CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4577 matches found

Japan Vulnerability Notes•added 2015/12/17 7:18 a.m.•1 views

Multiple Cross-site Scripting Vulnerabilities in EUR

Overview Multiple cross-site scripting vulnerabilities were found in EUR. Impact Remote users can exploit these vulnerabilities to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

3.5CVSS6.5AI score

Exploits0References2

OSV•added 2015/12/14 12:0 a.m.•2 views

UBUNTU-CVE-2015-6790

The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, which might allow remote attackers to inject arbitrary web script or HTML via a crafted document, as...

4.3CVSS7.4AI score0.0094EPSS

Exploits0References4

BDU FSTEC•added 2015/12/14 12:0 a.m.•3 views

The vulnerability relates to the EMC Documentum Administrator, a tool for managing electronic document systems; the EMC Documentum Digital Asset Management, a tool for managing multimedia materials within electronic document systems; the EMC Documentum TaskSpace, a tool for accessing the repository of electronic document systems; and the EMC Documentum Web Publisher, a system for managing web projects. The vulnerability also affects the web interface that provides access to the EMC Documentum Webtop repository. This vulnerability allows an attacker to inject arbitrary web scripts or HTML code.

The vulnerability of the EMC Documentum Administrator, a tool for managing electronic document systems, and the EMC Documentum Digital Asset Management tool for managing multimedia materials within electronic document systems, as well as the tools for accessing the EMC Documentum TaskSpace...

3.5CVSS5.6AI score0.00159EPSS

Exploits0References2

Prion•added 2015/12/13 3:59 a.m.•14 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Cisco Emergency Responder 10.51a allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug ID CSCuv25547...

4.3CVSS6.1AI score0.00263EPSS

Exploits0References2Affected Software1

RedHat Linux•added 2015/12/07 8:46 p.m.•0 views

jsoup: XSS vulnerability related to incomplete tags at EOF

It was found that jsoup did not properly validate user-supplied HTML content; certain HTML snippets could get past the validator without being detected as unsafe. A remote attacker could use a specially crafted HTML snippet to execute arbitrary web script in the user's browser...

6.1CVSS7.6AI score0.02044EPSS

Exploits0References4

CNVD•added 2015/11/24 12:0 a.m.•4 views

Newphoria applican framework cross-site scripting vulnerability

Newphoria applican framework for Android and iOS is a set of application development framework based on Android and iOS platforms from Newphoria, Japan. A cross-site scripting vulnerability exists in the runtime engine of Newphoria applican framework 1.12.6 and earlier for Android and Newphoria...

4.3CVSS5.8AI score0.00322EPSS

Exploits0References1

CNVD•added 2015/11/24 12:0 a.m.•1 views

Newphoria applican framework cross-site scripting vulnerability (CNVD-2015-07764)

4.3CVSS5.8AI score0.00322EPSS

Exploits0References1

CNVD•added 2015/11/24 12:0 a.m.•2 views

JosephErnest Void Cross-Site Scripting Vulnerability

JosephErnest Void is a content management system CMS. A cross-site scripting vulnerability exists in the index.php script in versions of JosephErnest Void prior to 2015-10-02. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of a specially...

4.3CVSS5.9AI score0.00322EPSS

Exploits0References1

ATTACKERKB•added 2015/11/17 3:59 p.m.•4 views

CVE-2015-7997

Multiple cross-site scripting XSS vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM SVM devices allow...

4.3CVSS5.6AI score0.00293EPSS

Exploits0References3

CNVD•added 2015/11/13 12:0 a.m.•2 views

Multiple Cross-Site Scripting Vulnerabilities in HP ArcSight Management Center

HP ArcSight Management Center is a security management center from Hewlett-Packard HP in the U.S. HP ArcSight Logger is a log management software tool. Multiple cross-site scripting vulnerabilities exist in HP ArcSight Management Center versions prior to 2.1, and ArcSight Logger versions prior to...

4.3CVSS6AI score0.00674EPSS

Exploits0References1

CNVD•added 2015/11/13 12:0 a.m.•2 views

Microsoft .NET Framework Cross-Site Scripting Vulnerability

Microsoft .NET Framework is a popular software development toolkit. A cross-site scripting vulnerability exists in Microsoft .NET Framework versions 4, 4.5, 4.5.1, 4.5.2,4.6, which allows remote attackers to insert arbitrary web scripts or HTML pages via a carefully constructed value...

4.3CVSS4.6AI score0.28553EPSS

Exploits1References1

CNVD•added 2015/11/13 12:0 a.m.•2 views

Microsoft Skype for Business Cross-Site Scripting Vulnerability

Microsoft Skype for Business is an enterprise-class communication tool from Microsoft Corporation that enhances support for intra-enterprise communications as well as content sharing and collaboration. Cross-site scripting vulnerability in Microsoft Skype for Business 2016, Lync 2010 and 2013 SP1...

4.3CVSS6.3AI score0.14161EPSS

Exploits0References1

OSV•added 2015/11/09 11:59 a.m.•7 views

CVE-2015-5734

Cross-site scripting XSS vulnerability in the legacy theme preview implementation in wp-includes/theme.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a crafted string...

5.9AI score

Exploits0References12

CNVD•added 2015/11/07 12:0 a.m.•2 views

Mozilla Firefox Cross-Site Scripting Vulnerability (CNVD-2015-07411)

Mozilla Firefox is an open source web browser. A cross-site scripting vulnerability exists in Mozilla Firefox for Android-based platforms that fails to properly restrict URL strings in Android intents, allowing remote attackers to exploit the vulnerability to inject malicious script or HTML code...

4.3CVSS8.5AI score0.00695EPSS

Exploits0References1

CNVD•added 2015/11/05 12:0 a.m.•1 views

Cisco Social Miner Cross-Site Scripting Vulnerability

Cisco Social Miner is the United States Cisco Cisco a set of customer service systems, providing user information collection, filtering, process processing, statistical reporting and other functions. A cross-site scripting vulnerability exists in Cisco Social Miner 10.0. It allows remote attacker...

4.3CVSS5.8AI score0.00263EPSS

Exploits0References1

CNVD•added 2015/11/05 12:0 a.m.•2 views

Multiple cross-site scripting vulnerabilities in Fortinet FortiManager (CNVD-2015-07354)

Fortinet FortiManager is a centralized network security management platform from Fortinet. The platform supports centralized management of any number of Fortinet devices and can group devices into different management domains ADOM to further simplify multi-device security deployment and managemen...

4.3CVSS6AI score0.01674EPSS

Exploits1References1

CNVD•added 2015/11/05 12:0 a.m.•2 views

Multiple Cross-Site Scripting Vulnerabilities in Fortinet FortiManager (CNVD-2015-07355)

4.3CVSS6AI score0.01674EPSS

Exploits1References1

CNVD•added 2015/11/04 12:0 a.m.•1 views

Cisco FireSight Management Center Cross-Site Scripting Vulnerability

Cisco FireSIGHT Management Center MC is the United States Cisco Cisco company's set of centralized on the Cisco ASA with FirePOWER Services and Cisco FirePOWER network security equipment management management center software. A cross-site scripting vulnerability exists in Cisco FireSight MC...

3.5CVSS6.3AI score0.00185EPSS

Exploits0References1

CNVD•added 2015/11/04 12:0 a.m.•1 views

Cisco ACS Solution Engine Cross-Site Scripting Vulnerability

Cisco Secure Access Control Server ACS is a security access control server from Cisco, Inc.Solution Engine is one of the server engine solutions. Cisco Secure Access Control Server ACS version 5.70.15, an XSS vulnerability exists in the web interface of Solution Engine. A remote attacker could...

4.3CVSS6.2AI score0.00263EPSS

Exploits0References1

OSV•added 2015/10/31 4:59 a.m.•8 views

CVE-2015-5667

Cross-site scripting XSS vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment...

5.4AI score

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by