Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (46243 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2012-0936 1 Opennms.org 1 Opennms 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java in OpenNMS 1.8.x before 1.8.17, 1.9.93 and earlier, and 1.10.x before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via the Username field, related to login.
CVE-2012-6574 2 Drupal, Soprano 2 Drupal, Fonecta Verify 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Fonecta verify module 7.x-1.x before 7.x-1.6 for Drupal allows remote attackers from certain sources to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5664 1 Paloaltonetworks 1 Pan-os 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the web-based device-management API browser in Palo Alto Networks PAN-OS before 4.1.13 and 5.0.x before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via crafted data, aka Ref ID 50908.
CVE-2012-0746 1 Ibm 6 Change And Configuration Management Database, Maximo Asset Management, Maximo Service Desk and 3 more 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5670 1 S9y 1 Serendipity 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php in the htmlarea SpellChecker module, as used in Serendipity before 1.7.3 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the to_r_list parameter.
CVE-2012-0715 1 Ibm 2 Ilog Jviews Gantt, Tivoli Change And Configuration Management Database 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Gantt applet viewer in IBM Tivoli Change and Configuration Management Database (CCMDB) 7.2.1 and IBM ILOG JViews Gantt allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-0707 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in IBM WebSphere Lombardi Edition 7.2 allows remote attackers to inject arbitrary web script or HTML via crafted text input to a coach that is configured with a document attachment control section.
CVE-2012-0696 1 Ibm 2 Cognos Executive Viewer, Cognos Tm1 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Executive Viewer (EV) in IBM Cognos TM1 before 9.5 FP1 allow remote attackers to inject arbitrary web script or HTML via unspecified requests to (1) aspnet_client or (2) evserver/createcontrol.js.
CVE-2013-3421 1 Cisco 1 Secure Access Control System 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Help index page in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud75170.
CVE-2013-3413 1 Cisco 1 Identity Services Engine Software 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the search form in the administration/monitoring panel on the Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuh87036.
CVE-2012-0688 1 Tibco 5 Activematrix Bpm, Activematrix Businessworks Service Engine, Activematrix Service Bus and 2 more 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-2244 1 Moodle 1 Moodle 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in lib/conditionlib.php in Moodle 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the conditional access rule value of a user field.
CVE-2012-6369 1 1password 1 1password 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Troubleshooting Reporting System feature in AgileBits 1Password 3.9.9 might allow remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header that is not properly handled in a View Troubleshooting Report action.
CVE-2012-6360 1 Ibm 1 Intelligent Operations Center 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in IBM Intelligent Operations Center 1.5.0 allows remote attackers to inject arbitrary web script or HTML via event data fields.
CVE-2012-0589 1 Apple 1 Iphone Os 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0588.
CVE-2013-6019 1 Tylertech 1 Taxweb 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to inject arbitrary web script or HTML via the accountNum parameter to an unspecified component.
CVE-2013-3396 1 Cisco 1 Content Security Management Appliance 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Content Security Management on Security Management Appliance (SMA) devices allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuh24749.
CVE-2012-6312 2 Video-lead-form, Wordpress 2 Uk-cookie, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form action to wp-admin/admin.php.
CVE-2013-2201 1 Wordpress 1 Wordpress 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) uploads of media files, (2) editing of media files, (3) installation of plugins, (4) updates to plugins, (5) installation of themes, or (6) updates to themes.
CVE-2012-6149 1 Redhat 4 Network Satellite, Satellite, Satellite 5 Managed Db and 1 more 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) content values of a note in a system.addNote XML-RPC call.