CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7604 matches found

RedhatCVE•added 2025/05/22 6:14 p.m.•9 views

CVE-2021-20727

Cross-site scripting vulnerability in Zettlr from 0.20.0 to 1.8.8 allows an attacker to execute an arbitrary script by loading a file or code snippet containing an invalid iframe into Zettlr...

6.1CVSS6.8AI score0.00301EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 6:10 p.m.•6 views

CVE-2021-40925

Cross-site scripting XSS vulnerability in dompdf/dompdf/www/demo.php infaveo-helpdesk v1.11.0 and below allow remote attackers to inject arbitrary web script or HTML via the $SERVER"PHPSELF" parameter...

6.1CVSS5.9AI score0.00283EPSS

Exploits1

RedhatCVE•added 2025/05/22 5:48 p.m.•4 views

CVE-2020-3420

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of...

5.4CVSS6AI score0.00128EPSS

Exploits0

RedhatCVE•added 2025/05/22 5:48 p.m.•3 views

CVE-2020-3532

A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to...

6.1CVSS6AI score0.00168EPSS

Exploits0

RedhatCVE•added 2025/05/22 5:45 p.m.•6 views

CVE-2020-23214

A stored cross site scripting XSS vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Configure categories" field under the "Categorise Lists" module...

5.4CVSS5.5AI score0.00261EPSS

Exploits1

RedhatCVE•added 2025/05/22 4:43 p.m.•6 views

CVE-2020-5613

Cross-site scripting vulnerability in KonaWiki 3.1.0 and earlier allows remote attackers to execute an arbitrary script via a specially crafted URL...

6.1CVSS6.9AI score0.00347EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 4:36 p.m.•3 views

CVE-2020-28955

SugarCRM v6.5.18 was discovered to contain a cross-site scripting XSS vulnerability in the Create Employee module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the First Name or Last Name input fields...

5.4CVSS6AI score0.00206EPSS

Exploits1

RedhatCVE•added 2025/05/22 4:36 p.m.•4 views

CVE-2020-28956

Multiple cross-site scripting XSS vulnerabilities in the Sales module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields...

5.4CVSS6.1AI score0.00206EPSS

Exploits1

RedhatCVE•added 2025/05/22 4:29 p.m.•11 views

CVE-2020-20781

A stored cross-site scripting XSS vulnerability in /ucms/index.php?do=listedit of UCMS 1.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title, key words, description or content text fields...

5.4CVSS5.5AI score0.00261EPSS

Exploits1

RedhatCVE•added 2025/05/22 4:29 p.m.•3 views

CVE-2020-20691

An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files...

6.5CVSS7.2AI score0.0023EPSS

Exploits1

RedhatCVE•added 2025/05/22 4:28 p.m.•5 views

CVE-2020-19292

A stored cross-site scripting XSS vulnerability in the /question/ask component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted question...

5.4CVSS5.5AI score0.00191EPSS

Exploits1

RedhatCVE•added 2025/05/22 4:28 p.m.•2 views

CVE-2020-19293

A stored cross-site scripting XSS vulnerability in the /article/add component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted article...

5.4CVSS5.5AI score0.00191EPSS

Exploits1

RedhatCVE•added 2025/05/22 4:7 p.m.•7 views

CVE-2020-21353

A stored cross site scripting XSS vulnerability in /admin/snippets.php of GetSimple CMS 3.4.0a allows attackers to execute arbitrary web scripts or HTML via crafted payload in the Edit Snippets module...

5.4CVSS5.6AI score0.00281EPSS

Exploits1

RedhatCVE•added 2025/05/22 3:49 p.m.•6 views

CVE-2020-18259

ED01-CMS v1.0 was discovered to contain a reflective cross-site scripting XSS vulnerability in the component sposts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Post title or Post content fields...

6.1CVSS6.1AI score0.00223EPSS

Exploits1

RedhatCVE•added 2025/05/22 3:46 p.m.•6 views

CVE-2020-23207

A stored cross site scripting XSS vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Edit Values" field under the "Configure Attributes" module...

5.4CVSS5.5AI score0.00261EPSS

Exploits1

RedhatCVE•added 2025/05/22 3:46 p.m.•6 views

CVE-2020-20696

A cross-site scripting XSS vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field...

5.4CVSS5.7AI score0.00261EPSS

Exploits1

RedhatCVE•added 2025/05/22 3:39 p.m.•4 views

CVE-2020-5625

Cross-site scripting vulnerability in XooNIps 3.48 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors...

6.1CVSS6.7AI score0.00435EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 3:39 p.m.•6 views

CVE-2020-5586

Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors...

4.8CVSS6.5AI score0.00352EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 3:26 p.m.•5 views

CVE-2020-24692

The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow an attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session...

7.1CVSS7.7AI score0.00143EPSS

Exploits0

RedhatCVE•added 2025/05/22 3:23 p.m.•3 views

CVE-2020-26641

A Cross Site Request Forgery CSRF vulnerability was discovered in iCMS 7.0.16 which can allow an attacker to execute arbitrary web scripts...

8.8CVSS7.7AI score0.00145EPSS

Exploits1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by