

Exploits0References5

OSV•added 2016/03/03 3:59 p.m.•1 views

CVE-2016-1355

Cross-site scripting XSS vulnerability in the Device Management UI in the management interface in Cisco FireSIGHT System Software 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy41687...

6.1CVSS5.9AI score

Exploits0References2

OSV•added 2016/03/03 3:59 p.m.•3 views

CVE-2016-1354

Cross-site scripting XSS vulnerability in Cisco Unified Communications Domain Manager UCDM 8.x before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCud41176...

6.1CVSS5.9AI score0.0025EPSS

Exploits0References1

Vulnrichment•added 2016/03/02 11:0 a.m.•3 views

CVE-2016-2279

Cross-site scripting XSS vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L before 28.011+ allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.5AI score0.00546EPSS

Exploits5References3

OSV•added 2016/03/01 11:59 a.m.•10 views

CVE-2016-2560

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...

6.1CVSS6.4AI score

Exploits0References11

OSV•added 2016/02/29 11:59 a.m.•1 views

CVE-2016-0244

Cross-site scripting XSS vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a differe...

6.1CVSS5.9AI score0.00193EPSS

Exploits0References2

ATTACKERKB•added 2016/02/29 11:59 a.m.•1 views

CVE-2016-0244

6.1CVSS6.7AI score0.00256EPSS

Exploits0References3

CNVD•added 2016/02/23 12:0 a.m.•2 views

Sophos UTM Nessus Web UI Cross-Site Scripting Vulnerability

Sophos UTM is a unified threat management appliance. which provides gateway security and endpoint security. The appliance provides gateway security protection and endpoint security protection.Nessus Web UI is one of the components used to access the Nessus Vulnerability Scanner based on a web...

6.1CVSS5.9AI score0.01002EPSS

Exploits2References1

CNVD•added 2016/02/23 12:0 a.m.•1 views

Cybozu Office Cross-Site Scripting Vulnerability (CNVD-2016-01249)

Cybozu Office is a WEB-based cross-platform office solution developed by Cybozu Japan. A cross-site scripting vulnerability in Cybozu Office versions 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS6AI score0.00515EPSS

Exploits0References1

CNVD•added 2016/02/23 12:0 a.m.•2 views

Cybozu Office Cross-Site Scripting Vulnerability (CNVD-2016-01247)

6.1CVSS6AI score0.00515EPSS

Exploits0References1

CNVD•added 2016/02/18 12:0 a.m.•2 views

SAP NetWeaver Cross-Site Scripting Vulnerability (CNVD-2016-01150)

SAP NetWeaver is SAP SAP company's set of service-oriented integrated application platform. A cross-site scripting vulnerability exists in the Java Proxy Runtime ProxyServer servlet in SAP NetWeaver version 7.4. A remote attacker can exploit this vulnerability to inject arbitrary web script or HT...

6.1CVSS6.1AI score0.00226EPSS

Exploits1References1

OSV•added 2016/02/17 2:59 a.m.•1 views

CVE-2016-1150

Cross-site scripting XSS vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1149...

6.1CVSS5.9AI score0.00515EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by