CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

5.1CVSS5.9AI score0.00101EPSS

ATutor 跨站脚本漏洞

ATutor is a set of open-source web-based Learning Content Management Systems LCMS developed by the Atutor team. This system includes modules for teaching content management, forums, chat rooms, etc. Version 2.2.4 of ATutor has a cross-site scripting vulnerability. This vulnerability stems from th...

CNNVD•added 2026/05/11 12:0 a.m.•6 views

GROWI 路径遍历漏洞

GROWI is an enterprise-level open-source knowledge base/Wiki system built using Node.js and React by GROWI Inc. GROWI versions 7.5.0 and earlier have a path traversal vulnerability. This vulnerability allows attackers to execute arbitrary EJS templates on the server...

8.6CVSS7.3AI score0.00061EPSS

CVE•added 2026/05/11 12:0 a.m.•4 views

CVE-2025-61308

CVE-2025-61308 describes a reflected XSS in the dfm-menu_maintenance.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c. The underlying issue is an unfiltered variable value that allows attackers to inject arbitrary JavaScript, executed in a user’s browser context. The CVSS 3....

6.1CVSS6AI score0.00031EPSS

Cvelist•added 2026/05/11 12:0 a.m.•30 views

CVE-2025-61314

A reflected cross-site scripted XSS vulnerability in the dfm-menuorderopt.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

0.00031EPSS

Packet Storm•added 2026/05/11 12:0 a.m.•46 views

📄 Car Rental Script 4.0 Cross Site Scripting

Car Rental Script version 4.0 suffers from a cross site scripting vulnerability. Titles: Car-Rental-Script4.0-XSS-Reflected Cross-site scripting reflected Author: nu11secur1ty Date: 05/08/2026 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/car-rental-script/ Reference:...

5.3AI score

Exploits0

Positive Technologies•added 2026/05/11 12:0 a.m.•7 views

PT-2026-39606

A reflected cross-site scripted XSS vulnerability in the dfm-menu departments.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

6AI score0.00031EPSS

Exploits0References4

7.3CVSS5.9AI score0.00031EPSS

docuForm FSM Server 跨站脚本漏洞

The docuForm FSM Server is a server-side system developed by the German company docuForm, designed for enterprise document processing and form workflow management. The version 11.11c of the docuForm FSM Server contains a cross-site scripting vulnerability. This vulnerability originates from the...

Positive Technologies•added 2026/05/11 12:0 a.m.•12 views

PT-2026-39880

Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker MantisBT versions prior to 2.28.2 Description Flawed logic in the Update Issue page 'bug update page.php' causes improper escaping of textarea custom field contents. This allows an authenticated user with low-privilege bug...

5.4CVSS6.2AI score0.00033EPSS

Exploits0References6

6.1CVSS5.9AI score0.00017EPSS

WWBN AVideo 跨站脚本漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 29.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of escaping of user input in the plugin/Meet/iframe.php file, which could allo...

6.9CVSS5.7AI score0.00023EPSS

Grav 跨站脚本漏洞

Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Versions of Grav prior to 2.0.0-beta.2 contained a cross-site scripting vulnerability. This...

Exploits1References1

Positive Technologies•added 2026/05/11 12:0 a.m.•5 views

PT-2026-39590

Name of the Vulnerable Software and Affected Versions ATutor version 2.2.4 Description A Reflected Cross-Site Scripting XSS issue exists in the '/install/upgrade.php' endpoint. This allows an attacker to execute arbitrary JavaScript in a victim's browser by providing a specially crafted URL...

5.1CVSS6AI score0.00101EPSS

Exploits0References7

Positive Technologies•added 2026/05/11 12:0 a.m.•6 views

PT-2026-39723

An authenticated user with upload permission to a hosted repository can store content that causes arbitrary JavaScript to execute in the browser of any user who browses that repository directory via the HTML index page in Sonatype Nexus Repository versions 3.6.0 through versions before 3.92.0. Th...

5.1CVSS6AI score0.00052EPSS

CVE•added 2026/05/11 12:0 a.m.•8 views

CVE-2025-61312

CVE-2025-61312 is a reflected XSS in the acc-menu_pricess.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c. The vulnerability arises from unfiltered input in a variable value, allowing an attacker to inject arbitrary Javascript to be executed in a user’s browser. Connected d...

7.3CVSS6AI score0.00031EPSS

CNNVD•added 2026/05/11 12:0 a.m.•4 views

Sonatype Nexus Repository 跨站脚本漏洞

Sonatype Nexus Repository is a repository manager developed by Sonatype, Inc. in the United States. It is primarily used for managing, storing, and distributing software, etc. Versions of Sonatype Nexus Repository from 3.6.0 to 3.92.0 contained a cross-site scripting vulnerability. This...

5.1CVSS5.8AI score0.00052EPSS

6.1CVSS5.9AI score0.00031EPSS

docuForm FSM Server 跨站脚本漏洞

CNNVD•added 2026/05/11 12:0 a.m.•3 views

docuForm FSM Server 跨站脚本漏洞

6.1CVSS5.9AI score0.00031EPSS

Cvelist•added 2026/05/11 12:0 a.m.•28 views

CVE-2025-61306

A reflected cross-site scripted XSS vulnerability in the dfm-menucoveragealerts.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable valu...

0.00031EPSS