CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

41 matches found

NVD•added 2026/05/13 1:16 p.m.•5 views

CVE-2026-42948

Stored cross-site scripting vulnerability exists in ELECOM wireless LAN access point devices. If one of the administrators input malicious data, an arbitrary script may be executed in another administrative user's web browser...

4.8CVSS0.00031EPSS

Exploits0References2

Vulnrichment•added 2026/05/13 12:2 p.m.•5 views

CVE-2026-42948

4.8CVSS5.7AI score0.00031EPSS

Exploits0References2

Exploit DB•added 2026/04/29 12:0 a.m.•57 views

FacturaScripts 2025.43 - XSS

Exploit Title: FacturaScripts 2025.43 - XSS Date: 30-12-2025 Exploit Author: VETTRIVEL U Author Profile: https://www.linkedin.com/in/vettrivel2006 Vendor Homepage: https://facturascripts.com/ Software Link: https://github.com/NeoRazorX/facturascripts Affected Versions: = 2025.4, = 2025.11, =...

5.4CVSS5.2AI score0.00019EPSS

Exploits2

EUVD•added 2026/03/30 12:31 a.m.•3 views

EUVD-2026-17046

A non-administrative user can upload malicious files. When an administrator or the product accesses that file, an arbitrary script may be executed on the administrator's browser. Note that Movable Type 7 series and 8.4 series, which are End-of-Life EOL, are affected by the vulnerability as well...

8.8CVSS6.6AI score0.0002EPSS

Exploits0References7

ATTACKERKB•added 2026/02/19 12:2 p.m.•2 views

CVE-2019-25425

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the VIRUSADMIN parameter. Attackers can send POST requests to the smtpconfig endpoint with script payloads to execute arbitrary...

6.1CVSS5.6AI score0.00022EPSS

Exploits1References4Affected Software1

Cvelist•added 2026/02/19 12:2 p.m.•20 views

CVE-2019-25411 Comodo Dome Firewall 2.7.0 Cross-Site Scripting via DHCP

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the GATEWAYGREEN parameter. Attackers can send POST requests to the DHCP configuration endpoint with script payloads to execute arbitrary JavaScript...

6.1CVSS0.00022EPSS

Exploits1References4

Vulnrichment•added 2026/02/18 8:59 p.m.•2 views

CVE-2019-25398 IPFire 2.21 Core Update 127 Cross-Site Scripting via ovpnmain.cgi

IPFire 2.21 Core Update 127 contains multiple cross-site scripting vulnerabilities in the ovpnmain.cgi script that allow attackers to inject malicious scripts through VPN configuration parameters. Attackers can submit POST requests with script payloads in parameters like VPNIP, DMTU, ccdname,...

6.1CVSS5.6AI score0.00084EPSS

Exploits1References4

RedhatCVE•added 2026/02/05 7:26 a.m.•2 views

CVE-2026-23704

6.5CVSS6.6AI score0.0002EPSS

Exploits0References1

EUVD•added 2026/02/04 7:3 a.m.•4 views

EUVD-2026-5489

6.5CVSS5.5AI score0.0002EPSS

Exploits0References3

ATTACKERKB•added 2026/02/04 7:3 a.m.•6 views

CVE-2026-23704

6.5CVSS6.7AI score0.0002EPSS

Exploits0References4Affected Software2

Positive Technologies•added 2026/02/04 12:0 a.m.•2 views

PT-2026-6182

Name of the Vulnerable Software and Affected Versions Movable Type versions 7.x and 8.4.x Description A non-administrative user can upload malicious files. When an administrator or the product accesses these files, an arbitrary script may be executed on the administrator's browser. Recommendation...

6.5CVSS5.6AI score0.0002EPSS

Exploits0References5

CVE•added 2026/02/03 6:10 p.m.•8 views

CVE-2026-25522

Craft Commerce (for Craft CMS) has a stored XSS in the Shipping Zone (Name & Description) fields, affecting versions 4.0.0-RC1–4.10.0 and 5.0.0–5.5.1. The root cause is improper sanitization when rendering these fields in the admin panel, enabling attacker-controlled JavaScript execution in an ad...

6.1CVSS5.4AI score0.00034EPSS

Exploits1References4Affected Software1

Snyk•added 2026/01/27 7:47 p.m.•1 views

Cross-site Scripting (XSS)

Overview froxlor/froxlor is a server administration software. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the customer registration input fields. An attacker can execute arbitrary scripts in the context of an administrator's browser by injecting malicious...

6.4CVSS6AI score0.00019EPSS

Exploits0References2

NVD•added 2026/01/20 9:16 p.m.•4 views

CVE-2026-21642

HackerOne community member Patrick Lang 7yr has reported a reflected XSS vulnerability in the banner-acl.php and channel-acl.php scripts of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is...

6.1CVSS0.0005EPSS

Exploits0References1

ATTACKERKB•added 2026/01/09 4:19 p.m.•2 views

CVE-2026-22198

GestSup versions prior to 3.2.60 contain a pre-authentication stored cross-site scripting XSS vulnerability in the API error logging functionality. By sending an API request with a crafted X-API-KEY header value for example, to /api/v1/ticket.php, an unauthenticated attacker can cause...

6.1CVSS5.6AI score0.00053EPSS

Exploits0References3

CNNVD•added 2026/01/05 12:0 a.m.•2 views

Coolify 安全漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. A security vulnerability exists in Coolify v4.0.0-beta.420.6 and prior versions, which stems from the presence of stored cross-site scripting in the project creation process that could lead to t...

9.4CVSS6.5AI score0.00047EPSS

Exploits1References2

CNVD•added 2025/12/25 12:0 a.m.•1 views

Kentico Xperience Cross-Site Scripting Vulnerability (CNVD-2026-05120)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute malicious script in an administrator user's browser...

6.1CVSS5.9AI score0.00024EPSS

Exploits0References1

Snyk•added 2025/07/31 6:32 p.m.•2 views

Cross-site Scripting (XSS)

Overview microweber/microweber is a new generation CMS with drag and drop. Affected versions of this package are vulnerable to Cross-site Scripting XSS. , An attacker can execute arbitrary JavaScript code in the context of an administrator's browser by injecting malicious scripts into user profil...

7.6CVSS5.6AI score0.0052EPSS

Exploits1References2

RedhatCVE•added 2025/05/22 4:26 a.m.•3 views

CVE-2019-13080

Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability via an SVG image and HTML file that allows an authenticated user to execute arbitrary JavaScript in an administrator's browser...

5.4CVSS6.3AI score0.00338EPSS

Exploits0References1

Veracode•added 2025/04/10 4:36 a.m.•5 views

Cross-Site Scripting (XSS)

publifycore is vulnerable to cross-site scripting XSS. The vulnerability is due to improper input sanitization in the redirect functionality, allowing a publisher to execute scripts in an administrator's browser...

5.4CVSS6.2AI score0.00181EPSS

Exploits1References4Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by