CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

359 matches found

RedhatCVE•added 2026/01/17 2:6 p.m.•3 views

CVE-2026-0695

In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user’s browser when the affected...

8.7CVSS7.1AI score0.00018EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:40 a.m.•6 views

CVE-2022-35224

SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. This attack can be used to non-permanently deface or modify portal content. The execution of script content by a...

6.1CVSS6AI score0.00557EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:20 a.m.•8 views

CVE-2021-33682

SAP Lumira Server version 2.4 does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. This would allow an attacker with basic level privileges to store a malicious script on SAP Lumira Server. The execution of the script content, by a victim...

5.4CVSS6AI score0.00235EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:20 a.m.•3 views

CVE-2021-33694

SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Administrator rights, to include malicious codes that get stored in the database, and when accessed, could be executed in the application, resulting in Stored Cross-Site Scripting...

5.9CVSS6.3AI score0.00156EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:20 a.m.•4 views

CVE-2021-33674

Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting XSS vulnerability when creating a new email and to execute arbitrary code on the victim's browser...

6.5CVSS6.2AI score0.00265EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:4 a.m.•4 views

CVE-2024-41735

SAP Commerce Backoffice does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability causing low impact on confidentiality and integrity of the application...

5.4CVSS5.9AI score0.00614EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:3 a.m.•4 views

CVE-2024-39594

SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting XSS vulnerability. After successful exploitation, an attacker can cause low impact on the confidentiality and integrity of the...

6.1CVSS6AI score0.00218EPSS

Exploits0References1

Snyk•added 2025/12/26 2:43 a.m.•3 views

Cross-site Scripting (XSS)

Overview httpbin is a HTTP Request and Response Service Affected versions of this package are vulnerable to Cross-site Scripting XSS via the endpoint /base64 which does not encode user-controllable parameters when outputting them on the current page. An attacker can inject and execute arbitrary...

5.1CVSS4.5AI score0.00006EPSS

Exploits0References2

EUVD•added 2025/12/01 12:0 a.m.•2 views

EUVD-2025-199999

A cross-site scripting XSS vulnerability exists in the Blood Bank Management System within the abs.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg parameter,...

8.5CVSS5.4AI score0.00027EPSS

Exploits1References4

CNNVD•added 2025/11/20 12:0 a.m.•1 views

phpPgAdmin 安全漏洞

phpPgAdmin is an open source application of phppgadmin. The premier web-based administration tool for postgresql. A security vulnerability exists in phpPgAdmin 7.13.0 and prior versions, which stems from multiple components that do not properly encode or clean up user input, and could lead to a...

6.1CVSS5.8AI score0.00037EPSS

Exploits0References5

CNVD•added 2025/10/31 12:0 a.m.•4 views

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27647)

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from the pienumber parameter not being properly cleaned and encoded, which can be exploited by an attacker to inje...

5.4CVSS6.2AI score0.00024EPSS

Exploits0References1

RedhatCVE•added 2025/10/29 3:18 p.m.•2 views

CVE-2025-34305

IPFire versions prior to 2.29 Core Update 198 contain multiple stored cross-site scripting XSS vulnerabilities caused by a bug in the cleanhtml function /var/ipfire/header.pl that fails to apply HTML-entity encoding to user input. When an authenticated user submits data to affected endpoints - fo...

5.4CVSS6AI score0.00024EPSS

Exploits0References1

Veracode•added 2025/10/27 1:58 p.m.•3 views

Cross-site Scripting

dotnetnuke.core is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper encoding of user input in URL and template rendering, allowing attackers to inject malicious scripts that execute in victims’ browsers...

6.5CVSS6.5AI score0.00031EPSS

Exploits0References3Affected Software1

CVE•added 2025/10/21 12:0 a.m.•6 views

CVE-2025-60280

CVE-2025-60280 affects Bang Resto v1.0 and is described as a Cross-Site Scripting (XSS) vulnerability caused by insufficient input sanitization or output encoding. The vulnerability could allow attacker-controlled input to be rendered in the browser, enabling potential theft of session cookies, u...

6.1CVSS5.5AI score0.00034EPSS

Exploits1References2Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-14265

Malware in sbrugna...

5.4CVSS5.5AI score0.00281EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-14319

Malware in sbrugna...

6.1CVSS6.3AI score0.00418EPSS

Exploits0References4