CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

127 matches found

OSV•added 2024/08/20 12:15 p.m.•2 views

CVE-2024-41697

Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS...

6.1CVSS5.8AI score

Exploits0References1

Positive Technologies•added 2024/08/20 12:0 a.m.•2 views

PT-2024-29518 · Priority · Priority

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns improper neutralization of script-related HTML tags in a web page, which is a basic cross-site scripting XSS problem. This can...

6.1CVSS5.9AI score0.00259EPSS

Exploits0References5

CNNVD•added 2024/06/13 12:0 a.m.•1 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6.6AI score0.04817EPSS

Exploits0References3

OSV•added 2024/06/04 10:15 a.m.•1 views

CVE-2023-46310

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in gVectors Team wpDiscuz allows Code Injection.This issue affects wpDiscuz: from n/a through 7.6.10...

6.1CVSS5.8AI score0.00237EPSS

Exploits0References1

Positive Technologies•added 2024/05/17 12:0 a.m.•3 views

PT-2024-19924 · Unknown · Formidable Forms

Name of the Vulnerable Software and Affected Versions: Formidable Forms versions through 6.7 Description: The issue is related to an Improper Neutralization of Script-Related HTML Tags in a Web Page, also known as Basic XSS, allowing Code Injection in Formidable Forms. Recommendations: For versio...

6.1CVSS7.2AI score0.00307EPSS

Exploits0References5

Vulnrichment•added 2024/01/03 7:16 p.m.•13 views

CVE-2023-5880 Cross-site Scripting (XSS) injected into Aladdin Connect garage door opener (Retrofit-Kit) configuration setup webserver console via broadcast SSID name

When the Genie Company Aladdin Connect garage door opener Retrofit-Kit Model ALDCM is placed into configuration mode the web servers “Garage Door Control Module Setup” page is vulnerable to XSS via a broadcast SSID name containing malicious code with client side Java Script and/or HTML. This allo...

5.8AI score0.00688EPSS

Exploits0References1

CNVD•added 2023/11/30 12:0 a.m.•19 views

Apache NiFi cross-site scripting vulnerability (CNVD-2023-9665850)

Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation and system intermediary logic. Apache NiFi suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and...

7.9CVSS5.9AI score0.00293EPSS

Exploits0References1

Packet Storm•added 2023/08/29 12:0 a.m.•242 views

HumbertoCaldas CMS 0.1.3 Cross Site Scripting

==================================================================================================================================== | Title : HumbertoCaldas Cms v0.1.3 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 64.0.2 32-bit | |...

7.1AI score

Exploits0

Cvelist•added 2023/04/11 12:0 a.m.•9 views

CVE-2023-23277

Snippet-box 1.0.0 is vulnerable to Cross Site Scripting XSS. Remote attackers can render arbitrary web script or HTML from the "Snippet code" form field...

6.3AI score0.00222EPSS

Exploits1References3

OSV•added 2022/05/17 4:32 a.m.•15 views

GHSA-3G6W-4M7X-97V6 Plone Cross-site scripting Vulnerability

Cross-site scripting XSS vulnerability in pythonscripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "u,translate."...

6.1CVSS5.5AI score0.00285EPSS

Exploits0References7

OSV•added 2022/05/17 12:22 a.m.•3 views

GHSA-X4X9-4C65-73W8 Concrete5 Vulnerable to Cross-Site Scripting (XSS)

Cross-site scripting XSS vulnerability in concrete5 Japanese 5.5.1 through 5.5.2.1 and concrete5 English 5.5.0 through 5.6.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.3CVSS5.8AI score0.00493EPSS

Exploits0References5

UbuntuCve•added 2021/10/01 4:15 p.m.•14 views

CVE-2021-40972

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter...

6.1CVSS6.4AI score0.01286EPSS

Exploits1References3

OSV•added 2020/12/18 8:15 a.m.•0 views

UBUNTU-CVE-2020-35478

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink. This affects MediaWiki 1.33.0 and later...

6.1CVSS7.1AI score0.00446EPSS

Exploits1References5

CNVD•added 2020/12/02 12:0 a.m.•15 views

ThinkAdmin Cross-Site Scripting Vulnerability

ThinkAdmin is a backend administration framework developed based on the latest ThinkPHP V6 , using the MIT protocol open source. thinkAdmin v1, v6 exists a stored cross-site scripting vulnerability. A remote attacker can use the vulnerability to inject arbitrary Web script or HTML...

5.4CVSS0.8AI score0.00201EPSS

Exploits1References1

CVE•added 2020/02/06 9:30 a.m.•47 views

CVE-2020-5528

CVE-2020-5528 is a cross-site scripting vulnerability in Movable Type series (including Movable Type 7, 6.5, and related editions) that allows remote attackers to inject arbitrary web script or HTML into the block editor and Rich Text Editor via a specially crafted URL. The vulnerability affects ...

6.1CVSS6AI score0.00429EPSS

Exploits0References2Affected Software1

Cvelist•added 2019/07/23 4:3 p.m.•14 views

CVE-2018-18670

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Extra Contents" parameter, aka the adm/configformupdate.php cf110 parameter...

6AI score0.00363EPSS

Exploits0References3

CNVD•added 2019/03/15 12:0 a.m.•3 views

KinagaCMS Cross-Site Scripting Vulnerability

KinagaCMS is a PHP-based content management system CMS. A cross-site scripting vulnerability exists in KinagaCMS versions prior to 6.5. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

6.1CVSS6.1AI score0.00329EPSS

Exploits0References1

CNVD•added 2018/09/04 12:0 a.m.•1 views

Mayan EDMS Cross-Site Scripting Vulnerability

Mayan EDMS is a document management system developed by software developer Roberto Rosario. The system supports electronic signatures, version control, optical character recognition, etc. Tags app is one of the tag management applications. A cross-site scripting vulnerability exists in the Tags a...

6.1CVSS5.9AI score0.0029EPSS

Exploits1References1

CNVD•added 2018/02/26 12:0 a.m.•3 views

Fortinet FortiGate FortiDB Cross-Site Scripting Vulnerability

Fortinet FortiGate FortiDB is a scalable database security solution developed by the United States Fita Fortinet. A cross-site scripting vulnerability exists in the Java number format exception handling in Fortinet FortiGate FortiDB versions prior to 4.4.2. A remote attacker can exploit this...

6.1CVSS6.6AI score0.0023EPSS

Exploits1References1

CNVD•added 2018/01/11 12:0 a.m.•1 views

Microsemi Symmetricom s350i Cross-Site Scripting Vulnerability

Microsemi Symmetricom s350i is a clock server from Microsemi Corporation. A cross-site scripting vulnerability exists in Microsemi Symmetricom s350i version 2.70.15. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

6.1CVSS6.2AI score0.00222EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by