CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7602 matches found

RedhatCVE•added 2025/05/23 12:13 a.m.•8 views

CVE-2022-27441

A stored cross-site scripting XSS vulnerability in TPCMS v3.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Phone text box...

4.8CVSS5.6AI score0.00219EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 12:6 a.m.•3 views

CVE-2022-25464

A stored cross-site scripting XSS vulnerability in the component /admin/contenttemp of DoraCMS v2.1.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

4.8CVSS5.6AI score0.00219EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 12:2 a.m.•6 views

CVE-2022-43079

A cross-site scripting XSS vulnerability in /admin/add-fee.php of Train Scheduler App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter...

6.1CVSS5.8AI score0.00356EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 11:59 p.m.•5 views

CVE-2022-43660

Improper neutralization of Server-Side Includes SSW within a web page in Movable Type series allows a remote authenticated attacker with Privilege of 'Manage of Content Types' may execute an arbitrary Perl script and/or an arbitrary OS command. Affected products/versions are as follows: Movable...

7.2CVSS7AI score0.00832EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 11:54 p.m.•6 views

CVE-2022-23391

A cross-site scripting XSS vulnerability in Pybbs v6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Search box...

6.1CVSS5.7AI score0.00223EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 11:49 p.m.•3 views

CVE-2022-43119

A cross-site scripting XSS vulnerability in Clansphere CMS v2011.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username parameter...

6.1CVSS5.8AI score0.00392EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 11:39 p.m.•3 views

CVE-2022-21158

A stored cross-site scripting vulnerability in marktext versions prior to v0.17.0 due to improper handling of the link with javascript: scheme inside the document may allow an attacker to execute an arbitrary script on the PC of the user using marktext...

5.4CVSS6.3AI score0.00195EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 11:5 p.m.•5 views

CVE-2022-34560

A cross-site scripting XSS vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the History parameter...

7.1CVSS5.8AI score0.00137EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 11:5 p.m.•6 views

CVE-2022-34561

A cross-site scripting XSS vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the video description parameter...

4.3CVSS5.8AI score0.00106EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 11:3 p.m.•5 views

CVE-2022-34140

A stored cross-site scripting XSS vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field...

5.4CVSS5.4AI score0.00314EPSS

Exploits7References1

RedhatCVE•added 2025/05/22 11:0 p.m.•4 views

CVE-2022-33151

Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified vectors...

6.1CVSS6.7AI score0.00189EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:56 p.m.•6 views

CVE-2022-32074

A stored cross-site scripting XSS vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file...

5.4CVSS5.5AI score0.00975EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:52 p.m.•4 views

CVE-2022-31455

A cross-site scripting XSS vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a user chat box...

6.1CVSS5.8AI score0.00096EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:45 p.m.•9 views

CVE-2022-45223

Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting XSS vulnerability in /Admin/add-student.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter...

4.8CVSS6.1AI score0.00369EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:45 p.m.•6 views

CVE-2022-45217

A cross-site scripting XSS vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Level parameter under the Add New System User module...

5.4CVSS5.8AI score0.00313EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 10:41 p.m.•3 views

CVE-2022-44959

webtareas 2.4p5 was discovered to contain a cross-site scripting XSS vulnerability in the component /meetings/listmeetings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

5.4CVSS6.1AI score0.00209EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 10:41 p.m.•4 views

CVE-2022-28715

Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors...

6.1CVSS6.6AI score0.00189EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:41 p.m.•4 views

CVE-2022-44955

webtareas 2.4p5 was discovered to contain a cross-site scripting XSS vulnerability in the Chat function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Messages field...

5.4CVSS6.1AI score0.00209EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 10:24 p.m.•3 views

CVE-2022-21799

Cross-site scripting vulnerability in ELECOM LAN router WRC-300FEBK-R firmware v1.13 and earlier allows an attacker on the adjacent network to inject an arbitrary script via unspecified vectors...

5.2CVSS6.6AI score0.00151EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:14 p.m.•6 views

CVE-2022-20833

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due t...

4.8CVSS5.9AI score0.00168EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by