Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (45837 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2015-0862 1 Pivotal Software 1 Rabbitmq Management 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the management web UI in the RabbitMQ management plugin before 3.4.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) message details when a message is unqueued, such as headers or arguments; (2) policy names, which are not properly handled when viewing policies; (3) details for AMQP network clients, such as the version; allow remote authenticated administrators to inject arbitrary web script or HTML via (4) user names, (5) the cluster name; or allow RabbitMQ cluster administrators to (6) modify unspecified content.
CVE-2015-6402 1 Cisco 1 Epc3928 Docsis 3.0 8x4 Wireless Residential Gateway With Embedded Digital Voice Adapter 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the management interface on Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCux24935.
CVE-2015-6400 1 Cisco 1 Emergency Responder 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 10.5(1a) allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug ID CSCuv25547.
CVE-2015-0774 1 Cisco 1 Application And Content Networking System Software 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Cisco Application and Content Networking System (ACNS) 5.5(9) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuu70650.
CVE-2015-0766 1 Cisco 1 Firesight System Software 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in the Management Center component in Cisco FireSIGHT System Software 6.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug IDs CSCus93566, CSCut31557, and CSCut47196.
CVE-2015-0714 1 Cisco 1 Finesse 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCut53595.
CVE-2014-3885 1 Webmin 1 Webmin 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.
CVE-2015-0707 1 Cisco 1 Firesight System Software 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Cisco FireSIGHT System Software 5.3.1.1 and 6.0.0 in FireSIGHT Management Center allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCus85425.
CVE-2015-0696 1 Cisco 1 Telepresence Tc Software 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the login page in Cisco TC Software before 7.1.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq94977.
CVE-2016-7882 1 Adobe 1 Experience Manager 2025-04-12 N/A
Adobe Experience Manager versions 6.2 and earlier have an input validation issue in the WCMDebug filter that could be used in cross-site scripting attacks.
CVE-2016-6634 1 Wordpress 1 Wordpress 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the network settings page in WordPress before 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-6238 1 Sumome 1 Google Analyticator 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Google Analyticator plugin before 6.4.9.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) ga_adsense, (2) ga_admin_disable_DimentionIndex, (3) ga_downloads_prefix, (4) ga_downloads, or (5) ga_outbound_prefix parameter in the google-analyticator page to wp-admin/admin.php.
CVE-2014-1820 1 Microsoft 1 Sql Server 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Master Data Services (MDS) in Microsoft SQL Server 2012 SP1 and 2014 on 64-bit platforms allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "SQL Master Data Services XSS Vulnerability."
CVE-2015-5714 1 Wordpress 1 Wordpress 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags.
CVE-2015-6099 1 Microsoft 1 .net Framework 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in ASP.NET in Microsoft .NET Framework 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka ".NET Elevation of Privilege Vulnerability."
CVE-2015-0284 1 Redhat 3 Network Satellite, Satellite, Spacewalk-java 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-7811.
CVE-2015-2949 1 Zenphoto 1 Zenphoto 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in ZenPhoto20 1.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-4189 1 Hitachi 2 Jp1\/performance Management-manager Web Option, Tuning Manager 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-4187 1 Clip-bucket 1 Clipbucket 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in signup.php in ClipBucket allows remote attackers to inject arbitrary web script or HTML via the Username field.
CVE-2014-6079 1 Ibm 5 Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance, Security Access Manager For Web 7.0 Firmware and 2 more 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.