CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

130 matches found

Snyk•added 2026/05/14 3:22 p.m.•1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the echoHandler process. An attacker can execute arbitrary scripts in the context of the victim's browser by enticing a user to visit a malicious web page that submits a crafted request body to the affected...

6.1CVSS5.8AI score0.00032EPSS

Exploits2References2

NVD•added 2026/04/08 5:16 a.m.•1 views

CVE-2026-3239

The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's testimonialview shortcode in all versions up to, and including, 3.2.21 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00037EPSS

Exploits0References2

NVD•added 2026/04/01 5:28 p.m.•2 views

CVE-2026-20090

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could...

4.8CVSS0.00039EPSS

Exploits0References1

CVE•added 2026/02/20 10:54 p.m.•4 views

CVE-2018-25158

Chamilo LMS 1.11.8 contains an arbitrary file upload vulnerability in the elfinder filemanager module. Authenticated users can upload files (with image headers) in the social myfiles area, rename them to PHP extensions, and execute arbitrary code by accessing the uploaded files. Impact is high fo...

8.8CVSS6.1AI score0.00082EPSS

Exploits0References3

NVD•added 2026/02/12 11:15 a.m.•3 views

CVE-2026-2276

Reflected Cross-Site Scripting XSS vulnerability in the Wix web application, where the endpoint ' https://manage.wix.com/account/account-settings ', responsible for uploading SVG images, does not properly sanitize the content. An authenticated attacker could upload an SVG file containing embedded...

5.3CVSS0.00023EPSS

Exploits0References1

ATTACKERKB•added 2026/02/11 2:56 p.m.•3 views

CVE-2019-25317

Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into timesheet descriptions. Attackers can insert SVG-based XSS payloads in the description field to execute arbitrary JavaScript when the page is loaded and viewed by other users...

6.4CVSS5.4AI score0.0001EPSS

Exploits1References4Affected Software1

EUVD•added 2026/02/04 4:11 p.m.•5 views

EUVD-2026-5423

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against users of the interface of an affected system. This vulnerability exists because the web-based management...

4.8CVSS5.8AI score0.00042EPSS

Exploits0References1

OSV•added 2026/01/15 5:16 p.m.•0 views

CVE-2026-20076

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied inpu...

4.8CVSS6AI score

Exploits0References1

RedhatCVE•added 2026/01/09 12:33 p.m.•5 views

CVE-2023-31506

A cross-site scripting XSS vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element...

5.4CVSS5.6AI score0.00046EPSS

Exploits1References1

Positive Technologies•added 2025/12/31 12:0 a.m.•5 views

PT-2025-54419

STVS ProVision 5.9.10 contains a cross-site scripting vulnerability in the 'files' POST parameter that allows authenticated attackers to inject arbitrary HTML code. Attackers can exploit the unvalidated input to execute malicious scripts within a user's browser session in the context of the...

5.4CVSS6.1AI score0.00025EPSS

Exploits1References7

CNVD•added 2025/12/25 12:0 a.m.•1 views

Kentico Xperience cross-site scripting vulnerability (CNVD-2026-04261)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...

5.1CVSS6AI score0.00022EPSS

Exploits0References1

CNNVD•added 2025/12/02 12:0 a.m.•1 views

SAMSUNG Account 安全漏洞

SAMSUNG Account is an account management software from Samsung South Korea. A security vulnerability exists in SAMSUNG Account versions prior to 15.5.01.1, which stems from improper input validation and could allow a local attacker to execute arbitrary script...

5.5CVSS6.9AI score0.00027EPSS

Exploits0References2

NVD•added 2025/11/27 10:15 a.m.•1 views

CVE-2025-59026

Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No public...

5.4CVSS0.00024EPSS

Exploits0References1

Positive Technologies•added 2025/11/27 12:0 a.m.•2 views

PT-2025-48258

5.4CVSS7.2AI score0.00024EPSS

Exploits0References2

Positive Technologies•added 2025/11/27 12:0 a.m.•2 views

PT-2025-48255

5.4CVSS7.2AI score0.00024EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2002-0343