CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

Vulnrichment•added 2026/01/28 6:43 a.m.•3 views

CVE-2025-14039 Simple Folio <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Client name' and 'Link' Meta Fields

The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'simplefolioitemclientname' and 'simplefolioitemlink' meta fields in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6AI score0.00019EPSS

Exploits0References6

Cvelist•added 2026/01/28 6:43 a.m.•29 views

CVE-2025-14039 Simple Folio <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Client name' and 'Link' Meta Fields

6.4CVSS0.00019EPSS

Exploits0References6

Positive Technologies•added 2026/01/28 12:0 a.m.•5 views

PT-2026-5064

The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ' simple folio item client name' and ' simple folio item link' meta fields in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS6AI score0.00019EPSS

Exploits0References7

NVD•added 2026/01/20 6:16 p.m.•3 views

CVE-2025-67263

Abacre Retail Point of Sale 14.0.0.396 is affected by a stored cross-site scripting XSS vulnerability in the Clients module. The application fails to properly sanitize user-supplied input stored in the Name and Surname fields. An attacker can insert malicious HTML or script content into these...

6.1CVSS0.00053EPSS

Exploits2References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2014-5232

Malware in sbrugna...

4.3CVSS6.4AI score0.00254EPSS

Exploits0References4

RedhatCVE•added 2025/05/23 8:16 a.m.•4 views

CVE-2024-36819

MAP-OS 4.45.0 and earlier is vulnerable to Cross-Site Scripting XSS. This vulnerability allows malicious users to insert a malicious payload into the "Client Name" input. When a service order from this client is created, the malicious payload is displayed on the administrator and employee...

5.4CVSS6.1AI score0.00217EPSS

Exploits0References1

ATTACKERKB•added 2023/12/25 7:15 a.m.•1 views

CVE-2023-31297

An issue was discovered in SESAMI planfocus CPTO Cash Point & Transport Optimizer 6.3.8.6 718. There is XSS via the Name field when modifying a client...

4.8CVSS5.8AI score0.00061EPSS

Exploits0References3