CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A cross-site scripting XSS vulnerability in FairSketch RISE Ultimate Project Manager & CRM 3.9.4 allows an administrator to store a JavaScript payload using the file explorer in the admin dashboard when creating new folders...

6.1CVSS5.7AI score0.00034EPSS

Exploits2References2

CNNVD•added 2025/09/29 12:0 a.m.•3 views

FairSketch RISE Ultimate Project Manager 安全漏洞

FairSketch RISE Ultimate Project Manager is a project management system from FairSketch, Inc. A security vulnerability exists in FairSketch RISE Ultimate Project Manager version 3.9.4, which originates from a JavaScript payload that can be stored by an administrator via File Explorer when creatin...

6.1CVSS5.9AI score0.00034EPSS

Exploits2References2

Vulnrichment•added 2025/09/22 12:0 a.m.•1 views

CVE-2025-57203

MagicProject AI version 9.1 is affected by a Cross-Site Scripting XSS vulnerability within the chatbot generation feature available to authenticated admin users. The vulnerability resides in the prompt parameter submitted to the /dashboard/user/generator/generate-stream endpoint via a...

5.8AI score0.00044EPSS

Exploits1References1

RedhatCVE•added 2025/08/30 6:21 p.m.•2 views

CVE-2025-50975

IPFire 2.29 web-based firewall interface firewall.cgi fails to sanitize several rule parameters such as PROT, SRCPORT, TGTPORT, dnatport, key, ruleremark, srcaddr, stdnettgt, and tgtaddr, allowing an authenticated administrator to inject persistent JavaScript. This stored XSS payload is executed...

5.4CVSS5.9AI score0.00043EPSS

Exploits1References1

Tenable Nessus•added 2025/08/30 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2021-26247

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - As an unauthenticated remote user, visit http:///authchangepassword.php?ref=alert1 to successfully execute the JavaScript payload present in the ref URL...

6.1CVSS6.5AI score0.21043EPSS

Exploits0References2

RedhatCVE•added 2025/08/21 12:26 a.m.•6 views

CVE-2025-51487

A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.5, allowing to execute arbitrary JavaScript by using "javascript:" payload, instead of the expected HTTPS protocol, in the CutCode Link parameter when creating/updating a new Article...

4.5CVSS5.8AI score0.00089EPSS

Exploits2References1

OSV•added 2025/08/19 3:15 p.m.•2 views

CVE-2025-51487

4.5CVSS5.7AI score

Exploits0References2

NVD•added 2025/08/19 3:15 p.m.•5 views

CVE-2025-51487

4.5CVSS0.00089EPSS

Exploits2References2

Cvelist•added 2025/08/19 12:0 a.m.•8 views

CVE-2025-51487

0.00089EPSS

Exploits2References2

Vulnrichment•added 2025/08/19 12:0 a.m.•4 views

CVE-2025-51487

5.3AI score0.00089EPSS

Exploits2References2

NVD•added 2025/08/13 6:15 p.m.•3 views

CVE-2025-45314

A cross-site scripting XSS vulnerability in the /Calendar endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the add function...

6.1CVSS0.00075EPSS

Exploits1References3

NVD•added 2025/08/08 3:15 p.m.•3 views

CVE-2020-9322

The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. This can be exploited via CSRF. Stored XSS can occur via a JavaScript payload in a username during account registration. Reflected XSS can occur via the /users PATHINFO...

8.8CVSS0.00039EPSS

Exploits0References3

CVE•added 2025/08/08 12:0 a.m.•14 views

CVE-2020-9322

Statamic Core prior to 2.11.8 exposes a cross-site scripting (XSS) vulnerability via the /users endpoint. This can be exploited through CSRF to create an administrator user. Stored XSS is possible when a JavaScript payload is placed in the username during account registration, and reflected XSS c...

8.8CVSS5.5AI score0.00039EPSS

Exploits0References3