CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

18 matches found

RedhatCVE•added 2025/10/28 2:38 a.m.•1 views

CVE-2025-62951

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in icc0rz H5P h5p allows Stored XSS.This issue affects H5P: from n/a through = 1.16.0...

6.5CVSS5.9AI score0.0003EPSS

Exploits0References1

EUVD•added 2025/10/27 3:30 a.m.•3 views

EUVD-2025-35991

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in icc0rz Interactive Content – H5P h5p allows Stored XSS.This issue affects Interactive Content – H5P: from n/a through = 1.16.0...

6.5CVSS5.5AI score0.0003EPSS

Exploits0References2

NVD•added 2025/10/27 2:15 a.m.•4 views

CVE-2025-62951

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in icc0rz H5P h5p allows Stored XSS.This issue affects H5P: from n/a through = 1.16.0...

6.5CVSS0.0003EPSS

Exploits0References1

Cvelist•added 2025/10/27 1:34 a.m.•6 views

CVE-2025-62951 WordPress H5P plugin <= 1.16.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in icc0rz H5P h5p allows Stored XSS.This issue affects H5P: from n/a through = 1.16.0...

6.5CVSS0.0003EPSS

Exploits0References1

CVE•added 2025/10/27 1:34 a.m.•4 views

CVE-2025-62951

CVE-2025-62951 concerns the WordPress plugin “Interactive Content – H5P” (icc0rz) with a stored XSS vulnerability. Public docs confirm the issue as: Improper Neutralization of Input During Web Page Generation, enabling stored XSS, affecting Interactive Content – H5P up to version 1.16.0. Red Hat ...

6.5CVSS5.9AI score0.0003EPSS

Exploits0References1

Vulnrichment•added 2025/10/27 1:34 a.m.•4 views

CVE-2025-62951 WordPress H5P plugin <= 1.16.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in icc0rz H5P h5p allows Stored XSS.This issue affects H5P: from n/a through = 1.16.0...

6.5CVSS5.2AI score0.0003EPSS

Exploits0References1

CNNVD•added 2025/10/27 12:0 a.m.•2 views

WordPress plugin Interactive Content – H5P 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerabilit...

6.5CVSS5.8AI score0.0003EPSS

Exploits0References1

Positive Technologies•added 2025/10/27 12:0 a.m.•2 views

PT-2025-43826

6.5CVSS5.9AI score0.0003EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-56246

Malicious code in bioql PyPI...

5.9CVSS6.4AI score0.00049EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 9:25 a.m.•3 views

CVE-2024-3111

The Interactive Content WordPress plugin before 1.15.8 does not validate uploads which could allow a Contributors and above to update malicious SVG files, leading to Stored Cross-Site Scripting issues...

7.1CVSS5.7AI score0.00143EPSS

Exploits2References1

OSV•added 2024/06/27 6:15 a.m.•0 views

CVE-2024-3111

5.4CVSS5.8AI score0.00143EPSS

Exploits2References1

NVD•added 2024/06/27 6:15 a.m.•18 views

CVE-2024-3111

7.1CVSS0.00143EPSS

Exploits2References1

Cvelist•added 2024/06/27 6:0 a.m.•23 views

CVE-2024-3111 H5P < 1.15.8 - Contributor+ Stored XSS

0.00143EPSS

Exploits2References1

CVE•added 2024/06/27 6:0 a.m.•54 views

CVE-2024-3111

CVE-2024-3111 affects Interactive Content (H5P) WordPress plugin pre-1.15.8. The issue: uploads are not validated, allowing Contributors and above to update SVG files, causing Stored XSS. Consequences are web-applicable on sites using affected plugin versions prior to 1.15.8. Remediation: upgrade...

7.1CVSS5.5AI score0.00143EPSS

Exploits2References1Affected Software1

NVD•added 2024/02/01 11:15 a.m.•10 views

CVE-2023-51534

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brave Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content allows Stored XSS.This issue affects Brave – Create Popup, Optins, Lead Generation, Survey, Sticky...

5.9CVSS5.7AI score0.00049EPSS

Exploits0References1

OSV•added 2024/02/01 11:15 a.m.•0 views

CVE-2023-51534

4.8CVSS7.3AI score0.00049EPSS

Exploits0References1

Prion•added 2024/02/01 11:15 a.m.•9 views

Cross site scripting

4.3CVSS6.9AI score0.00049EPSS

Exploits0References1Affected Software1

OSV•added 2023/03/27 9:35 p.m.•9 views

CVE-2023-26493 Command Injection in Cocos Engine workflow

Cocos Engine is an open-source framework for building 2D & 3D real-time rendering and interactive content. In the github repo for Cocos Engine the web-interface-check.yml was subject to command injection. The web-interface-check.yml was triggered when a pull request was opened or updated and...

8.1CVSS8.6AI score0.11068EPSS

Exploits1References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by