CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

Vulnrichment•added 2026/05/20 6:0 p.m.•5 views

CVE-2026-47099 TeleJSON < 6.0.0 DOM-based XSS via parse() Function

TeleJSON prior to 6.0.0 contains a DOM-based cross-site scripting vulnerability in the parse function that allows attackers to execute arbitrary JavaScript by delivering a crafted JSON payload containing a malicious constructor-name property value. The custom reviver passes the constructor name...

6.1CVSS6AI score0.00036EPSS

Exploits0References3

Cvelist•added 2026/05/08 2:42 p.m.•21 views

CVE-2026-41575 th30d4y/IP: DOM-Based Cross-Site Scripting (XSS) Vulnerability

In th30d4y/IP from version 1.0.1 to before version 2.0.1, a DOM-Based Cross-Site Scripting XSS vulnerability was identified in an IP Reputation Checker application. Unsanitized user input was directly rendered in the browser, allowing attackers to execute arbitrary JavaScript. This issue has been...

6.1CVSS0.00033EPSS

Exploits0References1

ATTACKERKB•added 2026/04/08 8:30 a.m.•3 views

CVE-2026-39674

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Manoj Kumar MK Google Directions google-distance-calculator allows DOM-Based XSS.This issue affects MK Google Directions: from n/a through = 3.1.1...

5.9AI score0.00039EPSS

Exploits0References2

CVE•added 2025/12/30 10:47 a.m.•3 views

CVE-2025-68977

CVE-2025-68977 affects DesignThemes Portfolio Addon (designthemes-portfolio-addon) with a Stored Cross-Site Scripting vulnerability in versions up to 1.5. The Wordfence entry confirms an authenticated (Contributor+) context for exploitation, indicating the issue requires user credentials to trigg...

6.5CVSS6AI score0.00024EPSS

Exploits0References1

Cvelist•added 2025/12/18 4:16 p.m.•22 views

CVE-2025-64355 WordPress JetElements For Elementor plugin <= 2.7.12 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetElements For Elementor jet-elements allows DOM-Based XSS.This issue affects JetElements For Elementor: from n/a through = 2.7.12...

6.5CVSS0.00029EPSS

Exploits0References1

Vulnrichment•added 2025/10/29 8:38 a.m.•1 views

CVE-2025-64208 WordPress Jannah - Extensions plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TieLabs Jannah - Extensions jannah-extensions allows DOM-Based XSS.This issue affects Jannah - Extensions: from n/a through = 1.1.4...

6.5CVSS6AI score0.00031EPSS

Exploits0References1

Vulnrichment•added 2025/09/22 6:24 p.m.•1 views

CVE-2025-57954 WordPress Poll Maker Plugin <= 6.0.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro Poll Maker allows DOM-Based XSS. This issue affects Poll Maker: from n/a through 6.0.1...

6.5CVSS6AI score0.00081EPSS

Exploits0References1

Positive Technologies•added 2025/09/22 12:0 a.m.•2 views

PT-2025-38898

Name of the Vulnerable Software and Affected Versions Guaven Labs SQL Chart Builder versions through 2.3.7.2 Description A flaw exists in Guaven Labs SQL Chart Builder that allows for DOM-Based Cross-site Scripting XSS. This issue is due to improper neutralization of input during web page...

6.5CVSS6.7AI score0.00032EPSS

Exploits0References3

Positive Technologies•added 2024/11/19 12:0 a.m.•2 views

PT-2024-34952 · Alert Me! · Alert Me!

Name of the Vulnerable Software and Affected Versions: Alert Me! versions 0.4.0 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS. This means that an attacker could potentially inject malicious scripts into...

6.5CVSS6.8AI score0.00197EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by