CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4576 matches found

CNVD•added 2015/04/14 12:0 a.m.•4 views

Kemp Virtual LoadMaster /progs/geoctrl/doadd fqdn stored cross-site scripting vulnerability

Kemp Virtual LoadMaster is a virtual load balancer. Kemp Virtual LoadMaster /progs/geoctrl/doadd handles the fqdn parameter cross-site scripting vulnerability, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code that can be used to gain access to...

6.4AI score

Exploits0References1

OSV•added 2015/04/13 2:59 p.m.•2 views

DEBIAN-CVE-2015-2939

Cross-site scripting XSS vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace...

4.3CVSS5.8AI score0.00408EPSS

Exploits0References1

OSV•added 2015/04/13 2:59 p.m.•1 views

DEBIAN-CVE-2015-2934

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xmlparse function does not expand entities, which allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file...

4.3CVSS6.4AI score0.00281EPSS

Exploits0References1

OSV•added 2015/04/13 2:59 p.m.•1 views

DEBIAN-CVE-2015-2933

Cross-site scripting XSS vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a LanguageConverter substitution string when using a language variant...

4.3CVSS5.8AI score0.00281EPSS

Exploits0References1

OSV•added 2015/04/13 2:59 p.m.•2 views

DEBIAN-CVE-2015-2932

Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element...

4.3CVSS6.3AI score0.00281EPSS

Exploits0References1

OSV•added 2015/04/13 2:59 p.m.•5 views

CVE-2015-2931

Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI...

6.2AI score

Exploits0References8

OSV•added 2015/04/13 2:59 p.m.•0 views

DEBIAN-CVE-2015-2931

4.3CVSS6.5AI score0.00281EPSS

Exploits1References1

OSV•added 2015/04/13 2:59 p.m.•0 views

UBUNTU-CVE-2015-2931

4.3CVSS5.9AI score0.00281EPSS

Exploits1References4

OSV•added 2015/04/13 2:59 p.m.•1 views

UBUNTU-CVE-2015-2939

4.3CVSS5.9AI score0.00408EPSS

Exploits0References4

CNVD•added 2015/03/24 12:0 a.m.•1 views

Multiple Cross-Site Scripting Vulnerabilities in IBM Business Process Manager

IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. The platform provides a range of tools related to process modeling, assembly, monitoring and deployment for business. A cross-site scripting vulnerability exists in Proce...

3.5CVSS6AI score0.00175EPSS

Exploits0References1

CNVD•added 2015/03/24 12:0 a.m.•1 views

IBM Business Process Manager Cross-Site Scripting Vulnerability (CNVD-2015-01946)

IBM Business Process Manager BPM is a comprehensive set of business process management platforms from IBM in the U.S. It provides a range of tools related to business process modeling, assembly, monitoring, and deployment.WebSphere Lombardi Edition WLE is the predecessor of the BPM product. A...

4.3CVSS6AI score0.0027EPSS

Exploits0References1

CNVD•added 2015/03/19 12:0 a.m.•3 views

IBM Rational DOORS Next Generation and Rational Requirements Composer Cross-Site Scripting Vulnerability

IBM Rational DOORS Next Generation and Rational Requirements Composer are both requirements management solutions from IBM USA. The solutions are primarily used to define, manage, and report on requirements throughout the project lifecycle. A cross-site scripting vulnerability exists in IBM Ration...

3.5CVSS6AI score0.00166EPSS

Exploits0References1

CNVD•added 2015/03/13 12:0 a.m.•1 views

EMC RSA Certificate Manager and RSA Registration Manager Cross-Site Scripting Vulnerability (CNVD-2015-01665)

EMC RSA Certificate Manager RCM and RSA Registration Manager RRM are both products of EMC Corporation, RCM is a digital certificate management system that provides automated implementation of encryption key and digital certificate management, and RRM is a certificate registration management syste...

3.5CVSS6AI score0.00096EPSS

Exploits0References1

CNVD•added 2015/03/12 12:0 a.m.•3 views

OpenKM Cross-Site Scripting Vulnerability

OpenKM is a document management system from OpenKM Spain. The system provides features such as version control, document history and file sharing. A cross-site scripting vulnerability exists in OpenKM version 6.4.18 build 23338, which stems from a frontend/index.jsp script that fails to adequatel...

3.5CVSS6.2AI score0.00299EPSS

Exploits2References1

RedHat Linux•added 2015/03/05 9:50 a.m.•1 views

jquery-ui: XSS vulnerability in jQuery.ui.dialog title option

Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option...

6.1CVSS7.5AI score0.05931EPSS

Exploits1References4

CNVD•added 2015/02/28 12:0 a.m.•1 views

Multiple Cross-Site Scripting Vulnerabilities in PNMsoft Sequence Kinetics

PNMsoft Sequence Kinetics is a next-generation business process management suite released by Israel-based PNMsoft that enables rapid establishment of high-availability workflow applications and close human collaboration on change while maintaining lifecycle governance. Multiple cross-site scripti...

4.3CVSS6.1AI score0.00263EPSS

Exploits0References1

Japan Vulnerability Notes•added 2015/02/27 6:56 a.m.•1 views

Cross-site Scripting Vulnerability in JP1/IT Desktop Management - Manager and Hitachi IT Operations Director

Overview A cross-site scripting vulnerability was found in the online help of JP1/IT Desktop Management - Manager and Hitachi IT Operations Director. Impact Remote users can exploit a cross-site scripting vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information...

4.3CVSS6.2AI score

Exploits0References2

ATTACKERKB•added 2015/02/26 3:59 p.m.•0 views

CVE-2015-2088

Cross-site scripting XSS vulnerability in unspecified administration pages in the Term Queue module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

4.3CVSS5.7AI score0.00296EPSS

Exploits0References4

CNVD•added 2015/02/21 12:0 a.m.•3 views

McAfee Data Loss Prevention Endpoint Cross-Site Scripting Vulnerability

McAfee Data Loss Prevention Endpoint is an integrated endpoint data protection solution from McAfee. The solution prevents theft and accidental disclosure of confidential data and provides security policies for file handling and transfer, shared endpoint data flow control and data encryption. A...

3.5CVSS6AI score0.00185EPSS

Exploits0References1

CNVD•added 2015/02/21 12:0 a.m.•1 views

IBM Tivoli Endpoint Manager Web Reports Component Cross-Site Scripting Vulnerability

IBM Tivoli Endpoint Manager provides a unified, real-time visualization and implementation approach to deploying and managing patches to all endpoints. A cross-site scripting vulnerability in the Web Reports component of IBM Tivoli Endpoint Manager version 9.1.1229 prior to 9.1 can be exploited b...

4.3CVSS6.4AI score0.00236EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by