CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

Veracode•added 2026/02/20 9:21 a.m.•3 views

Cross Site Scripting (XSS)

Agora is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input handling of the topicName parameter in client/agora/public/js/editorManager.js, which allows an attacker to inject malicious scripts that execute in a user’s browser...

6.4CVSS6AI score0.00171EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2025/08/09 12:23 a.m.•3 views

CVE-2025-55133

In Agora Foundation Agora fall23-Alpha1 before b087490, there is XSS via topicName in client/agora/public/js/editorManager.js...

6.4CVSS5.7AI score0.00171EPSS

Exploits0References1

CNNVD•added 2025/08/07 12:0 a.m.•2 views

agora 跨站脚本漏洞

agora is a cloud-based learning and research platform open-sourced by the Agora Foundation. A cross-site scripting vulnerability exists in versions prior to agora fall23-Alpha1 b087490, which stems from the topicName parameter in editorManager.js being susceptible to cross-site scripting attacks...

6.4CVSS6AI score0.00171EPSS

Exploits0References2

CNNVD•added 2023/01/01 12:0 a.m.•1 views

ntpd_driver 代码注入漏洞

ntpddriver is a library from Vladimir Ermakov's personal developer. Converts ROS TimeReference messages to ntpd shm format. A security vulnerability exists in ntpddriver versions prior to 1.3.0, 2.x series prior to 2.2.0, which stems from the fact that the topic nam depends on the timereftopic...

9.8CVSS8.4AI score0.00451EPSS

Exploits1References4

CNNVD•added 2022/10/13 12:0 a.m.•1 views

Liferay DXP 跨站脚本漏洞

Liferay DXP is a digital experience collaboration platform from Liferay, Inc. A security vulnerability exists in Liferay DXP version 7.3.10 SP3, Liferay Portal versions 7.3.0 through 7.4.0, which originates from a vulnerability that could allow a remote attacker to inject arbitrary JS script or...

5.4CVSS5.9AI score0.0023EPSS

Exploits1References4

RedHat Linux•added 2020/12/08 8:55 a.m.•3 views

activemq: remote XSS in web console diagram plugin

A flaw was found in activemq. A specifically crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is triggered in the diagram plugin; queue node and the info...

6.1CVSS5.8AI score0.02552EPSS

Exploits0References4

OSV•added 2019/09/19 2:15 p.m.•1 views

ALPINE-CVE-2019-11779

In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur...

6.5CVSS7.2AI score0.16327EPSS

Exploits0References1

NVD•added 2019/08/18 4:15 p.m.•7 views

CVE-2019-15137

The Access Control plugin in eProsima Fast RTPS through 1.9.0 allows fnmatch pattern matches with topic name strings instead of the permission expressions themselves, which can lead to unintended connections between participants in a Data Distribution Service DDS network...

7.5CVSS7.4AI score0.00237EPSS

Exploits0References2

Prion•added 2006/02/10 11:2 a.m.•11 views

Cross site scripting

Cross-site scripting XSS vulnerability in WiredRed e/pop Web Conferencing 4.1.0.755 allows remote authenticated users to inject arbitrary web script or HTML via the topic name of a conference...

4.3CVSS5.6AI score0.00527EPSS

Exploits0References7Affected Software1

NVD•added 2006/01/09 11:3 a.m.•8 views

CVE-2006-0124

Cross-site scripting XSS vulnerability in crear.php in ADN Forum 1.0b allows remote attackers to inject arbitrary web script or HTML via the titulo parameter, which is used by the "Topic name" field...

4.3CVSS5.7AI score0.00731EPSS

Exploits1References7

Cvelist•added 2006/01/09 11:0 a.m.•13 views

CVE-2006-0124

5.7AI score0.00731EPSS

Exploits1References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by