CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

35 matches found

RedhatCVE•added 2025/10/31 10:7 p.m.•2 views

CVE-2021-47691

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting XSS vulnerabilities via the Services page affecting the configname and servicedescription fields. Insufficient validation or escaping of user-supplied input may allow an...

5.4CVSS6.4AI score0.00478EPSS

Exploits0References1

EUVD•added 2025/10/31 12:30 a.m.•2 views

EUVD-2021-34707

5.1CVSS5.8AI score0.00478EPSS

Exploits0References3

NVD•added 2025/10/30 10:15 p.m.•1 views

CVE-2021-47691

5.4CVSS0.00478EPSS

Exploits0References2

OSV•added 2025/10/30 10:15 p.m.•0 views

CVE-2021-47691

5.4CVSS5.9AI score

Exploits0References2

Cvelist•added 2025/10/30 9:36 p.m.•3 views

CVE-2021-47691 Nagios XI < 5.8.2 Core Config Manager (CCM) XSS via Services Page

5.1CVSS0.00478EPSS

Exploits0References2

CVE•added 2025/10/30 9:36 p.m.•8 views

CVE-2021-47691

The Nagios XI Core Config Manager (CCM) is affected by cross-site scripting (XSS) vulnerabilities in CCM prior to 3.1.1 and Nagios XI prior to 5.8.2. The issue arises from insufficient validation/escaping of user-supplied input in the Services page, specifically the config_name and service_descri...

5.4CVSS5.9AI score0.00478EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2025/10/30 9:36 p.m.•2 views

CVE-2021-47691 Nagios XI < 5.8.2 Core Config Manager (CCM) XSS via Services Page

5.1CVSS5.9AI score0.00478EPSS

Exploits0References2

Positive Technologies•added 2025/10/30 12:0 a.m.•3 views

PT-2025-44475

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.8.2 Core Config Manager CCM versions prior to 3.1.1 Description The Core Config Manager CCM in Nagios XI is susceptible to cross-site scripting XSS issues through the Services page. The config name and service...

5.4CVSS6.1AI score0.00478EPSS

Exploits0References4

Vulnrichment•added 2025/10/27 3:7 p.m.•2 views

CVE-2025-10023 A user with elevated privileges can inject XSS in the Services Meta-services configuration page

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring Services Meta-services modules allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.9, from 24.04.0...

6.2CVSS5.1AI score0.0002EPSS

Exploits0References2

OSV•added 2025/10/08 8:15 p.m.•3 views

CVE-2025-11503

A vulnerability was determined in PHPGurukul Beauty Parlour Management System 1.1. This issue affects some unknown processing of the file /admin/manage-services.php. Executing a manipulation of the argument delid can lead to sql injection. The attack may be performed from remote. The exploit has...

9.8CVSS5.7AI score

Exploits0References5

OSV•added 2024/10/24 7:15 p.m.•3 views

CVE-2024-48427

A SQL injection vulnerability in Sourcecodester Packers and Movers Management System v1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in /mpms/admin/?page=services/manageservice&id...

8.8CVSS6.1AI score0.17155EPSS

Exploits0References2

CNNVD•added 2024/10/24 12:0 a.m.•1 views

Packers and Movers Management System 安全漏洞

Packers and Movers Management System is a Packers and Movers Management System by Carlo Montero Individual Developer. A security vulnerability exists in Packers and Movers Management System v1.0, which originates from a SQL injection that allows remote authenticated users to execute arbitrary SQL...

8.8CVSS8.3AI score0.17155EPSS

Exploits0References2

Cvelist•added 2024/06/12 12:0 a.m.•21 views

CVE-2024-36840

SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to newsdetails.php and locationdetails.php; and the section parameter to services.php...

0.11554EPSS

Exploits3References6

SUSE CVE•added 2024/06/04 12:44 p.m.•0 views

SUSE CVE-2022-24917

An authenticated user can create a link with reflected Javascript code inside it for services' page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all...

3.7CVSS5.4AI score0.00882EPSS

Exploits0References5

RedHat Linux•added 2021/08/18 9:13 a.m.•1 views

cxf: XSS via the styleSheetPath

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting XSS attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This...

6.1CVSS7.3AI score0.14577EPSS

Exploits0References4

RedHat Linux•added 2021/08/11 6:21 p.m.•0 views

cxf: XSS via the styleSheetPath

6.1CVSS7.3AI score0.14577EPSS

Exploits0References4

OSV•added 2020/11/12 1:15 p.m.•27 views

CVE-2020-13954

6.1CVSS5.6AI score0.14577EPSS

Exploits0References15

NVD•added 2020/11/12 1:15 p.m.•16 views

CVE-2020-13954

6.1CVSS6.2AI score0.14577EPSS

Exploits0References15

Prion•added 2020/11/12 1:15 p.m.•18 views

Cross site scripting

4.3CVSS6.8AI score0.14577EPSS

Exploits0References15Affected Software5

RedHat Linux•added 2020/07/29 6:6 a.m.•0 views

cxf: reflected XSS in the services listing page

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting XSS attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploit...

6.1CVSS7.2AI score0.13981EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by