CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2025/04/02 12:0 a.m.•14 views

CVE-2025-30090

mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are mishandled after $encoded has been set to true...

7.2CVSS0.00232EPSS

CNNVD•added 2025/04/02 12:0 a.m.•4 views

Zabbix 跨站脚本漏洞

Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. A cross-site scripting vulnerability exists in Zabbix that originates in cross-site scripting and could result in a JavaScript payload...

7.5CVSS7.3AI score0.00327EPSS

RedhatCVE•added 2025/03/22 1:14 p.m.•10 views

CVE-2024-12870

A stored cross-site scripting XSS vulnerability exists in infiniflow/ragflow, affecting the latest commit on the main branch cec2080. The vulnerability allows an attacker to upload HTML/XML files that can host arbitrary JavaScript payloads. These files are served with the 'application/xml' conten...

5.4CVSS5.8AI score0.00454EPSS

RedhatCVE•added 2025/03/22 11:54 a.m.•6 views

CVE-2024-9699

A vulnerability in the file upload functionality of the FlatPress CMS admin panel version latest allows an attacker to upload a file with a JavaScript payload disguised as a filename. This can lead to a Cross-Site Scripting XSS attack if the uploaded file is accessed by other users. The issue is...

7.5CVSS5.8AI score0.00323EPSS

NVD•added 2025/03/20 10:15 a.m.•14 views

CVE-2024-9699

7.5CVSS0.00323EPSS

Vulnrichment•added 2025/03/20 10:9 a.m.•7 views

CVE-2024-9699 Cross-Site Scripting (XSS) in flatpressblog/flatpress

7.5CVSS6.8AI score0.00323EPSS

CVE•added 2025/03/20 10:9 a.m.•49 views

CVE-2024-9699

CVE-2024-9699 affects FlatPress CMS: the file-upload feature in the admin panel allows a JavaScript payload masquerading as a filename, enabling Cross-Site Scripting when the uploaded file is accessed. The issue is described for the default/“latest” release and is stated to be fixed in version 1....

7.5CVSS6.7AI score0.00323EPSS

Exploits0References2Affected Software1

CNNVD•added 2025/03/20 12:0 a.m.•3 views

FlatPress 跨站脚本漏洞

FlatPress is a lightweight, easy-to-setup flat file blogging engine from the FlatPress open source. A cross-site scripting vulnerability exists in FlatPress, which stems from a JavaScript payload masquerading as a filename in the file upload function, which could lead to a cross-site scripting...

7.5CVSS7.2AI score0.00323EPSS

RedhatCVE•added 2025/03/13 6:4 p.m.•4 views

CVE-2025-26659

SAP NetWeaver Application Server ABAP does not sufficiently encode user-controlled inputs, leading to DOM-basedCross-Site Scripting XSS vulnerability. This allows an attacker with no privileges, to craft a malicious web message that exploits WEBGUI functionality. On successful exploitation, the...

6.1CVSS5.9AI score0.00221EPSS

Cvelist•added 2025/03/11 12:36 a.m.•8 views

CVE-2025-26659 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)

6.1CVSS0.00221EPSS

NVD•added 2025/02/11 1:15 a.m.•6 views

CVE-2025-0054

SAP NetWeaver Application Server Java does not sufficiently handle user input, resulting in a stored cross-site scripting vulnerability. The application allows attackers with basic user privileges to store a Javascript payload on the server, which could be later executed in the victim's web...

5.4CVSS0.00253EPSS

Vulnrichment•added 2025/02/11 12:32 a.m.•9 views

CVE-2025-0054 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java

5.4CVSS5AI score0.00253EPSS

CVE•added 2025/02/11 12:32 a.m.•58 views

CVE-2025-0054

CVE-2025-0054 describes a stored cross-site scripting vulnerability in SAP NetWeaver Application Server Java caused by insufficient input handling. Attackers with basic user privileges can store a JavaScript payload on the server, which may be executed in other users’ browsers when affected pages...

5.4CVSS5AI score0.00253EPSS

Cvelist•added 2025/02/11 12:32 a.m.•12 views

CVE-2025-0054 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java

5.4CVSS0.00253EPSS

NVD•added 2025/02/10 1:15 p.m.•4 views

CVE-2025-1175

Reflected Cross-Site Scripting XSS vulnerability in Kelio Visio 1, Kelio Visio X7 and Kelio Visio X4, in versions between 3.2C and 5.1K. This vulnerability could allow an attacker to execute a JavaScript payload by making a POST request and injecting malicious code into the editable ‘username’...

6.1CVSS0.00283EPSS

CVE•added 2025/02/10 12:42 p.m.•53 views

CVE-2025-1175

The vulnerability CVE-2025-1175 is a Reflected Cross-Site Scripting (XSS) in Kelio Visio 1, Kelio Visio X7, and Kelio Visio X4, affecting versions 3.2C through 5.1K. The issue occurs in the editable ‘username’ parameter of the endpoint "/PageLoginVisio.do" and can be triggered by a POST request t...

6.1CVSS6AI score0.00283EPSS

Vulnrichment•added 2025/02/10 12:42 p.m.•4 views

CVE-2025-1175 Cross-Site Scripting (XSS) vulnerability in Kelio Visio

6.1CVSS6AI score0.00283EPSS

RedhatCVE•added 2025/02/08 2:25 p.m.•4 views

CVE-2025-1076

A Stored Cross-Site Scripting Stored XSS vulnerability has been found in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within the editable ‘name’ and ‘icon’ parameters of the Activities functionality...

4.8CVSS5.9AI score0.00206EPSS

Exploits0References3

NVD•added 2025/02/06 2:15 p.m.•22 views

CVE-2025-1076

4.8CVSS0.00206EPSS