CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6664 matches found

Cvelist•added 2023/08/02 12:23 p.m.•15 views

CVE-2023-26449

The "OX Chat" web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker...

5.4CVSS6AI score0.00188EPSS

Exploits0References4

Tenable Nessus•added 2023/07/25 12:0 a.m.•19 views

Cisco NX-OS Software NX-API Sandbox Cross-site Scripting (CVE-2019-1733)

A vulnerability in the NX API NX-API Sandbox interface for Cisco NX- OS Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the NX-API Sandbox interface of an affected device. The vulnerability is due to insufficient validation of...

5.4CVSS5.9AI score0.00311EPSS

Exploits0References3

Cvelist•added 2023/07/07 7:47 p.m.•14 views

CVE-2023-20133

A vulnerability in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability exists because of insufficient validation of user-supplied input in Webex Events class...

5.4CVSS5.5AI score0.00136EPSS

Exploits0References1

Tenable Nessus•added 2023/07/06 12:0 a.m.•16 views

Cisco Secure Email and Web Manager XSS (cisco-sa-esa-sma-wsa-xss-cP9DuEmq)

According to its self-reported version, Cisco Secure Email and Web Manager is affected by cross-site scripting vulnerabilities. The vulnerability is due to insufficient validation of user input. An attacker could exploit this by persuading a user of an affected interface to click a crafted link. ...

6.1CVSS5.8AI score0.00151EPSS

Exploits0References9

Tenable Nessus•added 2023/07/06 12:0 a.m.•28 views

Cisco Secure Web Appliance XSS (cisco-sa-esa-sma-wsa-xss-cP9DuEmq)

According to its self-reported version, Cisco Secure Web Appliance is affected by cross-site scripting vulnerabilities. The vulnerability is due to insufficient validation of user input. An attacker could exploit this by persuading a user of an affected interface to click a crafted link. A...

6.1CVSS5.7AI score0.00151EPSS

Exploits0References5

NVD•added 2023/07/05 3:15 p.m.•12 views

CVE-2023-35978

A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context...

6.1CVSS6.5AI score0.00172EPSS

Exploits0References1

Prion•added 2023/07/05 3:15 p.m.•14 views

Cross site scripting

A vulnerability in the ArubaOS web-based management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in...

5.8CVSS5.9AI score0.00422EPSS

Exploits0References1Affected Software1

Prion•added 2023/07/05 3:15 p.m.•16 views

Cross site scripting

5.8CVSS6.1AI score0.00172EPSS

Exploits0References1Affected Software1

Cvelist•added 2023/07/05 2:49 p.m.•19 views

CVE-2023-35978 Reflected Cross-Site Scripting (XSS) in ArubaOS Web-based Management Interface

6.1CVSS7AI score0.00172EPSS

Exploits0References1

Cvelist•added 2023/07/05 2:43 p.m.•13 views

CVE-2023-35971 Unauthenticated Stored Cross-Site Scripting (XSS) in ArubaOS Web-based Management Interface

8.8CVSS8.1AI score0.00422EPSS

Exploits0References1

Prion•added 2023/06/28 3:15 p.m.•16 views

Cross site scripting

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, formerly known as Content Security Management Appliance SMA could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the...

5.8CVSS6AI score0.00113EPSS

Exploits0References1Affected Software3

Tenable Nessus•added 2023/06/05 12:0 a.m.•13 views

Schweitzer Engineering Laboratories RTAC Cross-site Scripting (CVE-2023-31154)

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL...

5.4CVSS5.8AI score0.0027EPSS

Exploits0References3

Tenable Nessus•added 2023/06/05 12:0 a.m.•17 views

Schweitzer Engineering Laboratories RTAC Cross-site Scripting (CVE-2023-31157)

5.4CVSS5.8AI score0.0027EPSS

Exploits0References3

Tenable Nessus•added 2023/06/05 12:0 a.m.•13 views

Schweitzer Engineering Laboratories RTAC Cross-site Scripting (CVE-2023-31165)

5.4CVSS5.8AI score0.0027EPSS

Exploits0References3

NVD•added 2023/05/19 5:15 p.m.•9 views

CVE-2023-1996

A reflected Cross-site Scripting XSS vulnerability in Release 3DEXPERIENCE R2018x through Release 3DEXPERIENCE R2023x allows an attacker to execute arbitrary script code...

6.1CVSS6.1AI score0.00669EPSS

Exploits0References1

Prion•added 2023/05/19 5:15 p.m.•18 views

Cross site scripting

A reflected Cross-site Scripting XSS vulnerability in Release 3DEXPERIENCE R2018x through Release 3DEXPERIENCE R2023x allows an attacker to execute arbitrary script code...

5.8CVSS6.1AI score0.00669EPSS

Exploits0References1Affected Software1

NVD•added 2023/05/10 8:15 p.m.•8 views

CVE-2023-31160

5.4CVSS5.2AI score0.00197EPSS

Exploits0References2

NVD•added 2023/05/10 8:15 p.m.•11 views

CVE-2023-31164

5.4CVSS5.2AI score0.0027EPSS

Exploits0References2

NVD•added 2023/05/10 8:15 p.m.•12 views

CVE-2023-31158