CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2583 matches found

CVE-2026-52807

Summary (supported by provided docs): Gogs is affected by a DOM-based XSS in the New Issue page when a milestone name contains HTML/JS payloads. The root cause involves client-side rendering: milestone names are rendered with Go’s escaping in new_form.tmpl, but Semantic UI 2.4.2 uses preserveHTML...

4.8CVSS5.9AI score

Exploits0References4

Nuclei•added 19 hours ago•10 views

VDO.Ninja - DOM-Based Cross-Site Scripting

VDO.Ninja 28.0 to 28.3 contains a reflected XSS caused by improper sanitization of the room parameter in examples/control.html, letting remote attackers execute scripts, exploit requires crafted URL. id: CVE-2025-62613 info: name: VDO.Ninja - DOM-Based Cross-Site Scripting author: 0xAkoko severit...

6.9CVSS5.9AI score0.01099EPSS

Exploits0References3

Github Security Blog•added yesterday•7 views

Gogs has DOM-based XSS via Milestone Name on New Issue Page

Summary The fix for GHSA-vgjm-2cpf-4g7c DOM-based XSS via milestone selection was only applied to templates/repo/issue/viewcontent.tmpl but not to templates/repo/issue/newform.tmpl. An attacker can store an HTML/JavaScript payload in a milestone name, and when any user opens the New Issue page an...

4.8CVSS6AI score

Exploits0References5Affected Software1

RedhatCVE•added 2026/06/10 9:3 p.m.•7 views

CVE-2026-48268

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00207EPSS

Exploits0References1

RedhatCVE•added 2026/06/10 9:3 p.m.•8 views

CVE-2026-47985

5.4CVSS5.5AI score0.00207EPSS

Exploits0References1

CVE•added 2026/06/10 4:31 a.m.•18 views

CVE-2025-8444

The CVE-2025-8444 entry concerns the WordPress plugin Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates. A DOM-Based Stored Cross-Site Scripting vulnerability exists in all versions up to and including 2.6.7 due to insufficient input sanitization and output escapi...

6.4CVSS5.7AI score0.00155EPSS

Exploits0References2

Positive Technologies•added 2026/06/10 12:0 a.m.•9 views

PT-2026-48374

The Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the multiple parameters in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. Th...

6.4CVSS5.7AI score0.00155EPSS

Exploits0References3

EUVD•added 2026/06/09 6:30 p.m.•9 views

EUVD-2026-35708

5.4CVSS5.5AI score0.00283EPSS

Exploits0References2

EUVD•added 2026/06/09 6:30 p.m.•8 views

EUVD-2026-35631

5.4CVSS5.5AI score0.00207EPSS

Exploits0References2

EUVD•added 2026/06/09 6:30 p.m.•8 views

EUVD-2026-35623

5.4CVSS5.5AI score0.00283EPSS

Exploits0References2

NVD•added 2026/06/09 5:17 p.m.•10 views

CVE-2026-48268

5.4CVSS0.00207EPSS

Exploits0References1

NVD•added 2026/06/09 5:17 p.m.•10 views

CVE-2026-48258

5.4CVSS0.00283EPSS

Exploits0References1

NVD•added 2026/06/09 5:17 p.m.•8 views

CVE-2026-47986

5.4CVSS0.00207EPSS

Exploits0References1

NVD•added 2026/06/09 5:17 p.m.•9 views

CVE-2026-47935

5.4CVSS0.00207EPSS

Exploits0References1

CVE•added 2026/06/09 4:48 p.m.•15 views

CVE-2026-47935

Adobe Experience Manager version range affected: 6.5.24, LTS SP1, 2026.04 and earlier. The issue is a DOM-based Cross-Site Scripting (XSS) vulnerability that an attacker can exploit by manipulating the DOM to execute malicious JavaScript in a victim’s browser. Exploitation requires user interacti...

5.4CVSS5.5AI score0.00207EPSS

Exploits0References1Affected Software1

CVE•added 2026/06/09 4:48 p.m.•16 views

CVE-2026-48268

Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability affecting versions 6.5.24, LTS SP1, 2026.04 and earlier. The issue allows an attacker to manipulate the DOM to execute malicious JavaScript in the victim’s browser, requiring user interaction (victim visi...

5.4CVSS5.5AI score0.00207EPSS

Exploits0References1Affected Software1

CVE•added 2026/06/09 4:48 p.m.•14 views

CVE-2026-47989

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based XSS vulnerability. An attacker could leverage DOM manipulation to run malicious JavaScript in a victim’s browser, requiring user interaction (visiting a crafted page). CVSS3.1 shows a base score of ...

5.4CVSS5.5AI score0.00207EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/06/09 4:48 p.m.•33 views

CVE-2026-48258 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

5.4CVSS0.00283EPSS

Exploits0References1

CVE•added 2026/06/09 4:48 p.m.•13 views

CVE-2026-47986

CVE-2026-47986 affects Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier. It is a DOM-based Cross‑Site Scripting (XSS) vulnerability where an attacker can cause malicious JavaScript to run in a victim’s browser by manipulating the DOM; exploitation requires the user to visit ...

5.4CVSS5.5AI score0.00207EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/06/09 4:48 p.m.•30 views

CVE-2026-47983 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

5.4CVSS0.00207EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by