CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/02/03 4:52 p.m.•5 views

CVE-2019-25265

CVE-2019-25265 affects Online Inventory Manager 3.2, with a stored cross-site scripting flaw in the group description field of the admin Edit Groups page. The vulnerability allows injecting JavaScript that executes when the groups page is viewed, potentially enabling cookie theft and client-side ...

ATTACKERKB•added 2026/02/03 4:52 p.m.•3 views

CVE-2019-25265

Exploits0References4Affected Software1

EUVD•added 2026/02/03 4:52 p.m.•2 views

EUVD-2019-19380

Vulnrichment•added 2026/02/03 4:52 p.m.•3 views

CVE-2019-25265 Online Inventory Manager 3.2 - Persistent Cross-Site Scripting

Cvelist•added 2026/02/03 4:52 p.m.•28 views

CVE-2019-25265 Online Inventory Manager 3.2 - Persistent Cross-Site Scripting

6.4CVSS0.00062EPSS

RedhatCVE•added 2026/01/07 9:31 a.m.•2 views

CVE-2019-16685

Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation...

5.4CVSS5.8AI score0.00156EPSS

Exploits1References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2021-30272

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00284EPSS

Tenable Nessus•added 2025/09/10 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2019-16685

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the Create/modify other users, groups and permissions...

5.4CVSS5.7AI score0.00156EPSS

RedhatCVE•added 2025/07/05 8:27 a.m.•3 views

CVE-2024-9017

The PeepSo Core: Groups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Group Description field in all versions up to, and including, 6.4.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

7.2CVSS5.5AI score0.00164EPSS

Exploits0References1

NVD•added 2025/07/03 7:15 a.m.•4 views

CVE-2024-9017

6.4CVSS0.00164EPSS

Exploits0References2

RedhatCVE•added 2025/05/22 6:52 p.m.•5 views

CVE-2021-43334

BuddyBoss Platform through 1.8.0 allows XSS via the Group Name or Group Description field...

5.4CVSS5.9AI score0.00284EPSS

Exploits1

SUSE CVE•added 2024/05/07 2:39 a.m.•1 views

SUSE CVE-2024-34483

OFPGroupDescStats in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service infinite loop via OFPBucket.len=0...

7.5CVSS6.8AI score0.00639EPSS

Exploits1References3

Positive Technologies•added 2024/05/04 12:0 a.m.•2 views

PT-2024-25934 · Unknown · Faucet Sdn Ryu

Name of the Vulnerable Software and Affected Versions: Faucet SDN Ryu version 4.34 Description: The issue allows attackers to cause a denial of service infinite loop via OFPBucket.len=0 in OFPGroupDescStats in parser.py. Recommendations: For version 4.34, consider disabling the OFPGroupDescStats...

7.5CVSS7.2AI score0.00639EPSS

Exploits1References8

ATTACKERKB•added 2023/10/24 12:15 a.m.•1 views

CVE-2023-46058

Cross Site Scripting XSS vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the grpdesc parameter of the admin/group.php component...

4.8CVSS6.2AI score0.0022EPSS

OSV•added 2023/07/11 1:15 a.m.•0 views

CVE-2023-37191

A stored cross-site scripting XSS vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Group and Description parameters...

4.8CVSS5.9AI score0.00567EPSS