Lucene search
K

1118088 matches found

Nuclei
Nuclei
added yesterday45 views

Contentful <=2020-05-21 - Cross-Site Scripting

Contentful through 2020-05-21 for Python contains a reflected cross-site scripting vulnerability via the api parameter to the-example-app.py. id: CVE-2020-13258 info: name: Contentful alert...

6.1CVSS6.4AI score0.0249EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday65 views

WordPress GTranslate <2.8.52 - Cross-Site Scripting

WordPress GTranslate plugin before 2.8.52 contains an unauthenticated reflected cross-site scripting vulnerability via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option. id: CVE-2020-11930 info: name: WordPress GTranslate 2.8.52 -...

6.1CVSS6.4AI score0.04457EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday68 views

WordPress Ultimate FAQ <1.8.30 - Cross-Site Scripting

WordPress Ultimate FAQ plugin before 1.8.30 is susceptible to cross-site scripting via DisplayFAQ to Shortcodes/DisplayFAQs.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.4AI score0.02195EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday35 views

Event Espresso Core-Reg 4.10.7.p - Cross-Site Scripting

Event Espresso Core-Reg 4.10.7.p is vulnerable to cross-site scripting in wp-content/plugins/event-espresso-core-reg/adminpages/messages/templates/eemsgadminoverview.template.php and allows remote attackers to inject arbitrary web script or HTML via the page parameter. id: CVE-2020-26153 info:...

6.1CVSS6.5AI score0.03796EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday103 views

Wing FTP 6.4.4 - Cross-Site Scripting

Wing FTP 6.4.4 is vulnerable to cross-site scripting via its web interface because an arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of sandboxed arbitrary HTML and JavaScript in the user's browser. id: CVE-2020-27735 info: name: Wing FTP...

6.1CVSS6.5AI score0.05626EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday13 views

Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting

Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting XSS via the key and redirect parameters in login.jsp. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution. id: CVE-2025-2709 info: name: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scriptin...

6.1CVSS6.1AI score0.00872EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday70 views

Aryanic HighMail (High CMS) - Cross-Site Scripting

A cross-site scripting vulnerability in Aryanic HighMail High CMS versions 2020 and before allows remote attackers to inject arbitrary web script or HTML, via 'user' to LoginForm. id: CVE-2020-23517 info: name: Aryanic HighMail High CMS - Cross-Site Scripting author: geeknik severity: medium...

6.1CVSS6.5AI score0.07051EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday117 views

Palo Alto Networks PAN-OS Web Interface - Cross Site-Scripting

PAN-OS management web interface is vulnerable to reflected cross-site scripting. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute...

8.8CVSS7AI score0.2389EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday71 views

McAfee ePolicy Orchestrator <5.10.9 Update 9 - Cross-Site Scripting

McAfee ePolicy Orchestrator before 5.10.9 Update 9 is vulnerable to a cross-site scripting vulnerability that allows administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized. reference: -...

4.6CVSS6.2AI score0.01024EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday60 views

Monstra CMS 3.0.4 - Cross-Site Scripting

Monstra CMS 3.0.4 contains a cross-site scripting vulnerability via the page feature in admin/index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials...

5.4CVSS6.7AI score0.01885EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday77 views

Extreme Management Center 8.4.1.24 - Cross-Site Scripting

Extreme Management Center 8.4.1.24 contains a cross-site scripting vulnerability via a parameter in a GET request. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

6.1CVSS6.5AI score0.04015EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday55 views

Rukovoditel <= 2.7.2 - Cross-Site Scripting

A stored cross site scripting XSS vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. id: CVE-2020-35987 info: name: Rukovoditel = 2.7.2 - Cross-Site...

5.4CVSS6.1AI score0.01287EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday75 views

Rukovoditel <= 2.7.2 - Cross Site Scripting

A stored cross site scripting XSS vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. id: CVE-2020-35986 info: name: Rukovoditel = 2.7.2 - Cross Sit...

5.4CVSS6.1AI score0.01287EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday132 views

Simple URLs < 115 - Cross Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2023-0099 info: name: Simple URLs 115 - Cross Site Scripting author: r3Y3r53 severit...

6.1CVSS6.4AI score0.01726EPSS
Exploits6References5
Nuclei
Nuclei
added yesterday59 views

MooDating 1.2 - Cross-Site Scripting

A vulnerability was found in mooSocial mooDating 1.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /friends/ajaxinvite of the component URL Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. id:...

6.1CVSS4.4AI score0.03648EPSS
Exploits4References4
Nuclei
Nuclei
added yesterday75 views

ChurchCRM 4.5.3 - Cross-Site Scripting

A stored Cross-site scripting XSS vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php. id: CVE-2023-26843 info: name: ChurchCRM 4.5.3 - Cross-Site Scripting author: Harsh severity: medium description: | A stored Cross-site scripti...

5.4CVSS6.3AI score0.0142EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday55 views

IceWarp Mail Server v10.4.5 - Cross-Site Scripting

IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting XSS vulnerability via the color parameter. id: CVE-2023-39700 info: name: IceWarp Mail Server v10.4.5 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | IceWarp Mail Server v10.4.5 was...

6.1CVSS6.4AI score0.01376EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday234 views

RealGimm by GruppoSCAI v1.1.37p38 - Cross-Site Scripting

Multiple reflected cross-site scripting XSS vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter. id:...

6.1CVSS6.5AI score0.01071EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday69 views

OpenCMS - Cross-Site Scripting

OpenCMS below 10.5.1 is vulnerable to Cross-Site Scripting vulnerability. id: CVE-2023-42343 info: name: OpenCMS - Cross-Site Scripting author: DhiyaneshDK severity: medium description: | OpenCMS below 10.5.1 is vulnerable to Cross-Site Scripting vulnerability. impact: | Unauthenticated attackers...

6.1CVSS7AI score0.0059EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday13 views

PHP Login System 2.0.1 - Cross-Site Scripting

msaad1999's PHP-Login-System 2.0.1 contains a reflected cross-site scripting caused by unsanitized input in 'validator' parameter in /reset-password, letting remote attackers execute arbitrary JavaScript in a user's browser, exploit requires attacker to craft malicious URL id: CVE-2023-38875 info...

6.1CVSS6.6AI score0.00824EPSS
Exploits0References2
Rows per page
Query Builder