CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

881 matches found

Packet Storm•added 2024/10/17 12:0 a.m.•332 views

SofaWiki 3.9.2 Cross Site Scripting

Exploit Title: SofaWiki 3.9.2 - Stored XSS Authenticated Date: 10/17/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.sofawiki.com Software Link: https://www.sofawiki.com/site/files/snapshot.zip Version: 3.9.2 Tested on: Windows XP Summary: A stored XSS exists in SofaWiki's Open...

7.4AI score

Exploits0

Vulnrichment•added 2024/09/26 12:0 a.m.•10 views

CVE-2024-45986

A stored Cross-Site Scripting XSS vulnerability was identified in Projectworld Online Voting System 1.0 that occurs when an account is registered with a malicious javascript payload. The payload is stored and subsequently executed in the voter.php and profile.php pages whenever the account...

5.5AI score0.00169EPSS

Exploits1References1

CVE•added 2024/09/26 12:0 a.m.•44 views

CVE-2024-45986

Projectworld Online Voting System 1.0 contains a stored Cross-Site Scripting (XSS) vulnerability. The flaw occurs when an account is registered with a malicious JavaScript payload, which is stored and later executed in voter.php and profile.php whenever account information is accessed. Affected d...

5.4CVSS5.5AI score0.00169EPSS

Exploits1References1Affected Software1

Cvelist•added 2024/09/26 12:0 a.m.•10 views

CVE-2024-45986

0.00169EPSS

Exploits1References1

NVD•added 2024/09/25 1:15 a.m.•11 views

CVE-2024-9141

Cross-Site Scripting XSS vulnerability in the Oct8ne system. This flaw could allow an attacker to embed harmful JavaScript code into the body of a chat message. This manipulation occurs when the chat content is intercepted and altered, leading to the execution of the JavaScript payload...

5.4CVSS0.00154EPSS

Exploits0References1

Cvelist•added 2024/09/24 10:50 a.m.•16 views

CVE-2024-9141 Cross-Site Scripting (XSS) vulnerability in Oct8ne

5.4CVSS0.00154EPSS

Exploits0References1

CVE•added 2024/09/24 10:50 a.m.•52 views

CVE-2024-9141

CVE-2024-9141 describes a Cross-Site Scripting (XSS) vulnerability in Oct8ne, where attacker-controlled chat content could be manipulated (intercepted/altered) to execute JavaScript in chat messages. Affected product: Oct8ne chat system. Underlying cause and exact vulnerable component are not exp...

5.4CVSS5.3AI score0.00154EPSS

Exploits0References1

Github Security Blog•added 2024/09/12 3:33 p.m.•12 views

MindsDB Cross-site Scripting vulnerability

A cross-site scripting XSS vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code within the web UI...

9CVSS5.9AI score0.00158EPSS

Exploits1References3Affected Software1

OSV•added 2024/09/12 1:15 p.m.•2 views

CVE-2024-45856

5.4CVSS5.9AI score

Exploits0References1

Cvelist•added 2024/09/12 1:5 p.m.•12 views

CVE-2024-45856

9CVSS0.00158EPSS

Exploits1References1

NVD•added 2024/09/04 11:15 a.m.•11 views

CVE-2024-8413

Cross Site Scripting XSS vulnerability through the action parameter in index.php. Affected product codebase https://github.com/Bioshox/Raspcontrol and forks such as https://github.com/harmon25/raspcontrol . An attacker could exploit this vulnerability by sending a specially crafted JavaScript...

6.1CVSS0.00402EPSS

Exploits0References1

Cvelist•added 2024/09/04 10:31 a.m.•13 views

CVE-2024-8413 Cross Site Scripting (XSS) in Raspcontrol

5.4CVSS0.00402EPSS

Exploits0References1

Vulnrichment•added 2024/09/04 10:31 a.m.•12 views

CVE-2024-8413 Cross Site Scripting (XSS) in Raspcontrol

5.4CVSS5.7AI score0.00402EPSS

Exploits0References1

CVE•added 2024/09/04 10:31 a.m.•42 views

CVE-2024-8413

CVE-2024-8413 is an XSS vulnerability in Raspcontrol (and forks) via the action parameter in index.php. Affected product/codebase: Bioshox/Raspcontrol and forks such as harmon25/raspcontrol; impact is that an attacker could deliver a crafted JavaScript payload to an authenticated user, partially ...

6.1CVSS5.3AI score0.00402EPSS

Exploits0References1Affected Software1

NVD•added 2024/08/06 1:15 p.m.•13 views

CVE-2024-33990

Cross-Site Scripting XSS vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted javascript payload to an authenticated user and partially take over their browser session via the 'id' and 'view' parameters ...

7.1CVSS0.00286EPSS

Exploits0References1

OSV•added 2024/08/06 1:15 p.m.•0 views

CVE-2024-33990

6.1CVSS5.8AI score0.00286EPSS

Exploits0References1

NVD•added 2024/08/06 1:15 p.m.•7 views

CVE-2024-33989

7.1CVSS0.00286EPSS

Exploits0References1

CVE•added 2024/08/06 1:6 p.m.•26 views

CVE-2024-33990

CVE-2024-33990 describes a Cross-Site Scripting (XSS) vulnerability in School Event Management System v1.0 . The issue can be triggered by an authenticated user who receives a specially crafted payload via the id and view parameters in /user/index.php , allowing an attacker to partially take over...

7.1CVSS5.6AI score0.00286EPSS

Exploits0References1Affected Software1

Cvelist•added 2024/08/06 1:6 p.m.•16 views

CVE-2024-33990 Cross-Site Scripting (XSS) vulnerability in Janobe School Event Management System

7.1CVSS0.00286EPSS

Exploits0References1

NVD•added 2024/08/06 11:16 a.m.•11 views

CVE-2024-33975

Cross-Site Scripting XSS vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially take over their browser session via 'view' parameter in '/admin/products/index.ph...

7.1CVSS0.00285EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by