CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19 matches found

Github Security Blog•added 2026/03/19 5:12 p.m.•2 views

AVideo Affected by Stored XSS via Unescaped Video Title in CDN downloadButtons.php

Summary WWBN/AVideo contains a stored cross-site scripting vulnerability in the CDN plugin's download buttons component. The cleantitle field of a video record is interpolated directly into a JavaScript string literal without any escaping, allowing an attacker who can create or modify a video to...

8.2CVSS5.8AI score0.00014EPSS

Exploits1References4Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2018-0543

Malware in sbrugna...

9.8CVSS9.2AI score0.00704EPSS

Exploits2References8

IBM Security Bulletins•added 2022/07/04 12:52 p.m.•81 views

Security Bulletin:Due to use of Dojo Toolkit before 1.14 in IBM Tivoli Network Manager is vulnerable to unescaped string injection in dojox/Grid/DataGrid(CVE-2018-15494)

Summary In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid. dojox/grid/Builder.js and dojox/grid/cells/base.js, providing the class dojox/Grid/DataGrid, are affected by CVE-2018-15494, an unescaped string injection vulnerability. Vulnerability Details CVEID:...

9.8CVSS0.6AI score0.00704EPSS

Exploits2Affected Software1

IBM Security Bulletins•added 2020/06/08 9:18 p.m.•25 views

Security Bulletin: Vulnerability in Dojo Toolkit affecting Watson Knowledge Catalog for IBM Cloud Pak for Data

Summary Unescaped string injection in dojox/Grid/DataGrid is affecting some of the Watson Knowledge Catalog for IBM Cloud Pak for Data web UIs. Vulnerability Details CVEID: CVE-2018-15494 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-suppli...

9.8CVSS0.2AI score0.00704EPSS

Exploits2Affected Software1

IBM Security Bulletins•added 2020/01/16 1:35 p.m.•22 views

Security Bulletin: Various security vulnerabilities in IBM Financial Transaction Manager for SWIFT Services

Summary Various security vulnerabilities in IBM Financial Transaction Manager for SWIFT Services could allow a remote attacker to gain access to unauthorized actions and data. Vulnerability Details CVEID: CVE-2018-15494 DESCRIPTION: In Dojo Toolkit before 1.14, there is unescaped string injection...

9.8CVSS1.2AI score0.00704EPSS

Exploits2Affected Software1

OSV•added 2019/04/08 11:29 p.m.•1 views

DEBIAN-CVE-2019-11025

In clearFilter in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string SNMP Options in the View poller cache, leading to XSS...

5.4CVSS6.9AI score0.0064EPSS

Exploits1References1

Github Security Blog•added 2018/10/15 10:3 p.m.•35 views

dojox vulnerable to unescaped string injection

In Dojo Toolkit before 1.14.0, there is unescaped string injection in dojox/Grid/DataGrid...

9.8CVSS9.2AI score0.00704EPSS

Exploits2References5Affected Software1

Veracode•added 2018/10/02 7:56 a.m.•7 views

Cross-site Scripting (XSS)

primefaces-extensions is vulnerable to cross-site scripting XSS attacks. The library does not escape the string input when setting the menuItem label, allowing a malicious user to inject and execute arbitrary Javascript...

6.1AI score

Exploits0