CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5210 matches found

CNVD•added 2022/05/16 12:0 a.m.•24 views

Totolink N200RE and N100RE Cross-Site Scripting Vulnerability

Totolink N200RE and Totolink N100RE are routers from Totolink.Totolink N200RE and N100RE are vulnerable to cross-site scripting, which can be exploited by attackers to execute arbitrary web scripts or HTML...

6.1CVSS2.6AI score0.00207EPSS

Exploits0References1

Github Security Blog•added 2022/05/14 3:8 a.m.•17 views

Airbnb Knowledge Repo XSS In Comments

Cross-site scripting XSS vulnerability in Airbnb Knowledge Repo prior to 0.9.0 allows remote attackers to inject arbitrary web scripts or HTML via the post comments functionality, as demonstrated by the post/posts/newreport.kp URI...

6.1CVSS6AI score0.00206EPSS

Exploits1References9Affected Software1

OSV•added 2022/05/14 3:8 a.m.•11 views

GHSA-XMW7-848P-P95W Airbnb Knowledge Repo XSS In Comments

6.1CVSS6AI score0.00206EPSS

Exploits1References9

CNVD•added 2022/05/07 12:0 a.m.•18 views

Cyclos 4 PRO Cross-Site Scripting Vulnerability

Cyclos 4 PRO is a web server. A cross-site scripting vulnerability exists in Cyclos 4 PRO version 4.14.7 and earlier, which can be exploited by remote attackers to inject arbitrary web scripts or HTML via the groupId parameter...

4.3CVSS3.2AI score0.02705EPSS

Exploits4Affected Software1

Prion•added 2022/05/04 2:15 p.m.•14 views

Cross site scripting

A reflected cross-site scripting XSS vulnerability in the component Query.php of arPHP v3.6.0 allows attackers to execute arbitrary web scripts...

4.3CVSS6AI score0.0024EPSS

Exploits0References1Affected Software1

CVE•added 2022/05/04 1:11 p.m.•70 views

CVE-2022-28081

The CVE-2022-28081 entry concerns a reflected XSS vulnerability in the arPHP software, specifically in the Query.php component of arPHP v3.6.0 . According to connected sources, the issue arises from improper handling of user-supplied data (lack of data validation and unsafe output in Query.php), ...

6.1CVSS5.9AI score0.0024EPSS

Exploits0References1Affected Software1

Cvelist•added 2022/05/04 1:11 p.m.•13 views

CVE-2022-28081

A reflected cross-site scripting XSS vulnerability in the component Query.php of arPHP v3.6.0 allows attackers to execute arbitrary web scripts...

6.1AI score0.0024EPSS

Exploits0References1

CNNVD•added 2022/05/04 12:0 a.m.•1 views

Web@rchiv 代码问题漏洞

Web@rchiv is a software application. A security vulnerability exists in Web@rchiv version 1.0, which stems from an arbitrary file upload vulnerability. An attacker can exploit this vulnerability to execute arbitrary commands via specially crafted PHP files...

9.8CVSS8.7AI score0.00565EPSS

Exploits1References4

NVD•added 2022/05/03 8:15 p.m.•13 views

CVE-2022-27330

A cross-site scripting XSS vulnerability in /public/admin/index.php?addproduct of E-Commerce Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Title text field...

5.4CVSS0.00206EPSS

Exploits1References1

Prion•added 2022/05/03 8:15 p.m.•21 views

Cross site scripting

3.5CVSS5.3AI score0.00206EPSS

Exploits1References1Affected Software1

Cvelist•added 2022/05/03 8:1 p.m.•21 views

CVE-2022-27330

5.5AI score0.00206EPSS

Exploits1References1

OSV•added 2022/05/03 2:15 p.m.•12 views

CVE-2022-28589

A stored cross-site scripting XSS vulnerability in Pixelimity 1.0 allows attackers to execute arbitrary web scripts or HTML via the Title field in admin/pages.php?action=addnew...

4.8CVSS5.6AI score

Exploits0References1

Cvelist•added 2022/05/03 1:59 p.m.•11 views

CVE-2022-28589

A stored cross-site scripting XSS vulnerability in Pixelimity 1.0 allows attackers to execute arbitrary web scripts or HTML via the Title field in admin/pages.php?action=addnew...

5.2AI score0.00235EPSS

Exploits1References1

NVD•added 2022/05/02 11:15 p.m.•9 views

CVE-2020-23618

A reflected cross site scripting XSS vulnerability in Xtend Voice Logger 1.0 allows attackers to execute arbitrary web scripts or HTML, via the path of the error page...

6.1CVSS0.0024EPSS

Exploits0References2

NVD•added 2022/05/02 11:15 p.m.•16 views

CVE-2020-23617

A cross site scripting XSS vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element...

6.1CVSS0.00207EPSS

Exploits0References2

Prion•added 2022/05/02 11:15 p.m.•14 views

Cross site scripting

A reflected cross site scripting XSS vulnerability in Xtend Voice Logger 1.0 allows attackers to execute arbitrary web scripts or HTML, via the path of the error page...

4.3CVSS6.1AI score0.0024EPSS

Exploits0References2Affected Software1

Prion•added 2022/05/02 11:15 p.m.•12 views

Cross site scripting

A cross site scripting XSS vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element...

4.3CVSS6.1AI score0.00207EPSS

Exploits0References2Affected Software2

Cvelist•added 2022/05/02 10:40 p.m.•17 views

CVE-2020-23617

A cross site scripting XSS vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element...

6.1AI score0.00207EPSS

Exploits0References2

OSV•added 2022/05/01 7:13 a.m.•1 views

GHSA-GJ9C-69CM-7C37 Alkacon OpenCms XSS via unsanitized message body

Cross-site scripting XSS vulnerability in Alkacon OpenCms before 6.2.2 allows remote authenticated users to inject arbitrary web script or HTML via the message body...

5.3CVSS5.6AI score0.00549EPSS

Exploits1References7

OSV•added 2022/04/25 1:15 p.m.•12 views

CVE-2022-27428

A stored cross-site scripting XSS vulnerability in /index.php/album/add of GalleryCMS v2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the albumname parameter...

5.4CVSS5.5AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by