CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

536 matches found

NVD•added 2026/01/23 3:16 p.m.•1 views

CVE-2026-24564

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Israpil Textmetrics webtexttool allows Code Injection.This issue affects Textmetrics: from n/a through = 3.6.5...

4.3CVSS0.00052EPSS

Exploits0References1

NVD•added 2026/01/22 5:15 p.m.•1 views

CVE-2025-47600

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in xtemos WoodMart woodmart allows Code Injection.This issue affects WoodMart: from n/a through = 8.3.7...

5.3CVSS0.00021EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:57 a.m.•7 views

CVE-2020-12815

An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields...

5.4CVSS6.4AI score0.0018EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:13 a.m.•5 views

CVE-2022-31187

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions were found to not properly neutralize HTML tags in the global search context. Users...

6.8CVSS6.7AI score0.00274EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:13 a.m.•3 views

CVE-2024-2736

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML Tags in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00214EPSS

Exploits0References1

OSV•added 2025/12/22 6:15 p.m.•2 views

GO-2025-4243 Libredesk has Improper Neutralization of HTML Tags in a Web Page in github.com/abhinavxd/libredesk

Libredesk has Improper Neutralization of HTML Tags in a Web Page in github.com/abhinavxd/libredesk...

8.6CVSS6.5AI score0.00035EPSS

Exploits1References1

NVD•added 2025/12/18 8:16 a.m.•2 views

CVE-2025-64225

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in colabrio Stockie Extra stockie-extra allows Code Injection.This issue affects Stockie Extra: from n/a through = 1.2.11...

6.5CVSS0.0005EPSS

Exploits0References1

EUVD•added 2025/12/16 9:31 a.m.•2 views

EUVD-2025-203594

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in colabrio Norebro Extra norebro-extra allows Code Injection.This issue affects Norebro Extra: from n/a through = 1.6.8...

5.3CVSS6AI score0.00043EPSS

Exploits0References2

Vulnrichment•added 2025/12/09 2:52 p.m.•1 views

CVE-2025-63068 WordPress Contact Form 7 Dynamic Text Extension plugin <= 5.0.5 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in sevenspark Contact Form 7 – Dynamic Text Extension contact-form-7-dynamic-text-extension allows Code Injection.This issue affects Contact Form 7 – Dynamic Text Extension: from n/a through = 5.0.5...

5.3CVSS5.2AI score0.00043EPSS

Exploits0References1

Positive Technologies•added 2025/12/09 12:0 a.m.•2 views

PT-2025-50068

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in sevenspark Contact Form 7 Dynamic Text Extension contact-form-7-dynamic-text-extension allows Code Injection.This issue affects Contact Form 7 Dynamic Text Extension: from n/a through = 5.0.3...

6.6AI score0.00043EPSS

Exploits0References2

Veracode•added 2025/12/08 11:7 a.m.•6 views

Cross-site Scripting

Apache SkyWalking is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper neutralization of script-related HTML tags, allowing attackers to inject malicious JavaScript into web pages...

6.1CVSS6AI score0.00258EPSS

Exploits0References6Affected Software1

CNVD•added 2025/12/03 12:0 a.m.•5 views

Apache SkyWalking Cross-Site Scripting Vulnerability (CNVD-2025-30566)

Apache SkyWalking is an application performance monitor from the Apache Foundation that is primarily used in environments such as microservices, cloud-native and container-based. A cross-site scripting vulnerability exists in Apache SkyWalking version 10.2.0 and earlier, which stems from not...

6.1CVSS6.1AI score0.00258EPSS

Exploits0References1

OSV•added 2025/11/27 11:15 a.m.•2 views

PYSEC-2025-154

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. If the name of the attendee contained HTML or Markdown formatting, this was rendered as HTML i...

6.1CVSS5.8AI score0.00028EPSS

Exploits0References2

CNNVD•added 2025/10/27 12:0 a.m.•1 views

WordPress plugin xSmart 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

4.3CVSS6.8AI score0.00032EPSS

Exploits0References1

Snyk•added 2025/10/15 7:29 p.m.•1 views

Cross-site Scripting (XSS)

Overview mailgen is a Generates clean, responsive HTML e-mails for sending transactional mail. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the generatePlaintext function. An attacker can execute arbitrary JavaScript code in the context of the victim's browser ...

6.3CVSS5.4AI score0.0013EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2005-4352

Malware in sbrugna...

2.6CVSS6.2AI score0.01415EPSS

Exploits1References11

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-11259

Malware in sbrugna...

5.4CVSS6.5AI score0.00072EPSS

Exploits0References4