CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13393 matches found

Github Security Blog•added 2022/05/17 4:17 a.m.•23 views

Improper Neutralization of Input During Web Page Generation in Apache Solr

Cross-site scripting XSS vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object...

4.3CVSS5.6AI score0.01382EPSS

Exploits0References3Affected Software1

Github Security Blog•added 2022/05/17 4:17 a.m.•17 views

ZF-Commons ZfcUser Vulnerable to XSS in Login Redirect

Cross-site scripting XSS vulnerability in user/login.phtml in ZF-Commons ZfcUser before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter...

4.3CVSS5.9AI score0.00256EPSS

Exploits1References7Affected Software1

OSV•added 2022/05/17 4:4 a.m.•23 views

GHSA-66VJ-393F-HXFV OpenStack Swift Cross-site Scriping vulnerability

Cross-site scripting XSS vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header...

4.3CVSS5.3AI score0.00445EPSS

Exploits0References11

Github Security Blog•added 2022/05/17 4:4 a.m.•24 views

OpenStack Swift Cross-site Scriping vulnerability

Cross-site scripting XSS vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header...

4.3CVSS5.5AI score0.00445EPSS

Exploits0References11Affected Software1

OSV•added 2022/05/17 4:2 a.m.•22 views

GHSA-9GQJ-PPV2-F2HQ Cross-site Scripting in SmartyException

Cross-site scripting XSS vulnerability in the SmartyException class in Smarty aka smarty-php before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger a Smarty exception...

4.3CVSS5.3AI score0.0057EPSS

Exploits0References8

Github Security Blog•added 2022/05/17 4:2 a.m.•31 views

Cross-site Scripting in SmartyException

4.3CVSS5.9AI score0.0057EPSS

Exploits0References8Affected Software1

Github Security Blog•added 2022/05/17 3:59 a.m.•17 views

Typo3 XSS Vulnerability

Multiple cross-site scripting XSS vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors...

5.4CVSS5.8AI score0.00222EPSS

Exploits0References5Affected Software1

OSV•added 2022/05/17 3:59 a.m.•10 views

GHSA-56F9-5563-M2H7 Typo3 XSS Vulnerability

5.4CVSS5.3AI score0.00222EPSS

Exploits0References4

Github Security Blog•added 2022/05/17 3:59 a.m.•21 views

Dolibarr ERP and CRM contain XSS Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.8.3 allow remote authenticated users to inject arbitrary web script or HTML via the 1 lastname, 2 firstname, 3 email, 4 job, or 5 signature parameter to htdocs/user/card.php...

5.4CVSS5.7AI score0.00222EPSS

Exploits1References7Affected Software1

Github Security Blog•added 2022/05/17 3:59 a.m.•24 views

Improper Neutralization of Input During Web Page Generation in Apache Solr

Multiple cross-site scripting XSS vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the 1 Analysis page, related to webapp/web/js/scripts/analysis.js or 2...

6.1CVSS5.8AI score0.02559EPSS

Exploits0References3Affected Software1

Github Security Blog•added 2022/05/17 3:58 a.m.•26 views

Improper Neutralization of Input During Web Page Generation in Apache Solr

Cross-site scripting XSS vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI...

6.1CVSS5.7AI score0.02074EPSS

Exploits0References4Affected Software1

OSV•added 2022/05/17 3:57 a.m.•18 views

GHSA-WV8G-FX9J-Q2JG phpMyAdmin cross-site scripting Vulnerability via ENUM value

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the 1 table search...

3.5CVSS5.8AI score0.00339EPSS

Exploits0References6

Github Security Blog•added 2022/05/17 3:56 a.m.•27 views

Cross-site Scripting in Apache Jetspeed

Cross-site scripting XSS vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to portal...

6.1CVSS4.2AI score0.02552EPSS

Exploits1References4Affected Software1

Github Security Blog•added 2022/05/17 3:53 a.m.•28 views

Jenkins cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie...

4.3CVSS6AI score0.00137EPSS

Exploits0References5Affected Software1

Github Security Blog•added 2022/05/17 3:53 a.m.•28 views

Improper Neutralization of Input During Web Page Generation in Jenkins

Cross-site scripting XSS vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts...

5.4CVSS5.6AI score0.00289EPSS

Exploits0References5Affected Software1

Github Security Blog•added 2022/05/17 3:50 a.m.•26 views

Djiblets Cross-site scripting Vulnerability via JSON Objects

A cross-site scripting XSS vulnerability in util/templatetags/djbletsjs.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user...

4.3CVSS5.6AI score0.00588EPSS

Exploits1References10Affected Software1

Github Security Blog•added 2022/05/17 3:49 a.m.•30 views

Eugene Pankov Ajenti Cross-site scripting Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in the responderror function in routing.py in Eugene Pankov Ajenti before 1.2.21.7 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 resources.js or 2 resources.css in ajenti:static/, related to the traceback page...

4.3CVSS6AI score0.00367EPSS

Exploits1References8Affected Software1

Github Security Blog•added 2022/05/17 3:47 a.m.•27 views

Drupal Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in Drupal 8.x before 8.1.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an HTTP exception...

6.1CVSS5.7AI score0.0039EPSS

Exploits0References7Affected Software2

OSV•added 2022/05/17 3:46 a.m.•29 views

GHSA-RP9P-863F-9C4H Cross-site Scripting in Apache ActiveMQ

Multiple cross-site scripting XSS vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via 1 the refresh parameter to PortfolioPublishServlet.java aka demo/portfolioPublish or Market Data Publisher, or vectors involving 2...

4.3CVSS8.1AI score0.02575EPSS

Exploits1References9

Github Security Blog•added 2022/05/17 3:38 a.m.•27 views

Moodle XSS Vulnerability

Cross-site scripting XSS vulnerabilities in Moodle CMS on or before 3.1.2 allow remote attackers to inject arbitrary web script or HTML via the sadditionalhtmlhead, sadditionalhtmltopofbody, and sadditionalhtmlfooter parameters...

6.1CVSS6.3AI score0.00239EPSS

Exploits1References4Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by