CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5079 matches found

CNNVD•added 2025/06/02 12:0 a.m.•3 views

Gokapi 安全漏洞

Gokapi is a lightweight, self-hosted Firefox sending alternative from Marc Bulling Personal Developer. A security vulnerability exists in Gokapi versions prior to 2.0.0, which stems from a cross-site scripting attack that may result from the injection of JavaScript code when renaming API key...

5.4CVSS6.2AI score0.00117EPSS

Exploits0References4

RedhatCVE•added 2025/06/01 6:35 a.m.•7 views

CVE-2025-48875

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.181, the system's incorrect validation of lastname and firstname during profile data updates allows for the injection of arbitrary JavaScript code, which will be executed in a flesh-message when the data is deleted...

5.4CVSS6.3AI score0.00214EPSS

Exploits1References1

NVD•added 2025/05/30 7:15 a.m.•9 views

CVE-2025-48875

5.4CVSS0.00214EPSS

Exploits1References2

Vulnrichment•added 2025/05/30 6:26 a.m.•4 views

CVE-2025-48875 FreeScout Vulnerable to Stored XSS

4.6CVSS6.2AI score0.00214EPSS

Exploits1References2

Positive Technologies•added 2025/05/30 12:0 a.m.•4 views

PT-2025-23423 · Ibm · Ibm Planning Analytics Local

Name of the Vulnerable Software and Affected Versions: IBM Planning Analytics Local versions 2.0 through 2.1 Description: The issue allows an authenticated user to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure...

5.5CVSS6AI score0.00171EPSS

Exploits0References6

Hacker One•added 2025/05/29 11:34 a.m.•5 views

U.S. Dept Of Defense: Cross-Site Scripting (XSS) in ASP.NET via ResolveUrl on ███████

A Cross-Site Scripting XSS vulnerability was identified in an ASP.NET web application. The issue arose from improper handling of URLs passed to the ResolveUrl method, which failed to sanitize user-controlled input. This allowed injection of arbitrary JavaScript payloads that executed in the conte...

6.2AI score

Exploits0

Hacker One•added 2025/05/29 11:32 a.m.•4 views

U.S. Dept Of Defense: Cross-Site Scripting (XSS) in ASP.NET via ResolveUrl on ████

A Cross-Site Scripting XSS vulnerability was identified in an ASP.NET web application. The issue was caused by improper handling of URLs passed to the ResolveUrl method, which failed to sanitize user-controlled input. This allowed injection of arbitrary JavaScript payloads that executed in the...

6.2AI score

Exploits0

NVD•added 2025/05/28 6:15 p.m.•11 views

CVE-2025-31501

Best Practical RT Request Tracker 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink...

7.2CVSS0.00202EPSS

Exploits0References2

NVD•added 2025/05/28 6:15 p.m.•8 views

CVE-2025-31500

Best Practical RT Request Tracker 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name...

7.2CVSS0.00202EPSS

Exploits0References2

OSV•added 2025/05/28 6:15 p.m.•2 views

CVE-2025-31500

Best Practical RT Request Tracker 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name...

6.1CVSS6.2AI score

Exploits0References2

OSV•added 2025/05/28 6:15 p.m.•3 views

CVE-2025-31501

Best Practical RT Request Tracker 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink...

6.1CVSS6.2AI score

Exploits0References2

CNNVD•added 2025/05/28 12:0 a.m.•2 views

Best Practical RT 跨站脚本漏洞

Best Practical RT is a request tracker from Best Practical, Inc. A cross-site scripting vulnerability exists in Best Practical RT versions 5.0 through 5.0.7, which stems from the injection of JavaScript into an asset name and could lead to cross-site scripting...

7.2CVSS5.9AI score0.00202EPSS

Exploits0References4

Cvelist•added 2025/05/28 12:0 a.m.•11 views

CVE-2025-31500

Best Practical RT Request Tracker 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name...

7.2CVSS0.00202EPSS

Exploits0References2

Vulnrichment•added 2025/05/28 12:0 a.m.•9 views

CVE-2025-31500

Best Practical RT Request Tracker 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name...

7.2CVSS6.1AI score0.00202EPSS

Exploits0References2

Drupal•added 2025/05/28 12:0 a.m.•18 views

EU Cookie Compliance (GDPR Compliance) - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-072

This module addresses the General Data Protection Regulation GDPR and the EU Directive on Privacy and Electronic Communications. The module doesn't sufficiently verify whether "disabled JavaScript" entries are valid or correspond to actual scripts on the page. As a result, an attacker could injec...

5CVSS7AI score0.00182EPSS

Exploits0References2

Cvelist•added 2025/05/28 12:0 a.m.•12 views

CVE-2025-31501

Best Practical RT Request Tracker 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink...

7.2CVSS0.00202EPSS

Exploits0References2

CVE•added 2025/05/28 12:0 a.m.•62 views

CVE-2025-31500

CVE-2025-31500 affects Best Practical RT (Request Tracker) 5.0–5.0.7, enabling cross-site scripting via JavaScript injection in an Asset name. The connected documents confirm the vulnerability and reference the RT 5.0.8 release, suggesting upgrading to 5.0.8 as remediation. No explicit exploit de...

7.2CVSS6.2AI score0.00202EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2025/05/28 12:0 a.m.•7 views

CVE-2025-31501

Best Practical RT Request Tracker 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink...

7.2CVSS6.1AI score0.00202EPSS

Exploits0References2