CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3237 matches found

RedhatCVE•added 2025/03/15 4:38 a.m.•10 views

CVE-2025-25929

A reflected cross-site scripting XSS vulnerability in the component /legacyui/quickReportServlet of Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the reportType parameter...

5.4CVSS5.8AI score0.00109EPSS

Exploits1References1

NVD•added 2025/03/12 3:15 p.m.•9 views

CVE-2025-27915

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0 and 10.1. A stored cross-site scripting XSS vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its...

5.4CVSS0.26053EPSS

Exploits1References6

Cvelist•added 2025/03/12 12:0 a.m.•7 views

CVE-2025-27914

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0 and 10.1. A Reflected Cross-Site Scripting XSS vulnerability exists in the /h/rest endpoint, allowing authenticated attackers to inject and execute arbitrary JavaScript in a victim's session. Exploitation requires a valid auth token...

0.00046EPSS

Exploits0References2

CVE•added 2025/03/12 12:0 a.m.•52 views

CVE-2025-27914

CVE-2025-27914 affects Zimbra Collaboration (ZCS) 9.0, 10.0, and 10.1. It is a Reflected Cross-Site Scripting (XSS) vulnerability in the /h/rest endpoint that allows an authenticated attacker with a valid auth token to craft a URL which, when visited by a victim, can inject and execute arbitrary ...

5.4CVSS5.2AI score0.00046EPSS

Exploits0References2Affected Software1

NVD•added 2025/03/11 8:15 p.m.•7 views

CVE-2025-25929

5.4CVSS0.00109EPSS

Exploits1References1

CNNVD•added 2025/03/11 12:0 a.m.•1 views

OpenMRS 安全漏洞

OpenMRS is an open source electronic medical record system from OpenMRS, Inc. in the United States. A security vulnerability exists in OpenMRS version 2.4.3, which stems from a reflective cross-site scripting issue that could lead to arbitrary JavaScript execution...

5.4CVSS6.2AI score0.00109EPSS

Exploits1References2

Vulnrichment•added 2025/03/11 12:0 a.m.•6 views

CVE-2025-25929

6AI score0.00109EPSS

Exploits1References1

CVE•added 2025/03/11 12:0 a.m.•60 views

CVE-2025-25929

CVE-2025-25929 describes a reflected cross-site scripting (XSS) vulnerability in OpenMRS 2.4.3 Build 0ff0ed, affecting the component /legacyui/quickReportServlet. The issue allows an attacker to inject arbitrary JavaScript that executes in the context of a user’s browser via a crafted payload in ...

5.4CVSS5.7AI score0.00109EPSS

Exploits1References1Affected Software1

CNVD•added 2025/03/07 12:0 a.m.•7 views

Esri ArcGIS Server Cross-Site Scripting Vulnerability (CNVD-2025-05075)

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...

4.8CVSS6.5AI score0.0019EPSS

Exploits0References1

CNVD•added 2025/03/07 12:0 a.m.•9 views

Esri ArcGIS Server Cross-Site Scripting Vulnerability (CNVD-2025-05055)

4.8CVSS6.5AI score0.00108EPSS

Exploits0References1

RedhatCVE•added 2025/03/05 10:27 p.m.•17 views

CVE-2024-5888

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

4.8CVSS5.2AI score0.00108EPSS

Exploits0References3

RedhatCVE•added 2025/03/05 10:24 p.m.•11 views

CVE-2024-51944

4.8CVSS5.2AI score0.00108EPSS

Exploits0References3

RedhatCVE•added 2025/03/05 10:15 p.m.•13 views

CVE-2024-51959

4.8CVSS5.2AI score0.00108EPSS

Exploits0References3

RedhatCVE•added 2025/03/05 10:8 p.m.•9 views

CVE-2024-51950