CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

33 matches found

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-15596

Malware in sbrugna...

6.1CVSS6.2AI score0.01038EPSS

Exploits3References5

Veracode•added 2018/03/23 2:20 a.m.•27 views

Cross-site Scripting (XSS)

rails-html-sanitizer is vulnerable to cross-site scripting XSS attacks. Attackers can use non-whiltelisted attributes within sanitized output to inject and execute arbitrary webscript...

6.1CVSS6.3AI score0.00121EPSS

Exploits0References2Affected Software53

Veracode•added 2018/03/22 4:48 a.m.•17 views

Cross-site Scripting (XSS)

spring-batch-admin-manager is vulnerable to stored cross-site scripting XSS attacks. Attackers can inject arbitrary webscript or HTML using the file upload feature...

6.1CVSS5.8AI score0.00304EPSS

Exploits0References2Affected Software1

Veracode•added 2018/02/05 1:6 a.m.•38 views

Cross-site Scripting (XSS)

dijit is vulnerable to cross-site scripting XSS attacks. Attackers can execute arbitrary webscript through the onload attributes of SVG elements...

6.1CVSS6AI score0.00199EPSS

Exploits1References3Affected Software2

Veracode•added 2018/01/31 5:56 a.m.•21 views

Cross-site Scripting (XSS)

Kibana is vulnerable to cross-site scripting XSS attacks. This is because the visualization title is enabled in render function of visualizeembeddablefactory.js which allows an attacker to inject and execute arbitrary webscript...

6.1CVSS5.9AI score0.00375EPSS

Exploits0References4Affected Software1

Veracode•added 2018/01/31 5:25 a.m.•22 views

Cross-site Scripting (XSS)

Kibana is vulnerable to cross-site scripting XSS attacks. Attackers can use the labs visualizations in Kibana to insert and execute arbitrary webscript...

6.1CVSS6AI score0.00353EPSS

Exploits0References3Affected Software1

Veracode•added 2018/01/03 6:27 a.m.•14 views

Cross-site Scripting (XSS)

MapProxy is vulnerable to cross-site scripting XSS attacks. Attackers can use the format and srs parameters in the demo page to inject and execute arbitrary webscript...

6.1CVSS6AI score0.00229EPSS

Exploits1References1Affected Software1

Veracode•added 2017/11/20 5:42 a.m.•10 views

Cross-site Scripting (XSS)

symphonycms/symphony-2 is vulnerable to cross-site scripting XSS attacks. The application does not properly sanitize multiple parameters in the symphony/content/content.publish.php file. This allows an authenticated malicious user to inject and execute arbitrary webscript...

6.1AI score

Exploits0

Veracode•added 2017/11/08 8:26 a.m.•5 views

Cross-site Scripting (XSS)

github.com/koding/koding is vulnerable to cross-site scripting XSS attacks. The library does not properly encode content in client/Main/CommonViews/suggestedtokenview.coffee, allowing a malicious user to inject and execute arbitrary webscript...

6.1AI score

Exploits0

Veracode•added 2017/11/08 7:20 a.m.•8 views

Cross-site Scripting (XSS)

dweeves/magmi is vulnerable to cross-site scripting XSS attacks. The library does not sanitize the profile variable before rendering the profile panel, allowing a malicious user to inject and execute arbitrary webscript...

6.1AI score

Exploits0

Veracode•added 2017/10/25 2:22 a.m.•13 views

Cross-site Scripting (XSS)

keystone is vulnerable to cross-site scripting XSS attacks. Authenticated administrators can leverage the lack of sanitization in the content brief and content extended fields to inject and execute arbitrary webscript...

4.8CVSS5.1AI score0.00466EPSS

Exploits4References5Affected Software1

Veracode•added 2017/10/25 1:55 a.m.•12 views

Cross-site Scripting (XSS)

keystone is vulnerable to cross-site scripting XSS attacks. These attacks are possible through the fields/types/markdown/MarkdownType.js file because the markdown is not sanitized. This allows attackers to inject and execute arbitrary webscript...

6.1CVSS5.5AI score0.03604EPSS

Exploits5References6Affected Software1

Veracode•added 2017/10/13 8:48 a.m.•3 views

Cross-site Scripting (XSS)

typo3/cms is vulnerable to cross-site scripting XSS attacks. The application contains a .swf file that is that fails to sanitize user input, allowing a malicious user to inject and execute arbitrary webscript...

6.1AI score

Exploits0

Veracode•added 2017/09/29 8:50 a.m.•24 views

Cross-site Scripting (XSS)

WordPress is vulnerable to cross-site scripting XSS attacks. The library does not properly handle HTML elements in the oEmbed sandbox before rendering, allowing a malicious user to inject and execute arbitrary webscript...

6.1CVSS7.4AI score0.07679EPSS

Exploits0References6Affected Software2

Veracode•added 2017/09/20 7:36 a.m.•14 views

Cross-site Scripting (XSS)

kallithea is vulnerable to cross-site scripting XSS attacks. The does not properly sanitize multiple strings, allowing a malicious user to inject and execute arbitrary webscript...

5.4CVSS5.6AI score0.00372EPSS

Exploits1References5Affected Software1

Veracode•added 2017/09/12 9:4 a.m.•6 views

Cross-Site Scripting (XSS)

drupal/core is susceptible to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary webscript through the title field when a node is created through the quick edit module...

6.1AI score

Exploits0

Veracode•added 2017/09/05 1:18 p.m.•6 views

Cross-site Scripting (XSS)

automattic/jetpack is vulnerable to cross-site scripting XSS attacks. The library does not parse LaTeX markup correctly, allowing a malicious user to inject and execute arbitrary webscript...

6.1AI score

Exploits0

Veracode•added 2017/08/04 3:9 a.m.•24 views

Cross-Site Scripting (XSS)

WordPress is vulnerable to cross-site scripting XSS attacks. The application uses offsite redirects which allows the attackers to inject and execute arbitrary webscript...

4.3CVSS5.6AI score0.02327EPSS

Exploits0References12Affected Software2

Veracode•added 2017/08/02 8:50 a.m.•27 views

Cross-site Scripting (XSS)

WordPress is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary webscript through the name or version header of a plugin...

6.1CVSS7.4AI score0.00882EPSS

Exploits0References3Affected Software2

Veracode•added 2017/07/30 9:28 a.m.•14 views

Cross-site Scripting (XSS)

Moodle is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary webscript through additionalhtmlhead, additionalhtmltopofbody, or additionalhtmlfooter...

6.1CVSS6AI score0.00239EPSS

Exploits1References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by