CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6892 matches found

AppServ Open Project <=2.5.10 - Cross-Site Scripting

AppServ Open Project 2.5.10 and earlier contains a cross-site scripting vulnerability in index.php which allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter. id: CVE-2008-2398 info: name: AppServ Open Project =2.5.11 or apply the necessary security patches...

4.3CVSS5.1AI score0.06232EPSS

Exploits1References3

Nuclei•added yesterday•27 views

Cofax <=2.0RC3 - Cross-Site Scripting

Cofax 2.0 RC3 and earlier contains a cross-site scripting vulnerability in search.htm which allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter. id: CVE-2005-4385 info: name: Cofax =2.0RC3 - Cross-Site Scripting author: geeknik severity: medium descriptio...

4.3CVSS5.1AI score0.08011EPSS

Exploits0References4

Nuclei•added yesterday•155 views

SPIP <3.1.2 - Cross-Site Scripting

SPIP 3.1.2 and earlier contains a cross-site scripting vulnerability in validerxml.php which allows remote attackers to inject arbitrary web script or HTML via the varurl parameter in a validerxml action. id: CVE-2016-7981 info: name: SPIP 3.1.2 - Cross-Site Scripting author: pikpikcu severity:...

6.1CVSS6.6AI score0.08216EPSS

Exploits2References5

Nuclei•added yesterday•23 views

WordPress Integrator 1.32 - Cross-Site Scripting

A cross-site scripting vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirectto parameter to wp-login.php. id: CVE-2012-5913 info: name: WordPress Integrator 1.32 - Cross-Site Scripti...

4.3CVSS5.2AI score0.08732EPSS

Exploits1References5

Packet Storm News•added 2026/02/02 12:0 a.m.•5 views

miniBB 3.1 Cross Site Scripting

A cross site scripting vulnerability exists in miniBB Forum version 3.1. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

5.2AI score

Exploits0

RedhatCVE•added 2026/01/09 12:39 p.m.•7 views

CVE-2023-29636

Cross site scripting XSS vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default configuration not using MyBlogUtils.cleanString...

5.4CVSS5.7AI score0.00414EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 12:38 p.m.•4 views

CVE-2023-50566

A stored cross-site scripting XSS vulnerability in EyouCMS-V1.6.5-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Registration Number parameter...

5.4CVSS5.6AI score0.00375EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 12:35 p.m.•4 views

CVE-2023-45957

A stored cross-site scripting XSS vulnerability in the component admin/AdminRequestSqlController.php of thirty bees before 1.5.0 allows attackers to execute arbitrary web script or HTML via $e-getMessage error mishandling...

5.4CVSS5.6AI score0.00375EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:51 a.m.•4 views

CVE-2009-4387

The cross-site scripting XSS protection mechanism in ShowInContentAreaAction.do in ManageEngine Password Manager Pro PMP before 6.1 Build 6104 uses case-sensitive checks for malicious inputs, which allows remote attackers to inject arbitrary web script or HTML via the searchtext parameter and oth...

4.3CVSS5.9AI score0.01328EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 11:50 a.m.•6 views

CVE-2009-4780

Multiple cross-site scripting XSS vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via 1 the lang parameter in a sitemap action, 2 the search parameter in a search action, 3 the taggingid parameter in a search action, 4 the...

4.3CVSS5.8AI score0.01178EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 11:50 a.m.•6 views

CVE-2009-4069

Multiple cross-site scripting XSS vulnerabilities in GForge 4.5.14, 4.7.3, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.01679EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:43 a.m.•10 views

CVE-2010-0979

Cross-site scripting XSS vulnerability in display.php in Obsession-Design Image-Gallery ODIG 1.1 allows remote attackers to inject arbitrary web script or HTML via the folder parameter...

4.3CVSS5.9AI score0.01075EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 11:2 a.m.•5 views

CVE-2007-4741

Cross-site scripting XSS vulnerability in admin/adminusers.php in Claroline before 1.8.6 allows remote authenticated administrators to inject arbitrary web script or HTML via the sort parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

3.5CVSS5.4AI score0.00688EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:11 a.m.•5 views

CVE-2019-11564

A cross-site scripting XSS vulnerability in HumHub 1.3.12 allows remote attackers to inject arbitrary web script or HTML via a /protected/vendor/codeception/codeception/tests/data/app/view/index.php POST request...

6.1CVSS5.5AI score0.02627EPSS

Exploits5References1

RedhatCVE•added 2026/01/09 9:52 a.m.•4 views

CVE-2020-10453

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/search-users.php by adding a question mark ? followed by the payload...

4.8CVSS6.1AI score0.00733EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:50 a.m.•7 views

CVE-2020-24135

A Reflected Cross Site Scripting XSS Vulnerability was discovered in Wcms 0.3.2, which allows remote attackers to inject arbitrary web script and HTML via the type parameter to wex/cssjs.php...

6.1CVSS6AI score0.00903EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:45 a.m.•5 views

CVE-2015-0918

Cross-site scripting XSS vulnerability in the administrative backend in Sefrengo before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter to backend/main.php...

4.3CVSS5.9AI score0.01903EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:21 a.m.•6 views

CVE-2006-3025

Cross-site scripting XSS vulnerability in Cal.PHP3 in Chris Lea Lucid Calendar 0.22 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: the provenance of this information is unknown; the details are obtained from third party information...

6.8CVSS5.8AI score0.01143EPSS

Exploits0References1

CNVD•added 2025/10/17 12:0 a.m.•5 views

Centreon has an unspecified vulnerability (CNVD-2025-24647)

Centreon is a set of open source system monitoring tools from France's Centreon. The product mainly provides monitoring functions for resources such as network, system and application programs. Centreon has a security vulnerability that can be exploited by attackers to execute arbitrary Web scrip...

6.8CVSS7.1AI score0.00225EPSS

Exploits0References1