CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

127 matches found

OSV•added 2015/04/13 2:59 p.m.•7 views

CVE-2015-2932

Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element...

6.2AI score

Exploits0References8

NVD•added 2015/01/23 3:59 p.m.•11 views

CVE-2015-1176

Cross-site scripting XSS vulnerability in upload/scp/tickets.php in osTicket before 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the status parameter in a search action...

4.3CVSS6AI score0.00305EPSS

Exploits2References5

NVD•added 2014/10/09 2:55 p.m.•8 views

CVE-2014-8077

Cross-site scripting XSS vulnerability in the NewsFlash theme 6.x-1.x before 6.x-1.7 and 7.x-1.x before 7.x-2.5 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to font family CSS property...

3.5CVSS5.3AI score0.00335EPSS

Exploits0References6

seebug.org•added 2014/07/01 12:0 a.m.•17 views

Campsite 3.3.5 - CSRF Vulnerability

No description provided by source. ======================================================================= campsite 3.3.5 CSRF Vulnerability ======================================================================= by Pratul Agrawal Vulnerability found in- Admin module email [email protected]...

7.1AI score

Exploits0

UbuntuCve•added 2014/06/11 2:55 p.m.•23 views

CVE-2014-4037

Cross-site scripting XSS vulnerability in editor/dialog/fckspellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor before 2.6.11 and earlier allows remote attackers to inject arbitrary web script or HTML via an array key in the textinputs parameter, a different issue than...

4.3CVSS5.9AI score0.00353EPSS

Exploits1References3

UbuntuCve•added 2014/06/03 2:55 p.m.•35 views

CVE-2014-3943

Multiple cross-site scripting XSS vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters...

3.5CVSS5.9AI score0.00208EPSS

Exploits0References4

NVD•added 2014/03/19 2:17 p.m.•14 views

CVE-2013-5953

Multiple cross-site scripting XSS vulnerabilities in tmpl/layouteditevent.php in the Multi Calendar commulticalendar component 4.0.2, and possibly 4.8.5 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the 1 calid or 2 paletteDefault parameter in an...

4.3CVSS5.9AI score0.00359EPSS

Exploits2References4

UbuntuCve•added 2014/02/13 12:0 a.m.•24 views

CVE-2013-1070

Cross-site scripting XSS vulnerability in the API in Ubuntu Metal as a Service MaaS 1.2 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the op parameter to nodes/...

4.3CVSS6AI score0.00336EPSS

Exploits1References2

NVD•added 2014/02/05 3:10 p.m.•14 views

CVE-2013-1466

Multiple cross-site scripting XSS vulnerabilities in glFusion before 1.2.2.pl4 allow remote attackers to inject arbitrary web script or HTML via the 1 subject parameter to profiles.php; 2 address1, 3 address2, 4 calendartype, 5 city, 6 state, 7 title, 8 url, or 9 zipcode parameter to...

4.3CVSS5.7AI score0.08713EPSS

Exploits5References7

NVD•added 2013/12/05 6:55 p.m.•11 views

CVE-2013-6267

Multiple cross-site scripting XSS vulnerabilities in Claroline before 1.11.9 allow remote attackers to inject arbitrary web script or HTML via the 1 box parameter to messaging/messagebox.php, cidToEdit parameter to 2 adminregisteruser.php or 3 adminusercoursesettings.php in admin/, 4 moduleid...

4.3CVSS5.7AI score0.00515EPSS

Exploits3References7

UbuntuCve•added 2013/11/05 8:55 p.m.•19 views

CVE-2013-4453

Cross-site scripting XSS vulnerability in templates/login.php in LDAP Account Manager LAM 4.3 and 4.2.1 allows remote attackers to inject arbitrary web script or HTML via the language parameter...

4.3CVSS5.9AI score0.00475EPSS

Exploits0References1

UbuntuCve•added 2013/07/20 3:37 a.m.•30 views

CVE-2013-1879

Cross-site scripting XSS vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."...

4.3CVSS7AI score0.05475EPSS

Exploits1References1

NVD•added 2012/09/06 5:55 p.m.•10 views

CVE-2012-4870

Multiple cross-site scripting XSS vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 context parameter to panel/indexamp.php or 2 panel/dhtml/index.php; 3 clid or 4 clidname parameters to panel/flash/mypage.php; 5 PATHINFO to...

4.3CVSS5.8AI score0.11755EPSS

Exploits1References8

Cvelist•added 2012/08/31 9:0 p.m.•21 views

CVE-2011-5149

Multiple cross-site scripting XSS vulnerabilities in SpamTitan 5.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 testaddr or 2 testpass parameter to auth-settings.php; 3 hostname, 4 domainname, or 5 mailserver parameter to setup-relay.php; or 6 subnetmask or...

5.7AI score0.03751EPSS

Exploits1References7

NVD•added 2012/08/14 11:55 p.m.•10 views

CVE-2012-2076

Cross-site scripting XSS vulnerability in the administration forms in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with administer sharethis permissions to inject arbitrary web script or HTML via unspecified vectors...

2.1CVSS5.3AI score0.00259EPSS

Exploits0References8

OpenVAS•added 2012/08/10 12:0 a.m.•31 views

Debian Security Advisory DSA 2506-1 (libapache-mod-security)

The remote host is missing an update to libapache-mod-security announced via advisory DSA 2506-1. OpenVAS Vulnerability Test $Id: deb25061.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2506-1 libapache-mod-security Authors: Thomas Reinke Copyright:...

4.3CVSS0.4AI score0.01943EPSS

Exploits2

Cvelist•added 2012/07/12 7:0 p.m.•20 views

CVE-2012-3805

Multiple cross-site scripting XSS vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the 1 absendername, 2 absenderemail, or 3 absendernachricht parameter to the content page; 4...

5.7AI score0.00868EPSS

Exploits3References5

UbuntuCve•added 2011/10/21 6:55 p.m.•16 views

CVE-2011-4024

Cross-site scripting XSS vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.10895EPSS

Exploits6References1

UbuntuCve•added 2011/04/27 12:55 a.m.•20 views

CVE-2011-1587

Cross-site scripting XSS vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html located before a ? question mark in a query string,...

4.3CVSS5.8AI score0.00223EPSS

Exploits0References1

UbuntuCve•added 2011/03/29 6:55 p.m.•16 views

CVE-2011-0728

Cross-site scripting XSS vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view...

3.5CVSS5.9AI score0.00421EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by