CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

27433 matches found

CNVD•added 2023/07/31 12:0 a.m.•17 views

Availability Booking Calendar PHP Cross Site Scripting Vulnerability

Availability Booking Calendar PHP is GZ Scripts open source an availability booking calendar system . Availability Booking Calendar PHP v1.0 version of a cross-site scripting vulnerability , the vulnerability stems from the file index.php parameter promocode on the user-supplied data lack of...

5.4CVSS6.6AI score0.00502EPSS

Exploits1References1

CNVD•added 2023/07/27 12:0 a.m.•9 views

Diafan CMS Cross-Site Scripting Vulnerability

Diafan CMS is a website builder from Diafan. It is used to create online stores. A cross-site scripting vulnerability exists in Diafan CMS v6.0, which originates from the lack of effective filtering and escaping of user-supplied data in the catid parameter of /shop/?module=shop&action=search, whi...

6.1CVSS6.3AI score0.00493EPSS

Exploits1References1

CNVD•added 2023/07/27 12:0 a.m.•20 views

BloodBank Cross-Site Scripting Vulnerability

BloodBank is a responsive blood bank and donor content management system CMS. A cross-site scripting vulnerability exists in BloodBank version 1.1, which stems from a lack of effective filtering and escaping of user-supplied data in the file page.php, and can be exploited by an attacker to execut...

5.8CVSS6.2AI score0.00317EPSS

Exploits0Affected Software1

CNVD•added 2023/07/27 12:0 a.m.•12 views

Boom CMS Cross-Site Scripting Vulnerability

Boom CMS is a website builder from Boom CMS in the UK. Boom CMS version 8.0.7 suffers from a cross-site scripting vulnerability, which stems from the lack of effective filtering and escaping of user-supplied data in the title/description parameter of the assets-manager component, which can be...

5.4CVSS6.4AI score0.00519EPSS

Exploits1References1

CNNVD•added 2023/07/26 12:0 a.m.•3 views

Trudesk 跨站脚本漏洞

Trudesk is an open source helpdesk/ticketing solution from Trudesk, Inc. A security vulnerability exists in Trudesk version 1.2.2 that stems from the presence of a cross-site scripting XSS vulnerability. An attacker can exploit this vulnerability to execute arbitrary web script or HTML code via a...

6.1CVSS6.4AI score0.00357EPSS

Exploits0References3

Vulnrichment•added 2023/07/26 12:0 a.m.•18 views

CVE-2022-31455

A cross-site scripting XSS vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a user chat box...

5.8AI score0.00357EPSS

Exploits0References2

Veracode•added 2023/07/23 2:44 p.m.•12 views

Cross-site Scripting (XSS)

odoo is vulnerable to Cross-site scripting XSS. The vulnerability allows a malicious attacker to inject arbitrary web script into a users browser by posting crafted content...

6.1CVSS6.4AI score0.00557EPSS

Exploits0References3Affected Software1

CNVD•added 2023/07/17 12:0 a.m.•18 views

Discourse cross-site scripting vulnerability (CNVD-2023-60471)

Discourse is an open source community discussion platform. The platform includes features such as community, email and chat rooms. Discourse suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which ca...

6.8CVSS6.3AI score0.00347EPSS

Exploits0References1

CNVD•added 2023/07/16 12:0 a.m.•18 views

Geeklog Cross-Site Scripting Vulnerability

Geeklog is open source software that can be used as a Weblog, CMS or Web Portal. Geeklog suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute arbitrary w...

4.8CVSS6.6AI score0.00456EPSS

Exploits1References1

CNVD•added 2023/07/16 12:0 a.m.•13 views

ImpressCMS Cross-Site Scripting Vulnerability (CNVD-2023-59104)

ImpressCMS is a MySQL-based, modular content management system CMS. The system includes modules for press releases, forums and photo albums. A cross-site scripting vulnerability exists in ImpressCMS v1.4.5 and earlier versions, which stems from the lack of effective filtering and escaping of...

4.8CVSS6.3AI score0.00395EPSS

Exploits1References1

CNVD•added 2023/07/12 12:0 a.m.•15 views

TeamPass cross-site scripting vulnerability (CNVD-2023-67077)

TeamPass is an open source password manager. TeamPass 3.0.10 prior to the version of the cross-site scripting vulnerability , the vulnerability stems from the Default session expiration time function of the user-supplied data lack of effective filtering and escaping , the vulnerability can be...

4.9CVSS7.1AI score0.00526EPSS

Exploits1Affected Software1

CNVD•added 2023/07/10 12:0 a.m.•32 views

Cisco Webex Meetings Cross-Site Scripting Vulnerability (CNVD-2023-62934)

Cisco Webex Meetings is a set of video conferencing solutions from Cisco USA. Cisco Webex Meetings suffers from a cross-site scripting vulnerability that stems from a lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute arbitrary Web...

4.9CVSS6.3AI score0.00517EPSS

Exploits0

CNVD•added 2023/07/10 12:0 a.m.•12 views

BageCMS Cross-Site Scripting Vulnerability

BageCMS is a cross-platform content management system CMS based on PHP and MySQL by the BageCMS team in China. A cross-site scripting vulnerability exists in BageCMS v3.1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the custom settings module, and can ...

5.4CVSS6.4AI score0.00297EPSS

Exploits1References1

NVD•added 2023/07/07 4:15 p.m.•12 views

CVE-2023-29998

A Cross-site scripting XSS vulnerability in the content editor in Gis3W g3w-suite 3.5 allows remote authenticated users to inject arbitrary web script or HTML and gain privileges via the description parameter...

5.4CVSS5.3AI score0.00454EPSS

Exploits1References2

Prion•added 2023/07/07 4:15 p.m.•15 views

Cross site scripting

4.9CVSS5.3AI score0.00454EPSS

Exploits1References2Affected Software1

Cvelist•added 2023/07/07 12:0 a.m.•18 views

CVE-2023-29998

5.5AI score0.00454EPSS

Exploits1References2

OSV•added 2023/07/06 3:15 p.m.•3 views

CVE-2023-37122

A stored cross-site scripting XSS vulnerability in Bagecms v3.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Settings module...

5.4CVSS5.9AI score0.00297EPSS

Exploits1References1

NVD•added 2023/07/06 3:15 p.m.•13 views

CVE-2023-36970

A Cross-site scripting XSS vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function...

5.4CVSS5.4AI score0.00469EPSS

Exploits1References1

Prion•added 2023/07/06 3:15 p.m.•20 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in the Basic Website Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

4.9CVSS5.2AI score0.00325EPSS

Exploits1References1Affected Software1

Prion•added 2023/07/06 3:15 p.m.•21 views

Cross site scripting

A Cross-site scripting XSS vulnerability in CMS Made Simple v2.2.17 allows remote attackers to inject arbitrary web script or HTML via the File Upload function...

4.9CVSS5.4AI score0.00469EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by