Lucene search
K

1118088 matches found

Nuclei
Nuclei
added 20 hours ago12 views

WordPress Qwizcards < 3.95 - Cross-Site Scripting (Reflected)

The WordPress Qwizcards plugin before version 3.95 does not sanitise and escape the "themestylesheet" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting vulnerability. id: CVE-2025-6174 info: name: WordPress Qwizcards alert'randstr'" matchers...

6.1CVSS6.1AI score0.0046EPSS
Exploits0References2
Nuclei
Nuclei
added 20 hours ago28 views

Apache2 - Transfer-Encoding Chunked XSS

Apache2 PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 contain a reflected cross-site scripting vulnerability caused by mishandling of chunked transfer-encoding requests in sapi/apache2handler/sapiapache2.c. Attackers can execute malicious scripts via crafted...

6.1CVSS6.7AI score0.04103EPSS
Exploits1References5
Nuclei
Nuclei
added 20 hours ago13 views

PHP Login System 2.0.1 - Cross-Site Scripting

msaad1999's PHP-Login-System 2.0.1 contains a reflected cross-site scripting caused by unsanitized input in 'validator' parameter in /reset-password, letting remote attackers execute arbitrary JavaScript in a user's browser, exploit requires attacker to craft malicious URL id: CVE-2023-38875 info...

6.1CVSS6.6AI score0.00824EPSS
Exploits0References2
Nuclei
Nuclei
added 20 hours ago18 views

Abandoned Cart Lite for WooCommerce < 5.2.0 - Cross-Site Scripting

The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping. i...

7.2CVSS6.4AI score0.01353EPSS
Exploits1References4
Nuclei
Nuclei
added 20 hours ago11 views

Zimbra Collaboration Suite < 8.8.15 - Improper Encoding

An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 update 1, as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing...

6.1CVSS6.8AI score0.3106EPSS
Exploits2References2
Nuclei
Nuclei
added 20 hours ago23 views

Odoo Apps - Cross-Site Scripting via Prototype Pollution

jquery-bbq 1.2.1 contains a prototype pollution caused by improperly controlled modification of object prototype attributes, letting malicious users inject properties into Object.prototype, exploit requires malicious user interaction. id: CVE-2021-20086 info: name: Odoo Apps - Cross-Site Scriptin...

8.8CVSS7AI score0.06104EPSS
Exploits1References2
Nuclei
Nuclei
added 20 hours ago18 views

GestioIP - Reflected Cross-Site Scripting

GestioIP v3.5.7 contains a reflected cross-site scripting caused by unsanitized input in the ipdojob request, letting attackers execute scripts in the victim's browser, exploit requires specific user permissions. id: CVE-2024-50857 info: name: GestioIP - Reflected Cross-Site Scripting author:...

4.8CVSS6.1AI score0.01172EPSS
Exploits3References4
Nuclei
Nuclei
added 20 hours ago45 views

RiteCMS 3.0.0 - Cross-site Scripting

RiteCMS v3.0.0 contains a reflected XSS caused by unsanitized input in the mainmenu/editsection component, letting attackers execute arbitrary scripts in the context of the victim's browser. id: CVE-2024-28623 info: name: RiteCMS 3.0.0 - Cross-site Scripting author: 0xAkoko severity: medium...

6.1CVSS6.3AI score0.01317EPSS
Exploits4References2
Nuclei
Nuclei
added 20 hours ago51 views

Hospital Management System 1.0 - Cross-Site Scripting

Hospital Management System 1.0 contains a cross-site scripting vulnerability via the searchdata parameter in doctor/search.php and patient-search.php. id: CVE-2021-39411 info: name: Hospital Management System 1.0 - Cross-Site Scripting author: arafatansari severity: high description: | Hospital...

6.1CVSS6.4AI score0.0089EPSS
Exploits0References2
Nuclei
Nuclei
added 20 hours ago16 views

Complete Online Job Search System 1.0 - Cross-Site Scripting

Complete Online Job Search System 1.0 contains a cross-site scripting vulnerability via index.php?q=advancesearch. id: CVE-2022-29316 info: name: Complete Online Job Search System 1.0 - Cross-Site Scripting author: arafatansari severity: high description: | Complete Online Job Search System 1.0...

9.8CVSS7AI score0.03139EPSS
Exploits0References2
Nuclei
Nuclei
added 20 hours ago11 views

Gnuboard 5 - Cross-Site Scripting

Gnuboard 5 contains a cross-site scripting vulnerability via the $GET'LGDOID' parameter. id: CVE-2021-3831 info: name: Gnuboard 5 - Cross-Site Scripting author: arafatansari severity: medium description: | Gnuboard 5 contains a cross-site scripting vulnerability via the $GET'LGDOID' parameter...

7.1CVSS6.7AI score0.01812EPSS
Exploits1References3
Nuclei
Nuclei
added 20 hours ago45 views

Aruba Instant Access Point (IAP) - Cross-Site Scripting

A remote cross-site scripting xss vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below;...

6.1CVSS6.7AI score0.16372EPSS
Exploits3References2
Nuclei
Nuclei
added 20 hours ago55 views

JoomlaUX JUX Real Estate 3.4.0 - Reflected XSS

A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla. It has been classified as problematic. Affected is an unknown function of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties. The manipulation of the argument Itemid/jpyearbuilt leads to cross...

6.1CVSS4.3AI score0.0097EPSS
Exploits2References3
Nuclei
Nuclei
added 20 hours ago33 views

Bootstrap Multiselect <= 1.1.2 - Cross-Site Scripting

A PHP script in the source code release echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting XSS vulnerability exploitable through Cross-Site Request Forgery CSRF. id: CVE-2025-47204 info: name: Bootstr...

6.1CVSS6.2AI score0.00424EPSS
Exploits0References1
Nuclei
Nuclei
added 20 hours ago19 views

System Dashboard < 2.8.10 - Cross-Site Scripting

The System Dashboard WordPress plugin before 2.8.10 does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks through header injection, specifically in the X-Forwarded-For header. id: CVE-2023-7246...

5.4CVSS6.1AI score0.00813EPSS
Exploits2References3
Nuclei
Nuclei
added 20 hours ago22 views

TP-Link Archer A20 v3 Router - Cross-site Scripting

The TP-Link Archer A20 v3 router is vulnerable to Cross-site Scripting XSS due to improper handling of directory listing paths in the web interface. When a specially crafted URL is visited, the router's web page renders the directory listing and executes arbitrary JavaScript embedded in the URL...

4.8CVSS7.2AI score0.00875EPSS
Exploits0References2
Nuclei
Nuclei
added 20 hours ago17 views

phpMyFAQ < 3.1.8 - Cross-Site Scripting

phpMyFAQ versions prior to 3.1.8 contain a reflected cross-site scripting vulnerability in the search functionality. The application fails to properly sanitize user input in the search parameter, allowing attackers to inject and execute malicious JavaScript code in the context of other users'...

7.3CVSS6.8AI score0.05743EPSS
Exploits3References3
Nuclei
Nuclei
added 20 hours ago64 views

Microweber < 1.2.17 - Cross-Site Scripting

Cross-site Scripting XSS vulnerability in the /demo/editortools/module endpoint via the 'type' parameter. id: CVE-2022-2130 info: name: Microweber 1.2.17 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Cross-site Scripting XSS vulnerability in the...

6.5CVSS6.6AI score0.02907EPSS
Exploits1References2
Nuclei
Nuclei
added 20 hours ago44 views

Give WP Plugin < 3.19.0 - Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2024-11921 info: name: Give WP Plugin 3.19.0 - Cross-Site Scripting author: Splint3r7...

4.8CVSS7AI score0.00794EPSS
Exploits1References2
Nuclei
Nuclei
added 20 hours ago35 views

WP-Optimize WordPress plugin < 3.2.13 - Cross-Site Scripting

The WP-Optimize WordPress plugin before 3.2.13 and SrbTransLatin WordPress plugin before 2.4.1 are vulnerable to cross-site scripting due to a third-party library that improperly handles HTML character escaping. id: CVE-2023-1119 info: name: WP-Optimize WordPress plugin 3.2.13 - Cross-Site...

6.1CVSS6.7AI score0.01099EPSS
Exploits2References2
Rows per page
Query Builder