CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/05/20 12:0 a.m.•5 views

PT-2026-42258

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in search.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm query POST parameter directly into an HTML input field VALUE attribute. Attacker...

5.1CVSS5.8AI score0.00029EPSS

CNNVD•added 2026/05/20 12:0 a.m.•5 views

TeleJSON 跨站脚本漏洞

TeleJSON is an open-source JSON extension library developed by Storybook that supports complex data types. Versions of TeleJSON prior to 6.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from a DOM-based cross-site scripting vulnerability within the parse function...

6.1CVSS5.8AI score0.00036EPSS

Tenable Nessus•added 2026/05/18 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2026-23926

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated non-super administrator can create a maintenance period with a JavaScript payload that is executed by any user that opens tooltip for that...

7.3CVSS5.8AI score0.00074EPSS

EUVD•added 2026/05/16 3:25 p.m.•5 views

EUVD-2020-31236

NewsLister contains an authenticated persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the title parameter in the news addition interface. Attackers can inject JavaScript payloads via the title field in the admin panel that...

6.4CVSS5.7AI score0.00032EPSS

CVE•added 2026/05/16 3:25 p.m.•8 views

CVE-2020-37236

CVE-2020-37236 describes an authenticated persistent cross-site scripting vulnerability in NewsLister. Authenticated administrators can inject JavaScript via the title parameter in the news addition interface, with payloads executing when news items are viewed by other users. The CVE has a CVSS v...

6.4CVSS5.7AI score0.00032EPSS

Positive Technologies•added 2026/05/16 12:0 a.m.•9 views

PT-2026-41436

6.4CVSS5.7AI score0.00032EPSS

Positive Technologies•added 2026/05/14 12:0 a.m.•3 views

PT-2026-41153

Summary A stored cross-site scripting vulnerability was identified in the image widget functionality. A user with the Editor role can configure an image widget link to use a javascript: URL payload. Because editors have permission to publish pages, the malicious widget can be published to the liv...

7.3CVSS5.8AI score

CVE•added 2026/05/13 6:18 p.m.•9 views

CVE-2026-0256

CVE-2026-0256 describes a stored cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software that allows a malicious authenticated administrator to store a JavaScript payload via the web interface. Affected products include PAN-OS on PA-Series and VM-Series firewalls and Panora...

6.9CVSS5.7AI score0.00057EPSS

RedhatCVE•added 2026/05/12 2:21 p.m.•2 views

CVE-2025-40899

A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. An authenticated user with custom fields privileges can define a malicious custom field containing a JavaScript payload. When the victim views the...

8.9CVSS5.8AI score0.0004EPSS

NVD•added 2026/05/11 4:17 p.m.•4 views

CVE-2025-61307

A reflected cross-site scripted XSS vulnerability in the acc-menupapers.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

6.1CVSS0.00031EPSS

Vulnrichment•added 2026/05/11 12:0 a.m.•4 views

CVE-2025-61310

A reflected cross-site scripted XSS vulnerability in the acc-menubillings.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

6AI score0.00031EPSS

Cvelist•added 2026/05/11 12:0 a.m.•25 views

CVE-2025-61314

A reflected cross-site scripted XSS vulnerability in the dfm-menuorderopt.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

0.00031EPSS

CVE•added 2026/05/11 12:0 a.m.•3 views

CVE-2025-61308

CVE-2025-61308 describes a reflected XSS in the dfm-menu_maintenance.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c. The underlying issue is an unfiltered variable value that allows attackers to inject arbitrary JavaScript, executed in a user’s browser context. The CVSS 3....

6.1CVSS6AI score0.00031EPSS

Positive Technologies•added 2026/05/11 12:0 a.m.•4 views

PT-2026-39607

A reflected cross-site scripted XSS vulnerability in the acc-menu billings.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

6AI score0.00031EPSS

Vulnrichment•added 2026/05/10 12:12 p.m.•6 views

CVE-2022-50943 Moodle LMS 4.0 Cross-Site Scripting via course search.php

Moodle LMS 4.0 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Attackers can inject JavaScript code via the search field in course/search.php to execute arbitrary scripts in users'...

6.1CVSS6AI score0.00116EPSS

Exploits1References4

Positive Technologies•added 2026/05/10 12:0 a.m.•4 views

PT-2026-39503

WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting insufficient sanitization of the forum name parameter. Attackers can submit POST requests to the admin setup page with...

6.4CVSS5.6AI score0.00034EPSS

Exploits0References5

SUSE CVE•added 2026/05/08 2:23 a.m.•3 views

SUSE CVE-2026-23926

An authenticated non-super administrator can create a maintenance period with a JavaScript payload that is executed by any user that opens tooltip for that maintenance period in the Host navigator widget. This can allow the attacker to perform unauthorized actions depending on which user opens th...

7.3CVSS5.8AI score0.00074EPSS

NVD•added 2026/05/06 8:16 a.m.•2 views

CVE-2026-23926

7.3CVSS0.00074EPSS