CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15788 matches found

Vulnrichment•added 2025/07/10 12:0 a.m.•4 views

CVE-2025-28243

An issue in Alteryx Server v.2023.1.1.460 allows HTML injection via a crafted script to the pages component...

7AI score0.00315EPSS

Exploits1References2

CVE•added 2025/07/10 12:0 a.m.•23 views

CVE-2025-28243

CVE-2025-28243 affects Alteryx Server v2023.1.1.460, with the Pages component vulnerable to HTML injection via a crafted script. The CVSS v3.1 vector indicates NETWORK access, HIGH impact to confidentiality and integrity, user interaction required, and no availability impact. Root cause details a...

8CVSS7AI score0.00315EPSS

Exploits1References2Affected Software1

CNNVD•added 2025/07/10 12:0 a.m.•3 views

Alteryx Server 跨站脚本漏洞

Alteryx Server is a cloud-hosted or self-hosted application from Alteryx, Inc. for publishing, sharing and executing workflows. A security vulnerability exists in Alteryx Server version 2023.1.1.460, which stems from the pages component that may allow HTML injection via specially crafted scripts...

8CVSS7AI score0.00315EPSS

Exploits1References3

Cvelist•added 2025/07/10 12:0 a.m.•16 views

CVE-2025-28243

An issue in Alteryx Server v.2023.1.1.460 allows HTML injection via a crafted script to the pages component...

0.00315EPSS

Exploits1References2

NVD•added 2025/07/08 1:15 a.m.•2 views

CVE-2025-31326

SAP�BusinessObjects Business�Intelligence Platform Web Intelligence is vulnerable to HTML Injection, allowing an attacker with basic user privileges to inject malicious code into specific input fields. This could lead to unintended redirects or manipulation of application behavior, such as...

4.1CVSS0.00229EPSS

Exploits0References2

CVE•added 2025/07/08 12:34 a.m.•22 views

CVE-2025-31326

CVE-2025-31326 affects SAP BusinessObjects Business Intelligence Platform (Web Intelligence). HTML Injection is possible in specific input fields with only basic user privileges, potentially causing unintended redirects or manipulation of application behavior. Impact is limited to integrity; conf...

4.1CVSS6.5AI score0.00229EPSS

Exploits0References2

Cvelist•added 2025/07/08 12:34 a.m.•8 views

CVE-2025-31326 HTML Injection vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)

4.1CVSS0.00229EPSS

Exploits0References2

Vulnrichment•added 2025/07/08 12:34 a.m.•5 views

CVE-2025-31326 HTML Injection vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)

4.1CVSS6.5AI score0.00229EPSS

Exploits0References2

CNNVD•added 2025/07/08 12:0 a.m.•3 views

SAP BusinessObjects Business Intelligence Platform 安全漏洞

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and quickly and...

4.1CVSS6.6AI score0.00229EPSS

Exploits0References3

RedhatCVE•added 2025/07/05 8:4 p.m.•5 views

CVE-2025-53370

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. From versions 1.9.4 to before 3.4.0, short descriptions set via the ShortDescription extension are inserted as raw HTML by the Citizen skin, allowing any user to insert arbitrary HTML into the DOM by editing a page...

8.6CVSS6.2AI score0.003EPSS

Exploits1References1

Github Security Blog•added 2025/07/03 9:38 p.m.•10 views

Citizen Short Description stored XSS vulnerability through wikitext

Summary Short descriptions are not properly sanitized by the ShortDescription before being inserted as HTML using mw.util.addSubtitle, allowing any user to insert arbitrary HTML into the DOM by editing a page. Details The description provided by the user via the SHORTDESC: parser function is...

8.6CVSS7AI score0.00289EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2025/07/03 7:57 p.m.•3 views

CVE-2025-53369 Citizen Short Description stored XSS vulnerability through wikitext

Short Description is a MediaWiki extension that provides local short description support. In version 4.0.0, short descriptions are not properly sanitized before being inserted as HTML using mw.util.addSubtitle, allowing any user to insert arbitrary HTML into the DOM by editing a page. This issue...

8.6CVSS6.8AI score0.00289EPSS

Exploits0References2

OSV•added 2025/07/03 7:57 p.m.•6 views

CVE-2025-53369 Citizen Short Description stored XSS vulnerability through wikitext

8.6CVSS6.3AI score0.00289EPSS

Exploits0References4

Vulnrichment•added 2025/07/03 7:45 p.m.•3 views

CVE-2025-53370 Citizen stored XSS vulnerability through short descriptions

8.6CVSS6.2AI score0.003EPSS

Exploits1References3

OSV•added 2025/07/03 7:45 p.m.•5 views

CVE-2025-53370 Citizen stored XSS vulnerability through short descriptions

8.6CVSS6.5AI score0.003EPSS

Exploits1References5

Debian•added 2025/07/03 6:21 p.m.•7 views

[SECURITY] [DSA 5957-1] mediawiki security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5957-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 03, 2025 https://www.debian.org/security/faq -...

8.8CVSS6.5AI score0.00454EPSS

Exploits0

NVD•added 2025/07/03 5:15 p.m.•6 views

CVE-2025-48939

tarteaucitron.js is a compliant and accessible cookie banner. Prior to version 1.22.0, a vulnerability was identified in tarteaucitron.js where document.currentScript was accessed without verifying that it referenced an actual element. If an attacker injected an HTML element, it could clobber the...

4.2CVSS0.00176EPSS

Exploits1References2

OSSF Malicious Packages•added 2025/07/03 4:49 p.m.•5 views

Malicious code in 182-23run (npm)

The package is malicious due to HTML injection in index.js redirecting to adult/malicious sites and a YARA match on a suspicious URL...

7.1AI score

Exploits0References1

OSV•added 2025/07/03 4:49 p.m.•3 views

MAL-2025-5831 Malicious code in 182-23run (npm)

The package is malicious due to HTML injection in index.js redirecting to adult/malicious sites and a YARA match on a suspicious URL...

7.1AI score

Exploits0References1

Cvelist•added 2025/07/03 4:11 p.m.•8 views

CVE-2025-53502 HTML injection in FeaturedFeeds

Improper Input Validation vulnerability in Wikimedia Foundation Mediawiki - FeaturedFeeds Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - FeaturedFeeds Extension: 1.39.X, 1.42.X, 1.43.X...

0.00206EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by