CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13393 matches found

Github Security Blog•added 2022/05/24 5:7 p.m.•11 views

Dolibarr cross-site scripting (XSS) vulnerability

Multiple cross-site scripting XSS vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 labellibelle parameter to the /htdocs/admin/dict.php?id=3 page; the 2 nameconstname parameter to the /htdocs/admin/const.php?mainmenu=home page; the 3...

6.1CVSS6.1AI score0.00542EPSS

Exploits1References4Affected Software1

Github Security Blog•added 2022/05/24 4:51 p.m.•26 views

SunHater KCFinder cross-site scripting (XSS) vulnerability in upload.php

A cross-site scripting XSS vulnerability in upload.php in SunHater KCFinder 3.20-test1, 3.20-test2, 3.12, and earlier allows remote attackers to inject arbitrary web script or HTML via the CKEditorFuncNum parameter...

6.1CVSS5.8AI score0.00189EPSS

Exploits1References4Affected Software1

OSV•added 2022/05/24 4:51 p.m.•15 views

GHSA-VWH5-78JC-HPJX SunHater KCFinder cross-site scripting (XSS) vulnerability in upload.php

6.1CVSS5.9AI score0.00189EPSS

Exploits1References4

Cvelist•added 2022/05/17 10:47 a.m.•14 views

CVE-2021-42943

Stored cross-site scripting XSS in admin/usermanager.php over IPPlan v4.92b allows remote attackers to inject arbitrary web script or HTML via the userid parameter...

5.5AI score0.00143EPSS

Exploits1References1

Github Security Blog•added 2022/05/17 5:52 a.m.•20 views

Apache Struts is vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of 1 " double quote characters in the href attribute of an s:a tag and 2...

4.3CVSS6AI score0.0143EPSS

Exploits0References10Affected Software1

OSV•added 2022/05/17 5:50 a.m.•18 views

GHSA-QJ7X-WM9Q-QJX8 Plone Cross-site Scripting vulnerability in PortalTransforms

Cross-site scripting XSS vulnerability in PortalTransforms in Plone 2.1 through 3.3.5 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safehtml transform...

6.1CVSS5.3AI score0.00392EPSS

Exploits0References6

Github Security Blog•added 2022/05/17 5:49 a.m.•15 views

HTML Purifier Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.3AI score0.00467EPSS

Exploits0References11Affected Software1

OSV•added 2022/05/17 5:49 a.m.•15 views

GHSA-6RM6-MJMH-86JQ HTML Purifier Cross-site Scripting (XSS) vulnerability

4.3CVSS5.3AI score0.00467EPSS

Exploits0References11

Github Security Blog•added 2022/05/17 5:49 a.m.•22 views

MoinMoin Cross-site Scripting (XSS) vulnerability

Multiple cross-site scripting XSS vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to 1 Page.py, 2 PageEditor.py, 3 PageGraphicalEditor.py, 4 action/CopyPage.py, 5...

4.3CVSS6AI score0.01315EPSS

Exploits1References19Affected Software1

Github Security Blog•added 2022/05/17 5:49 a.m.•24 views

MoinMoin cross-site scripting (XSS) vulnerability

Multiple cross-site scripting XSS vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to 1 action/LikePages.py, 2 action/chart.py, and 3 action/userprofile.py, a similar issue to...

4.3CVSS6.2AI score0.00598EPSS

Exploits0References15Affected Software1

Github Security Blog•added 2022/05/17 5:49 a.m.•21 views

MoinMoin cross-site scripting (XSS) vulnerability

Multiple cross-site scripting XSS vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to 1 action/SlideShow.py, 2 action/anywikidraw.py, and 3 action/languagesetup.py, a similar issue to CVE-2010-2487...

4.3CVSS6.2AI score0.00598EPSS

Exploits0References15Affected Software1

Github Security Blog•added 2022/05/17 5:48 a.m.•22 views

Drupal cross-site scripting vulnerability via actions feature and trigger module

Multiple cross-site scripting XSS vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via 1 an action description, 2 an action message, 3 a node, or 4 a taxonomy term, related to the actions feature and the...

2.1CVSS5.7AI score0.00218EPSS

Exploits0References8Affected Software1

OSV•added 2022/05/17 5:48 a.m.•22 views

GHSA-PJMX-4GC6-HWV8 Drupal cross-site scripting vulnerability via actions feature and trigger module

2.1CVSS6AI score0.00218EPSS

Exploits0References8

Github Security Blog•added 2022/05/17 5:40 a.m.•18 views

Plone XSS Vulnerability

Cross-site scripting XSS vulnerability in skins/plonetemplates/defaulterrormessage.pt in Plone before 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the typename parameter to Members/ipa/createObject...

4.3CVSS5.9AI score0.00286EPSS

Exploits1References6Affected Software1

OSV•added 2022/05/17 5:40 a.m.•11 views

GHSA-CVWC-G7FW-7XRJ Plone XSS Vulnerability

4.3CVSS5.5AI score0.00286EPSS

Exploits1References5

Github Security Blog•added 2022/05/17 5:23 a.m.•28 views

Typo3 Backend XSS Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.7AI score0.00287EPSS

Exploits0References6Affected Software1

OSV•added 2022/05/17 5:23 a.m.•22 views

GHSA-7WWR-P84Q-QR3Q Typo3 Backend XSS Vulnerabilities

3.5CVSS5.1AI score0.00287EPSS

Exploits0References5

Github Security Blog•added 2022/05/17 5:22 a.m.•12 views

Silverstripe XSS Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via 1. a crafted string to the AbsoluteLinks 1. BigSummary 1. ContextSummary 1. EscapeXML 1. FirstParagraph 1. FirstSentence 1...

4.3CVSS6AI score0.00295EPSS

Exploits1References9Affected Software1

Github Security Blog•added 2022/05/17 5:17 a.m.•16 views

MoinMoin Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the rsslink function in theme/init.py in MoinMoin before 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link...

4.3CVSS5.9AI score0.00407EPSS

Exploits1References9Affected Software1

Github Security Blog•added 2022/05/17 5:16 a.m.•22 views

phpMyAdmin multiple cross-site scripting vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of 1 an event, 2 a procedure, or 3 a trigger...

3.5CVSS5.6AI score0.00208EPSS

Exploits1References7Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by