CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6722 matches found

OSV•added 2024/08/30 7:15 a.m.•3 views

CVE-2024-42412

Cross-site scripting vulnerability exists in ELECOM wireless access points due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser...

6.1CVSS5.9AI score

Exploits0References2

OSV•added 2024/08/30 7:15 a.m.•3 views

CVE-2024-34577

Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, and WRC-X3000GS2A-B due to improper processing of input values in easysetup.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser...

6.1CVSS5.8AI score0.00237EPSS

Exploits0References2

OSV•added 2024/08/29 6:15 p.m.•2 views

CVE-2024-44716

A cross-site scripting XSS vulnerability in DedeBIZ v6.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

6.1CVSS5.9AI score0.0027EPSS

Exploits0References2

CNVD•added 2024/08/29 12:0 a.m.•7 views

Kashipara Hotel Management System Cross-Site Scripting Vulnerability

Kashipara Hotel Management System is a hotel management system from Kashipara. A cross-site scripting vulnerability exists in Kashipara Hotel Management System v1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the useremail parameter of...

4.7CVSS6.3AI score0.00485EPSS

Exploits1References1

NVD•added 2024/08/28 12:15 p.m.•24 views

CVE-2024-6449

HyperView Geoportal Toolkit in versions lower than 8.5.0 does not restrict cross-domain requests when fetching remote content pointed by one of GET request parameters. An unauthenticated remote attacker can prepare links, which upon opening will load scripts from a remote location controlled by t...

6.5CVSS0.0035EPSS

Exploits0References2

Vulnrichment•added 2024/08/28 11:49 a.m.•15 views

CVE-2024-6449 Arbitrary cross-domain file inclusion in HyperView Geoportal Toolkit

5.3CVSS6.9AI score0.0035EPSS

Exploits0References2

Cvelist•added 2024/08/28 11:49 a.m.•27 views

CVE-2024-6449 Arbitrary cross-domain file inclusion in HyperView Geoportal Toolkit

5.3CVSS0.0035EPSS

Exploits0References2

CNVD•added 2024/08/28 12:0 a.m.•4 views

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2024-37810)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6.1AI score0.00296EPSS

Exploits0References1

CNVD•added 2024/08/28 12:0 a.m.•7 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-37807)

4.8CVSS6.1AI score0.00296EPSS

Exploits0References1

CNVD•added 2024/08/28 12:0 a.m.•7 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-37806)

5.4CVSS6.1AI score0.00296EPSS

Exploits0References1

BDU FSTEC•added 2024/08/27 12:0 a.m.•2 views

The vulnerability of the Calltouch analytics service lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary scripts.

The vulnerability of the Calltouch analytics service is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary scripts remotely...

7.8CVSS5.8AI score

Exploits0Affected Software1

OSV•added 2024/08/26 8:15 p.m.•1 views

CVE-2024-44793

A cross-site scripting XSS vulnerability in the component /managers/multiplefreeleech.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the torrents parameter...

6.1CVSS5.9AI score0.00335EPSS

Exploits1References3

OSV•added 2024/08/26 3:15 p.m.•9 views

CVE-2024-38859

XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 EOL allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by...

6.1CVSS6.2AI score

Exploits0References1

CVE•added 2024/08/26 2:15 p.m.•61 views

CVE-2024-38859

CVE-2024-38859 is a cross-site scripting (XSS) vulnerability in Checkmk. It affects view pages with the SLA column when using Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47, or 2.0.0 (EOL). The root cause is injection of HTML elements into the SLA column title, enabling execution of scrip...

6.1CVSS6.2AI score0.00419EPSS

Exploits0References1Affected Software1

RedHat Linux•added 2024/08/26 8:9 a.m.•4 views

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

9.8CVSS7.1AI score0.41611EPSS

Exploits0References5

RedHat Linux•added 2024/08/26 7:39 a.m.•1 views

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

9.8CVSS7.1AI score0.41611EPSS

Exploits0References5

CNVD•added 2024/08/23 12:0 a.m.•10 views

YznCMS Cross-Site Scripting Vulnerability (CNVD-2024-38192)

YznCMS is a backend development framework. A cross-site scripting vulnerability exists in YznCMS version 1.4.2, which stems from the lack of effective filtering and escaping of user-supplied data in the component /index/index.html, and can be exploited by an attacker to execute arbitrary Web scri...

5.4CVSS6.5AI score0.00308EPSS

Exploits1References1