CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/03/22 12:49 p.m.•6 views

CVE-2024-0640

A stored cross-site scripting XSS vulnerability exists in chatwoot/chatwoot versions 3.0.0 to 3.5.1. This vulnerability allows an admin user to inject malicious JavaScript code via the dashboard app settings, which can then be executed by another admin user when they access the affected dashboard...

5.6CVSS5.3AI score0.00077EPSS

Vulnrichment•added 2025/03/21 11:50 a.m.•11 views

CVE-2025-2597 Reflected Cross-Site Scripting (XSS) vulnerability in ITIUM 6050

Reflected Cross-Site Scripting XSS in ITIUM 6050 version 5.5.5.2-b3526 from Impact Technologies. This vulnerability could allow an attacker to execute malicious Javascript code via GET and POST requests to the ‘/index.php’ endpoint and injecting code into the ‘idsession...

5.1CVSS5.9AI score0.00111EPSS

RedhatCVE•added 2025/03/20 1:13 p.m.•8 views

CVE-2025-2495

Stored Cross-Site Scripting XSS in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to upload XML files to the server with JavaScript code injected via the ‘/softdial/scheduler/save.php’ resource. The injected code will execute when the uploaded file is loaded via the...

5.3CVSS6AI score0.00168EPSS

Exploits0References3

OSV•added 2025/03/20 12:32 p.m.•4 views

GHSA-W6HH-W36C-VXMW LocalAI Cross-Site Scripting (XSS) vulnerability in its search functionality

mudler/localai version v2.21.1 contains a Cross-Site Scripting XSS vulnerability in its search functionality. The vulnerability arises due to improper sanitization of user input, allowing the injection and execution of arbitrary JavaScript code. This can lead to the execution of malicious scripts...

5.4CVSS6.3AI score0.00229EPSS

Exploits1References4

OSV•added 2025/03/20 10:15 a.m.•9 views

CVE-2024-8400

A stored cross-site scripting XSS vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability allows an attacker to upload a malicious HTML file containing JavaScript code, which is then executed when the file is accessed. This can lead to the execution of arbitrar...

5.4CVSS5.6AI score

Exploits0References2

NVD•added 2025/03/20 10:15 a.m.•8 views

CVE-2024-8400

5.4CVSS0.00313EPSS

NVD•added 2025/03/20 10:15 a.m.•5 views

CVE-2024-0640

5.6CVSS0.00077EPSS

Vulnrichment•added 2025/03/20 10:10 a.m.•5 views

CVE-2024-0640 Stored XSS in chatwoot/chatwoot

5.6CVSS5.1AI score0.00077EPSS

CVE•added 2025/03/20 10:10 a.m.•41 views

CVE-2024-0640

CVE-2024-0640 (Chatwoot) describes a stored XSS vulnerability in chatwoot/chatwoot versions 3.0.0 to 3.5.1. An admin can inject malicious JavaScript through the dashboard app settings, which can then be executed by another admin when they access the affected dashboard. The issue has been fixed in...

5.6CVSS5.3AI score0.00077EPSS

Exploits1References2Affected Software1

Cvelist•added 2025/03/20 10:10 a.m.•7 views

CVE-2024-9311 Cross-Site Request Forgery to XSS in haotian-liu/llava

A Cross-Site Request Forgery CSRF vulnerability in haotian-liu/llava v1.2.0 LLaVA-1.6 allows an attacker to upload files with malicious content without authentication or user interaction. The uploaded file is stored in a predictable path, enabling the attacker to execute arbitrary JavaScript code...

6.1CVSS0.00079EPSS

Cvelist•added 2025/03/20 10:10 a.m.•5 views

CVE-2024-9107 Stored XSS in gaizhenbiao/chuanhuchatgpt

A stored cross-site scripting XSS vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, affecting version git 20b2e02. The vulnerability arises from improper sanitization of HTML tags in chat history uploads. Specifically, the sanitization logic fails to handle HTML tags within code...

6.8CVSS0.00858EPSS

Vulnrichment•added 2025/03/20 10:9 a.m.•4 views

CVE-2024-9900 Cross-Site Scripting (XSS) in mudler/localai

5.4CVSS5.5AI score0.00229EPSS

CVE•added 2025/03/20 10:9 a.m.•91 views

CVE-2024-9900

LocalAI (github.com/mudler/LocalAI) is affected by a Cross-Site Scripting (XSS) vulnerability in its search functionality. The CVE-2024-9900 entry cites v2.21.1 as vulnerable, due to improper sanitization of user input, enabling injection and execution of arbitrary JavaScript in the victim’s brow...

6.1CVSS5.5AI score0.00229EPSS

Exploits1References2Affected Software1

CVE•added 2025/03/20 10:8 a.m.•39 views

CVE-2024-11441

CVE-2024-11441 affects Serge (open source web interface for chatting via llama.cpp) at version 0.9.0. The issue is a stored XSS caused by improper neutralization of input during web page generation in the chat prompt. An attacker can send a crafted message containing malicious HTML/JavaScript, wh...

6.1CVSS6AI score0.00274EPSS

Positive Technologies•added 2025/03/20 12:0 a.m.•5 views

PT-2025-12295 · Unknown · Mudler/Localai

Name of the Vulnerable Software and Affected Versions: mudler/localai version v2.21.1 mudler/localai versions prior to v2.22.0 Description: The issue arises due to improper sanitization of user input, allowing the injection and execution of arbitrary JavaScript code. This can lead to the executio...

9.8CVSS7.8AI score0.91918EPSS

Exploits23References44

Hacker One•added 2025/03/19 1:55 a.m.•910 views

Autodesk: Reflected XSS Vulnerability in SVG File at area-resources-stg.autodesk.com

A reflected cross-site scripting XSS vulnerability was found on files stored on an Autodesk AREA server. The vulnerability could have allowed an attacker to inject malicious JavaScript code when the files were viewed by users. Autodesk has fixed the vulnerability...

5.7AI score

Exploits0

RedhatCVE•added 2025/03/18 6:28 p.m.•9 views

CVE-2024-48761

Reflected XSS vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary JavaScript code via the "erro" parameter...

8.8CVSS6.2AI score0.00523EPSS

Vulnrichment•added 2025/03/18 11:28 a.m.•10 views

CVE-2025-2495 Stored Cross-Site Scripting (XSS) vulnerability in Softdial Contact Center

5.3CVSS5.6AI score0.00168EPSS

Cvelist•added 2025/03/18 11:28 a.m.•15 views

CVE-2025-2495 Stored Cross-Site Scripting (XSS) vulnerability in Softdial Contact Center

5.3CVSS0.00168EPSS