CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5210 matches found

Prion•added 2022/07/18 5:15 p.m.•14 views

Cross site request forgery (csrf)

The FreeMind WP Browser plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.2. This is due to missing nonce protection on the FreemindOptions function found in the /freemind-wp-browser.php file. This makes it possible for unauthenticated attackers t...

6.8CVSS8.4AI score0.00286EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2022/07/18 4:17 p.m.•4 views

CVE-2022-2001

The DX Share Selection plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. This is due to missing nonce protection on the dxssadminpage function found in the /dx-share-selection.php file. This makes it possible for unauthenticated attackers to...

8.8CVSS8.5AI score0.00309EPSS

Exploits0References5

Cvelist•added 2022/07/18 4:16 p.m.•12 views

CVE-2022-1912 Button Widget Smartsoft <= 1.0.1 - Cross-Site Request Forgery to Cross-Site Scripting

The Button Widget Smartsoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation on the smartsoftbuttonsettings page. This makes it possible for unauthenticated attackers to update the plugins settings an...

8.8CVSS8.5AI score0.00252EPSS

Exploits0References3

CNVD•added 2022/07/15 12:0 a.m.•20 views

Fast Food Ordering System跨站脚本漏洞

Fast Food Ordering System is a fast food ordering system. version 1.0 of Fast Food Ordering System is vulnerable to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to inject malicious web scripts...

5.4CVSS2.3AI score0.00181EPSS

Exploits0References1

NVD•added 2022/07/13 4:15 p.m.•10 views

CVE-2022-32074

A stored cross-site scripting XSS vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file...

5.4CVSS0.00975EPSS

Exploits0References3

Github Security Blog•added 2022/07/09 12:0 a.m.•25 views

Known v1.3.1 Cross-site Scripting

A cross-site scripting XSS vulnerability in Known v1.3.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text field. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last...

5.4CVSS5.1AI score0.00434EPSS

Exploits1References6Affected Software1

OSV•added 2022/07/09 12:0 a.m.•11 views

GHSA-G688-7J3C-H9F3 Known v1.3.1 Cross-site Scripting

5.4CVSS5.2AI score0.00434EPSS

Exploits1References5

Prion•added 2022/07/08 12:15 p.m.•18 views

Cross site scripting

A cross-site scripting XSS vulnerability in Known v1.2.2+2020061101 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text field...

3.5CVSS5.2AI score0.00434EPSS

Exploits1References4Affected Software1

Cvelist•added 2022/07/08 11:10 a.m.•24 views

CVE-2022-31290

5.3AI score0.00434EPSS

Exploits1References4

NVD•added 2022/07/07 7:15 p.m.•8 views

CVE-2022-33098

Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting XSS vulnerability via the Edit Contact function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

6.1CVSS0.00835EPSS

Exploits3References1

Prion•added 2022/07/07 7:15 p.m.•10 views

Cross site scripting

4.3CVSS5.9AI score0.00835EPSS

Exploits3References1Affected Software1

Cvelist•added 2022/07/07 6:58 p.m.•13 views

CVE-2022-33098

6.1AI score0.00835EPSS

Exploits3References1

CNNVD•added 2022/07/06 12:0 a.m.•2 views

Cisco Unified Communications Manager 跨站脚本漏洞

Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. A cross-site scripting...

6.1CVSS5.5AI score0.0032EPSS

Exploits0References7

NVD•added 2022/07/05 6:15 p.m.•12 views

CVE-2022-33075

A stored cross-site scripting XSS vulnerability in the Add Classification function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via unspecified vectors...

5.4CVSS0.00187EPSS

Exploits2References3

Prion•added 2022/07/05 6:15 p.m.•15 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in the Add Classification function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via unspecified vectors...

3.5CVSS5.3AI score0.00187EPSS

Exploits2References3Affected Software1

Cvelist•added 2022/07/05 5:33 p.m.•13 views

CVE-2022-33075

A stored cross-site scripting XSS vulnerability in the Add Classification function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via unspecified vectors...

5.4AI score0.00187EPSS

Exploits2References3

Prion•added 2022/06/30 1:15 p.m.•13 views

Cross site scripting

A cross-site scripting XSS vulnerability in the batch add function of Urtracker Premium v4.0.1.1477 allows attackers to execute arbitrary web scripts or HTML via a crafted excel file...

3.5CVSS5.3AI score0.00206EPSS

Exploits1References1Affected Software1

Cvelist•added 2022/06/30 12:13 p.m.•16 views

CVE-2022-33043

A cross-site scripting XSS vulnerability in the batch add function of Urtracker Premium v4.0.1.1477 allows attackers to execute arbitrary web scripts or HTML via a crafted excel file...

5.5AI score0.00206EPSS

Exploits1References1

Cvelist•added 2022/06/27 10:28 p.m.•13 views

CVE-2022-33009

A stored cross-site scripting XSS vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file...

5.2AI score0.00334EPSS

Exploits1References3

CVE•added 2022/06/27 8:56 p.m.•64 views

CVE-2022-33005

Delta Electronics DIAEnergie v1.08.00 contains an XSS vulnerability in the System Settings/IOT Settings module, exploitable via a crafted payload in the Name field. The issue is described across multiple sources (including CVE-2022-33005 entries and Red Hat advisory) as a cross-site scripting fla...

6.1CVSS5.8AI score0.0024EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by