CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13393 matches found

OSV•added 2022/05/17 1:55 a.m.•22 views

GHSA-9HW3-4GVP-8MV5 TYPO3 Cross-site scripting (XSS) vulnerability in the click enlarge functionality

Cross-site scripting XSS vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

2.6CVSS5.4AI score0.0065EPSS

Exploits0References10

Github Security Blog•added 2022/05/17 1:55 a.m.•23 views

TYPO3 Cross-site scripting (XSS) vulnerability in the FORM content object

Cross-site scripting XSS vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.6AI score0.00393EPSS

Exploits0References13Affected Software1

OSV•added 2022/05/17 1:49 a.m.•17 views

GHSA-CMPM-JG8R-FV37 Apache Struts Multiple Cross-site Scripting Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 lastName parameter to struts2-showcase/person/editPerson.action, or the 3 clientName parameter to struts2-rest-showcase/orders...

4.3CVSS5.4AI score0.76165EPSS

Exploits1References5

Github Security Blog•added 2022/05/17 1:49 a.m.•21 views

Apache Struts Multiple Cross-site Scripting Vulnerabilities

4.3CVSS6AI score0.76165EPSS

Exploits1References6Affected Software1

OSV•added 2022/05/17 1:48 a.m.•17 views

GHSA-J5FJ-M342-MGCM Fork CMS Multiple XSS Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the 1 type or 2 querystring parameters to private/en/error or 3 name parameter to private/en/locale/index...

4.3CVSS5.5AI score0.11318EPSS

Exploits2References8

OSV•added 2022/05/17 1:46 a.m.•18 views

GHSA-QFR3-29W6-HWPG Typo3 Exception Handler XSS

Cross-site scripting XSS vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages...

4.3CVSS5.3AI score0.00503EPSS

Exploits0References9

OSV•added 2022/05/17 1:43 a.m.•22 views

GHSA-7W6C-5PR4-7QVP Typo3 Backend XSS Vulnerability

Multiple cross-site scripting XSS vulnerabilities in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.1AI score0.00522EPSS

Exploits0References5

Github Security Blog•added 2022/05/17 1:43 a.m.•24 views

Typo3 Install Tool XSS Vulnerability

Cross-site scripting XSS vulnerability in the Install Tool in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.00248EPSS

Exploits0References6Affected Software1

Github Security Blog•added 2022/05/17 1:37 a.m.•15 views

Roundup Cross-site scripting (XSS) vulnerability

Cross-site Scripting XSS vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1...

4.3CVSS5.7AI score0.00407EPSS

Exploits0References11Affected Software1

Github Security Blog•added 2022/05/17 1:37 a.m.•24 views

Roundup Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter...

4.3CVSS6AI score0.00256EPSS

Exploits0References7Affected Software1

Github Security Blog•added 2022/05/17 1:37 a.m.•13 views

Roundup Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link...

4.3CVSS6AI score0.00407EPSS

Exploits0References9Affected Software1

OSV•added 2022/05/17 1:37 a.m.•17 views

GHSA-W563-RQ37-CVQ5 Typo3 Backend History Module Vulnerable to XSS

Cross-site scripting XSS vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5AI score0.00196EPSS

Exploits0References4

OSV•added 2022/05/17 1:37 a.m.•17 views

GHSA-QMMW-CH2Q-J6XX Typo3 Backend API XSS Vulnerability

Cross-site scripting XSS vulnerability in the tree render API TCA-Tree in the Backend API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5AI score0.00196EPSS

Exploits0References5

Github Security Blog•added 2022/05/17 1:37 a.m.•16 views

Typo3 Backend History Module Vulnerable to XSS

3.5CVSS5.6AI score0.00196EPSS

Exploits0References5Affected Software1

Github Security Blog•added 2022/05/17 1:37 a.m.•21 views

Typo3 Backend API XSS Vulnerability

3.5CVSS5.6AI score0.00196EPSS

Exploits0References5Affected Software1

OSV•added 2022/05/17 1:33 a.m.•17 views

GHSA-4894-5VQC-6R2R Django cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget

Cross-site scripting XSS vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField...

6.1CVSS5.2AI score0.00809EPSS

Exploits2References10

Github Security Blog•added 2022/05/17 1:33 a.m.•43 views

Django cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget

4.3CVSS5.2AI score0.00809EPSS

Exploits2References10Affected Software1

OSV•added 2022/05/17 1:33 a.m.•28 views

GHSA-RVRJ-J7CC-236P DotNetNuke (DNN) Cross-site scripting (XSS) vulnerability via the __dnnVariable parameter

Cross-site scripting XSS vulnerability in DotNetNuke DNN before 6.2.9 and 7.x before 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the dnnVariable parameter to the default URI...

4.3CVSS5.4AI score0.00269EPSS

Exploits2References6

OSV•added 2022/05/17 1:29 a.m.•19 views

GHSA-R8M7-792J-5JVQ TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component

Multiple cross-site scripting XSS vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified...

3CVSS5.1AI score0.00335EPSS

Exploits0References9

Github Security Blog•added 2022/05/17 1:29 a.m.•23 views

TYPO3 Cross-site scripting (XSS) vulnerability in the Extbase Framework

Cross-site scripting XSS vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers t...

2.6CVSS5.9AI score0.00486EPSS

Exploits0References8Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by