CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5207 matches found

NVD•added 2021/12/22 11:15 p.m.•9 views

CVE-2020-20597

A cross-site scripting XSS vulnerability in the potrtalItemName parameter in \web\PortalController.java of lemon V1.10.0 allows attackers to execute arbitrary web scripts or HTML...

6.1CVSS0.0033EPSS

Exploits1References1

OSV•added 2021/12/22 11:15 p.m.•7 views

CVE-2020-20598

A cross-site scripting XSS vulnerability in the Editing component of lemon V1.10.0 allows attackers to execute arbitrary web scripts or HTML...

6.1CVSS6AI score

Exploits0References1

NVD•added 2021/12/22 11:15 p.m.•14 views

CVE-2020-20598

A cross-site scripting XSS vulnerability in the Editing component of lemon V1.10.0 allows attackers to execute arbitrary web scripts or HTML...

6.1CVSS0.0033EPSS

Exploits1References1

OSV•added 2021/12/22 11:15 p.m.•10 views

CVE-2020-20597

A cross-site scripting XSS vulnerability in the potrtalItemName parameter in \web\PortalController.java of lemon V1.10.0 allows attackers to execute arbitrary web scripts or HTML...

6.1CVSS6AI score

Exploits0References1

Prion•added 2021/12/22 11:15 p.m.•13 views

Cross site scripting

A cross-site scripting XSS vulnerability in the potrtalItemName parameter in \web\PortalController.java of lemon V1.10.0 allows attackers to execute arbitrary web scripts or HTML...

4.3CVSS6AI score0.0033EPSS

Exploits1References1Affected Software1

Prion•added 2021/12/22 11:15 p.m.•15 views

Cross site scripting

A cross-site scripting XSS vulnerability in the Editing component of lemon V1.10.0 allows attackers to execute arbitrary web scripts or HTML...

4.3CVSS6AI score0.0033EPSS

Exploits1References1Affected Software1

Cvelist•added 2021/12/22 10:40 p.m.•11 views

CVE-2020-20598

A cross-site scripting XSS vulnerability in the Editing component of lemon V1.10.0 allows attackers to execute arbitrary web scripts or HTML...

6AI score0.0033EPSS

Exploits1References1

Cvelist•added 2021/12/22 10:40 p.m.•12 views

CVE-2020-20597

A cross-site scripting XSS vulnerability in the potrtalItemName parameter in \web\PortalController.java of lemon V1.10.0 allows attackers to execute arbitrary web scripts or HTML...

6AI score0.0033EPSS

Exploits1References1

CVE•added 2021/12/22 10:40 p.m.•44 views

CVE-2020-20597

The CVE-2020-20597 entry concerns a cross-site scripting (XSS) vulnerability in Lemon OA version 1.10.0, affecting the potrtalItemName parameter in webPortalController.java. Public descriptions across NVD/Red Hat CNVD/etc confirm the root cause is unescaped user input in that parameter, enabling ...

6.1CVSS6AI score0.0033EPSS

Exploits1References1Affected Software1

CNVD•added 2021/12/19 12:0 a.m.•14 views

WordPress duoFAQ - Responsive, Flat, Simple FAQ plugin cross-site scripting vulnerability

duoFAQ - Responsive, Flat, Simple FAQ plugin is a WordPress open source application plugin. duoFAQ - Responsive, Flat, Simple FAQ plugin for WordPress suffers from a cross-site scripting vulnerability. The vulnerability stems from a lack of data validation filtering of user-supplied data and...

6.1CVSS1.9AI score0.0021EPSS

Exploits0References1

CNVD•added 2021/12/19 12:0 a.m.•16 views

WordPress WooCommerce Plugin Cross-Site Scripting Vulnerability (CNVD-2021-101686)

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is a WordPress open source application plugin. cross-site scripting vulnerability exists in the...

6.4CVSS2AI score0.00324EPSS

Exploits0References1

CNVD•added 2021/12/17 12:0 a.m.•18 views

Zimbra Cross-Site Scripting Vulnerability

Zimbra is an open source email collaboration platform from Zimbra, Inc. Zimbra Collaboration 8.8.12 is vulnerable to cross-site scripting, which can be exploited by attackers to execute arbitrary web scripts or HTML via host header injection...

6.1CVSS3.1AI score0.01256EPSS

Exploits0References1

WPVulnDB•added 2021/12/16 12:0 a.m.•26 views

Crisp Live Chat < 0.32 - CSRF to Stored Cross-Site Scripting

The plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the crisppluginsettingspage function found in the /crisp.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 0.31...

8.8CVSS3.8AI score0.00092EPSS

Exploits0References1Affected Software1

NVD•added 2021/12/15 11:15 p.m.•12 views

CVE-2020-18984

A reflected cross-site scripting XSS vulnerability in the zimbraAdmin/public/secureRequest.jsp component of Zimbra Collaboration 8.8.12 allows unauthenticated attackers to execute arbitrary web scripts or HTML via a host header injection...

6.1CVSS0.01256EPSS

Exploits0References1

Prion•added 2021/12/15 11:15 p.m.•16 views

Cross site scripting

4.3CVSS6.2AI score0.01256EPSS

Exploits0References1Affected Software1

Cvelist•added 2021/12/15 10:17 p.m.•15 views

CVE-2020-18984

6.2AI score0.01256EPSS

Exploits0References1

NVD•added 2021/12/14 4:15 p.m.•14 views

CVE-2021-39314

The WooCommerce EnvioPack WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the dataid parameter found in the /includes/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2...

6.1CVSS0.0021EPSS

Exploits0References2

NVD•added 2021/12/14 4:15 p.m.•8 views

CVE-2021-39309

The Parsian Bank Gateway for Woocommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via and parameter due to a vardump on $POST variables found in the /vendor/dpsoft/parsian-payment/sample/rollback-payment.php file which allows attackers to inject arbitrary web scripts, in...

6.1CVSS0.0021EPSS

Exploits0References2

NVD•added 2021/12/14 4:15 p.m.•8 views

CVE-2021-39313

The Simple Image Gallery WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the /simple-image-gallery.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6...

6.1CVSS0.0021EPSS

Exploits0References2

Prion•added 2021/12/14 4:15 p.m.•15 views

Cross site scripting

The link-list-manager WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the category parameter found in the /llm.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...

4.3CVSS6.1AI score0.0021EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by