CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5207 matches found

WPVulnDB•added 2021/09/09 12:0 a.m.•20 views

GNU-Mailman Integration <= 1.0.6 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the gmerror parameter found in the /includes/admin/mailing-lists-page.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS5.2AI score0.0021EPSS

Exploits1References1Affected Software1

WPVulnDB•added 2021/09/09 12:0 a.m.•13 views

Border Loading Bar <= 1.0.1 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the f and t parameter found in the /titan-framework/iframe-googlefont-preview.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.8AI score0.0021EPSS

Exploits1References1Affected Software1

WPVulnDB•added 2021/09/09 12:0 a.m.•20 views

SMS OVH <= 0.1 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the position parameter found in the /sms-ovh-sent.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.7AI score0.0021EPSS

Exploits0References1Affected Software1

CNNVD•added 2021/09/09 12:0 a.m.•3 views

JEESNS 跨站脚本漏洞

JEESNS is a social management system developed on the JAVA enterprise platform. An attacker can use this vulnerability to execute arbitrary Web scripts or HTML...

6.1CVSS6AI score0.01992EPSS

Exploits1References3

WPVulnDB•added 2021/09/09 12:0 a.m.•18 views

On Page SEO + Whatsapp Chat Button < 1.0.2 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /settings.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS3.9AI score0.0021EPSS

Exploits1References1Affected Software1

WPVulnDB•added 2021/09/09 12:0 a.m.•24 views

Feedify Web Push Notifications <= 2.1.8 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the eedifymsg parameter found in the /includes/base.php which allows attackers to inject arbitrary web scripts...

4.3CVSS4.7AI score0.0021EPSS

Exploits1References1Affected Software1

WPVulnDB•added 2021/09/08 12:0 a.m.•21 views

Twitter Friends Widget <= 3.1 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the pmcTFuser and pmcTFpassword parameter found in the /twitter-friends-widget.php file which allows attackers to inject arbitrary web scripts...

4.3CVSS4.7AI score0.0021EPSS

Exploits1References1Affected Software1

WPVulnDB•added 2021/09/08 12:0 a.m.•20 views

Konnichiwa! Membership <= 0.8.3 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the planid parameter in the /views/subscriptions.html.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.7AI score0.0021EPSS

Exploits1References1Affected Software1

WPVulnDB•added 2021/09/08 12:0 a.m.•21 views

RentPress <= 6.6.4 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the selections parameter found in the /src/rentPress/AjaxRequests.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.3AI score0.0021EPSS

Exploits1References1Affected Software1

WPVulnDB•added 2021/09/08 12:0 a.m.•19 views

simpleSAMLphp Authentication <= 0.7.0 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /simplesamlphp-authentication.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.1AI score0.00258EPSS

Exploits1References1Affected Software1

Prion•added 2021/08/30 7:15 p.m.•14 views

Cross site scripting

The WordPress Real Media Library WordPress plugin is vulnerable to Stored Cross-Site Scripting via the name parameter in the /inc/overrides/lite/rest/Folder.php file which allows author-level attackers to inject arbitrary web scripts in folder names, in versions up to and including 4.14.1...

3.5CVSS5.2AI score0.00171EPSS

Exploits0References1Affected Software1

NVD•added 2021/08/30 6:15 p.m.•5 views

CVE-2020-18126

Multiple stored cross-site scripting XSS vulnerabilities in the Sections module of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML...

5.4CVSS0.00172EPSS

Exploits1References1

Prion•added 2021/08/30 6:15 p.m.•7 views

Cross site scripting

Multiple stored cross-site scripting XSS vulnerabilities in the Sections module of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML...

3.5CVSS5.5AI score0.00172EPSS

Exploits1References1Affected Software1

Cvelist•added 2021/08/30 4:4 p.m.•11 views

CVE-2020-18125

A reflected cross-site scripting XSS vulnerability in the /plugin/ajax.php component of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML...

6AI score0.00201EPSS

Exploits1References1

Cvelist•added 2021/08/30 4:4 p.m.•11 views

CVE-2020-18126

Multiple stored cross-site scripting XSS vulnerabilities in the Sections module of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML...

5.5AI score0.00172EPSS

Exploits1References1

NVD•added 2021/08/26 3:15 a.m.•10 views

CVE-2020-19704

A stored cross-site scripting XSS vulnerability via ResourceController.java in spring-boot-admin as of 20190710 allows attackers to execute arbitrary web scripts or HTML...

5.4CVSS0.00172EPSS

Exploits1References1

OSV•added 2021/08/26 3:15 a.m.•15 views

CVE-2020-19703

A cross-site scripting XSS vulnerability in the referer parameter of Dzzoffice 2.02 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

6.1CVSS5.7AI score0.00201EPSS

Exploits1References1

NVD•added 2021/08/26 3:15 a.m.•11 views

CVE-2020-19703

A cross-site scripting XSS vulnerability in the referer parameter of Dzzoffice 2.02 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

6.1CVSS0.00201EPSS

Exploits1References1

Prion•added 2021/08/26 3:15 a.m.•17 views

Cross site scripting

A cross-site scripting XSS vulnerability in the referer parameter of Dzzoffice 2.02 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

4.3CVSS5.9AI score0.00201EPSS

Exploits1References1Affected Software1

Cvelist•added 2021/08/26 2:22 a.m.•12 views

CVE-2020-19704

A stored cross-site scripting XSS vulnerability via ResourceController.java in spring-boot-admin as of 20190710 allows attackers to execute arbitrary web scripts or HTML...

5.4AI score0.00172EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by