CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2025/12/12 4:15 a.m.•6 views

CVE-2025-13866

6.4CVSS0.00034EPSS

Positive Technologies•added 2025/12/12 12:0 a.m.•3 views

PT-2025-50902

Name of the Vulnerable Software and Affected Versions Frappe Learning Management System LMS versions prior to 2.42.0 Description Frappe Learning Management System LMS allows authenticated users to inject malicious HTML and JavaScript code through description fields within the Job, Course, and Bat...

5.4CVSS5.8AI score0.00025EPSS

Exploits0References6

Positive Technologies•added 2025/12/12 12:0 a.m.•3 views

PT-2025-50826

The Flow-Flow Social Feed Stream plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flow flow social auth AJAX action in versions 3.0.0 to 4.7.5. This makes it possible for authenticated attackers, with Subscriber-level access and abov...

6.4CVSS5.6AI score0.00034EPSS

NVD•added 2025/12/11 10:15 p.m.•2 views

CVE-2024-58297

PyroCMS v3.0.1 contains a stored cross-site scripting vulnerability in the admin redirects configuration that allows attackers to inject malicious scripts. Attackers can insert a payload in the 'Redirect From' field to execute arbitrary JavaScript when administrators view the redirects page...

5.4CVSS0.00037EPSS

Exploits1References4

EUVD•added 2025/12/10 9:31 p.m.•2 views

EUVD-2025-202470

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5AI score0.00025EPSS

Exploits0References2

OSV•added 2025/12/10 7:16 p.m.•1 views

CVE-2025-64615

5.4CVSS5.8AI score0.00025EPSS

NVD•added 2025/12/10 7:16 p.m.•2 views

CVE-2025-64556

5.4CVSS0.00025EPSS

Vulnrichment•added 2025/12/10 6:24 p.m.•2 views

CVE-2025-64593 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

5.4CVSS5.1AI score0.00025EPSS

RedhatCVE•added 2025/12/10 12:28 a.m.•6 views

CVE-2025-65300

A stored Cross-Site Scripting XSS vulnerability exists in the Coohom SaaS Platform feVersion=1760060603897 2025-10-28 in the Account Settings module, where unsanitized user input in Address fields City, State, Country/Region is rendered back to the page. Attackers can inject arbitrary JavaScript...

5.4CVSS5.9AI score0.00027EPSS

Exploits1References1

Cvelist•added 2025/12/09 9:13 p.m.•15 views

CVE-2025-34425 MailEnable < 10.54 Reflected XSS in WindowContext Parameter of MAI/compose.aspx

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the WindowContext parameter of /Mondo/lang/sys/Forms/MAI/compose.aspx. The WindowContext value is not properly sanitized when processed via a GET request and is reflected within a context in the...

5.3CVSS0.00014EPSS

OSV•added 2025/12/09 7:15 p.m.•1 views

CVE-2025-65300

5.4CVSS6AI score

Exploits0References2

EUVD•added 2025/12/09 6:30 p.m.•2 views

EUVD-2025-202195

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the InstanceScope parameter of /Mondo/lang/sys/Forms/CAL/compose.aspx. The InstanceScope value is not properly sanitized when processed via a GET request and is reflected inside a block in the...

6.1CVSS5.3AI score0.00011EPSS

NVD•added 2025/12/09 6:15 p.m.•3 views

CVE-2025-34403

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the FieldTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldTo value is not properly sanitized when processed via a GET request and is reflected inside a block in the JavaScript variable...

6.1CVSS0.00011EPSS

EUVD•added 2025/12/09 6:10 p.m.•2 views

EUVD-2025-202186

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the AddressesBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesBcc value is not properly sanitized when processed via a GET request and is reflected within a block in the JavaScrip...

6.1CVSS5.4AI score0.00011EPSS

Cvelist•added 2025/12/09 6:8 p.m.•17 views

CVE-2025-34402 MailEnable < 10.54 Reflected XSS in FieldCc Parameter of AddressBook.aspx

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the FieldCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldCc value is not properly sanitized when processed via a GET request and is reflected inside a block in the JavaScript variable...

5.3CVSS0.00011EPSS

Veracode•added 2025/12/08 11:7 a.m.•4 views

Cross-site Scripting

Apache SkyWalking is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper neutralization of script-related HTML tags, allowing attackers to inject malicious JavaScript into web pages...

6.1CVSS6AI score0.00258EPSS

Exploits0References6Affected Software1

RedhatCVE•added 2025/12/04 7:22 p.m.•2 views

CVE-2025-66468

The Aimeos GrapesJS CMS extension provides page editor for creating content pages based on extensible components. Prior to 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8, Javascript code can be injected by malicious editors for a stored XSS attack if the standard Content Security Polic...

7.6CVSS6.3AI score0.00025EPSS

Vulnrichment•added 2025/12/03 5:0 p.m.•2 views

CVE-2025-20385 Stored Cross-Site scripting (XSS) through Anchor Tag "href" in Navigation Bar Collections in Splunk Enterprise

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117, a user who holds a role with a high privilege capability adminallobjects could craft a malicious payload through the href attribute of an anch...

2.4CVSS6.6AI score0.00028EPSS