CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5210 matches found

Cvelist•added 2022/10/31 12:0 a.m.•12 views

CVE-2022-40487

ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload...

6.4AI score0.00496EPSS

Exploits0References2

NVD•added 2022/10/28 5:15 p.m.•7 views

CVE-2022-43169

A stored cross-site scripting XSS vulnerability in the Users Access Groups feature /index.php?module=usersgroups/usersgroups of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New...

5.4CVSS0.07331EPSS

Exploits1References1

NVD•added 2022/10/28 5:15 p.m.•7 views

CVE-2022-43170

A stored cross-site scripting XSS vulnerability in the Dashboard Configuration feature index.php?module=dashboardconfigure/index of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Ad...

5.4CVSS0.05444EPSS

Exploits1References1

NVD•added 2022/10/28 5:15 p.m.•12 views

CVE-2022-43164

A stored cross-site scripting XSS vulnerability in the Global Lists feature /index.php?module=globallists/lists of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add"...

5.4CVSS0.05971EPSS

Exploits1References1

NVD•added 2022/10/28 5:15 p.m.•8 views

CVE-2022-2864

The demon image annotation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7. This is due to missing nonce validation in the /includes/settings.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and...

8.8CVSS0.00182EPSS

Exploits0References3

Prion•added 2022/10/28 5:15 p.m.•9 views

Cross site scripting

4.9CVSS5.1AI score0.05971EPSS

Exploits1References1Affected Software1

Prion•added 2022/10/28 5:15 p.m.•14 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in the Global Entities feature /index.php?module=entities/entities of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Entity"...

4.9CVSS5.1AI score0.04456EPSS

Exploits1References1Affected Software1

Cvelist•added 2022/10/28 4:52 p.m.•10 views

CVE-2022-2864

8.8CVSS8.5AI score0.00182EPSS

Exploits0References3

Vulnrichment•added 2022/10/28 12:0 a.m.•13 views

CVE-2022-43169

5.3AI score0.07331EPSS

Exploits1References1

Vulnrichment•added 2022/10/28 12:0 a.m.•13 views

CVE-2022-43166

5.3AI score0.04456EPSS

Exploits1References1

Vulnrichment•added 2022/10/28 12:0 a.m.•4 views

CVE-2022-43167

A stored cross-site scripting XSS vulnerability in the Users Alerts feature /index.php?module=usersalerts/usersalerts of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add"...

5.3AI score0.05917EPSS

Exploits1References1

NVD•added 2022/10/27 12:15 p.m.•6 views

CVE-2022-42992

Multiple stored cross-site scripting XSS vulnerabilities in Train Scheduler App v1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Train Code, Train Name, and Destination text fields...

5.4CVSS0.00406EPSS

Exploits1References3

Prion•added 2022/10/27 12:15 p.m.•13 views

Cross site scripting

4.9CVSS5.3AI score0.00406EPSS

Exploits1References3Affected Software1

Cvelist•added 2022/10/27 12:0 a.m.•10 views

CVE-2022-32407

Softr v2.0 was discovered to contain a Cross-Site Scripting XSS vulnerability via the First Name parameter under the Create A New Account module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

6AI score0.00247EPSS

Exploits1References2

Cvelist•added 2022/10/27 12:0 a.m.•13 views

CVE-2022-42992

5.6AI score0.00406EPSS

Exploits1References3

Cvelist•added 2022/10/20 12:0 a.m.•16 views

CVE-2022-41358

A stored cross-site scripting XSS vulnerability in Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the categoriesName parameter in createCategories.php...

5.4AI score0.0106EPSS

Exploits4References6

NVD•added 2022/10/19 2:15 p.m.•6 views

CVE-2022-43185

A stored cross-site scripting XSS vulnerability in the Configuration/Holidays module of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter...

5.4CVSS0.04792EPSS

Exploits1References1

Prion•added 2022/10/19 2:15 p.m.•12 views

Cross site scripting

4.9CVSS5.2AI score0.04792EPSS

Exploits1References1Affected Software1

NVD•added 2022/10/17 9:15 p.m.•9 views

CVE-2022-41431

xzs v3.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /admin/question/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...

5.4CVSS0.00406EPSS

Exploits1References4

Prion•added 2022/10/17 9:15 p.m.•17 views

Cross site scripting

4.9CVSS5.3AI score0.00406EPSS

Exploits1References4Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by