CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

exploitpack•added 2011/06/01 12:0 a.m.•15 views

Nagios 3.2.3 - expand Cross-Site Scripting

Nagios 3.2.3 - expand Cross-Site Scripting source: https://www.securityfocus.com/bid/48087/info Nagios is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser...

htbridge•added 2011/06/01 12:0 a.m.•23 views

Cross-site Scripting (XSS) Vulnerability in FanUpdate

High-Tech Bridge SA Security Research Lab has discovered vulnerability in FanUpdate which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in FanUpdate The vulnerability exists due to input sanitation error in the "pageTitle" parameter in...

4.3CVSS6AI score

Exploits0Affected Software1

exploitpack•added 2011/05/31 12:0 a.m.•17 views

Kentico CMS 5.5R2.23 - userContextMenu_Parameter Cross-Site Scripting

Kentico CMS 5.5R2.23 - userContextMenuParameter Cross-Site Scripting source: https://www.securityfocus.com/bid/48051/info Kentico CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute...

exploitpack•added 2011/05/31 12:0 a.m.•29 views

S9Y Serendipity Freetag-plugin 3.21 - index.php Cross-Site Scripting

S9Y Serendipity Freetag-plugin 3.21 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/48054/info Serendipity Freetag-plugin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue t...

Exploit DB•added 2011/05/31 12:0 a.m.•38 views

S9Y Serendipity Freetag-plugin 3.21 - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/48054/info Serendipity Freetag-plugin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting use...

Tenable Nessus•added 2011/05/27 12:0 a.m.•29 views

Movable Type mt-comments.cgi static Parameter XSS

The version of Movable Type running on the remote host is affected by a cross-site scripting vulnerability because the application fails to properly sanitize input to the 'static' parameter of the 'mt-comments.cgi' script. An attacker may be able to leverage this to inject arbitrary HTML and scri...

5.7AI score

Exploits0References1

Drupal•added 2011/05/25 12:0 a.m.•658 views

SA-CORE-2011-001 - Drupal core - Multiple vulnerabilities

CVE: CVE-2011-2687 Multiple vulnerabilities and weaknesses were discovered in Drupal. Reflected cross site scripting vulnerability in error handler A reflected cross site scripting vulnerability was discovered in Drupal's error handler. Drupal displays PHP errors in the messages area, and a...

7.5CVSS6.1AI score0.00774EPSS

Exploits0References15

htbridge•added 2011/05/25 12:0 a.m.•33 views

Multiple Vulnerabilities in miniblog

High-Tech Bridge SA Security Research Lab has discovered vulnerabilities in miniblog which could be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerabilities in miniblog 1.1 The vulnerability exists due to input sanitation error i...

5.1CVSS6.5AI score

Exploits0Affected Software1

Exploit DB•added 2011/05/25 12:0 a.m.•28 views

BlackBoard Learn 8.0 - 'keywordraw' Cross-Site Scripting

source: https://www.securityfocus.com/bid/48009/info Blackboard Learn is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

exploitpack•added 2011/05/25 12:0 a.m.•8 views

Kryn.cms 0.9 - _kurl Cross-Site Scripting

Kryn.cms 0.9 - kurl Cross-Site Scripting source: https://www.securityfocus.com/bid/47973/info Kryn.cms is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser...

Exploit DB•added 2011/05/25 12:0 a.m.•24 views

Kryn.cms 0.9 - '_kurl' Cross-Site Scripting

source: https://www.securityfocus.com/bid/47973/info Kryn.cms is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context o...

FreeBSD•added 2011/05/25 12:0 a.m.•9 views

drupal6 -- multiple vulnerabilities

Drupal Team reports: A reflected cross site scripting vulnerability was discovered in Drupal's error handler. Drupal displays PHP errors in the messages area, and a specially crafted URL can cause malicious scripts to be injected into the message. The issue can be mitigated by disabling on-screen...

0.3AI score

Exploits0References1

Exploit DB•added 2011/05/24 12:0 a.m.•29 views

phpScheduleIt 1.2.12 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/47951/info phpScheduleIt is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in t...

Exploit DB•added 2011/05/24 12:0 a.m.•20 views

Gadu-Gadu Instant Messenger 6.0 - File Transfer Cross-Site Scripting

source: https://www.securityfocus.com/bid/47957/info Gadu-Gadu Instant Messenger is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user ...

Exploit DB•added 2011/05/24 12:0 a.m.•20 views

Ajax Chat 1.0 - 'ajax-chat.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/47953/info Ajax Chat is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context ...

exploitpack•added 2011/05/24 12:0 a.m.•14 views

phpScheduleIt 1.2.12 - Multiple Cross-Site Scripting Vulnerabilities

phpScheduleIt 1.2.12 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/47951/info phpScheduleIt is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to...

7AI score

Exploit DB•added 2011/05/19 12:0 a.m.•26 views

LimeSurvey 1.85+ - 'admin.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/47931/info LimeSurvey is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context...

Tenable Nessus•added 2011/05/19 12:0 a.m.•31 views

Mailman < 2.1.14 Multiple XSS

According to its self-reported version number, the Mailman installation running on the remote host has multiple cross-site scripting vulnerabilities. These vulnerabilities can reportedly only be exploited by a list owner. A malicious list owner could exploit these issues to execute arbitrary scri...

3.5CVSS6.6AI score0.00393EPSS

Exploits0References3

exploitpack•added 2011/05/18 12:0 a.m.•13 views

Cisco Unified Operations Manager 8.5 - Common Services Device Center Cross-Site Scripting

Cisco Unified Operations Manager 8.5 - Common Services Device Center Cross-Site Scripting source: https://www.securityfocus.com/bid/47903/info Cisco Unified Operations Manager is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacke...

0.4AI score