CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

50 matches found

Snyk•added 2025/08/01 6:31 p.m.•3 views

Cross-site Scripting (XSS)

Overview microweber/microweber is a new generation CMS with drag and drop. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the layout parameter on the /admin/page/create page. An attacker can execute arbitrary JavaScript in the context of authenticated admin users...

6.1CVSS5.4AI score0.00218EPSS

Exploits1References2

Github Security Blog•added 2025/08/01 6:31 p.m.•7 views

Microweber has Reflected XSS Vulnerability in the layout Parameter

Reflected Cross-Site Scripting XSS in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users...

6.1CVSS6.1AI score0.00218EPSS

Exploits1References5Affected Software1

OSV•added 2025/08/01 5:15 p.m.•3 views

CVE-2025-51502

Reflected Cross-Site Scripting XSS in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users...

6.1CVSS6.1AI score0.00218EPSS

Exploits1References3

CNNVD•added 2025/08/01 12:0 a.m.•2 views

Microweber CMS 安全漏洞

Microweber CMS is a drag-and-drop website builder from Microweber Open Source. A security vulnerability exists in Microweber CMS version 2.0, which stems from reflected cross-site scripting in the layout parameter in the /admin/page/create page, which could lead to arbitrary JavaScript execution...

6.1CVSS6AI score0.00218EPSS

Exploits1References4

RedhatCVE•added 2025/05/22 9:18 p.m.•4 views

CVE-2021-32817

express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability...

6.8CVSS6.8AI score0.00342EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 9:17 p.m.•5 views

CVE-2021-32820

Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential...

8.6CVSS6.7AI score0.86122EPSS

Exploits1References1

Positive Technologies•added 2024/07/29 12:0 a.m.•4 views

PT-2024-37219 · WordPress · Ultimate Classified Listings

Name of the Vulnerable Software and Affected Versions: The Ultimate Classified Listings WordPress plugin versions prior to 1.3 Description: The issue allows unauthenticated users to access PHP files on the server from the listings page due to a lack of validation for the ucl page and layout...

7.5CVSS7AI score0.01736EPSS

Exploits1References5

CNNVD•added 2024/07/29 12:0 a.m.•2 views

WordPress plugin Ultimate Classified Listings 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

7.5CVSS6.7AI score0.01736EPSS

Exploits1References2

OSV•added 2024/07/18 6:15 a.m.•2 views

CVE-2024-6164

The Filter & Grids WordPress plugin before 2.8.33 is vulnerable to Local File Inclusion via the postlayout parameter. This makes it possible for an unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files...

9.8CVSS6AI score

Exploits0References1

Positive Technologies•added 2024/07/18 12:0 a.m.•3 views

PT-2024-37424 · WordPress · Filter & Grids

Name of the Vulnerable Software and Affected Versions: The Filter & Grids WordPress plugin versions prior to 2.8.33 Description: The issue allows an unauthenticated attacker to include and execute PHP files on the server via the post layout parameter, enabling the execution of any PHP code in tho...

9.8CVSS7.7AI score0.05301EPSS

Exploits1References5

Positive Technologies•added 2024/05/10 12:0 a.m.•3 views

PT-2024-30140 · WordPress · Learnpress

Name of the Vulnerable Software and Affected Versions: LearnPress – WordPress LMS Plugin versions up to, and including, 4.2.6.5 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping, specifically via the layout html parameter...

6.4CVSS6.1AI score0.00196EPSS

Exploits0References4

OSV•added 2024/03/06 10:52 a.m.•15 views

BIT-HANDLEBARS-2021-32820 File disclosure in Express Handlebars

8.6CVSS8.5AI score0.86122EPSS

Exploits1References6

Positive Technologies•added 2023/07/08 12:0 a.m.•2 views

PT-2023-25225 · Unknown · Gz Scripts Php Vacation Rental Script

Name of the Vulnerable Software and Affected Versions: GZ Scripts PHP Vacation Rental Script version 1.8 Description: A problematic issue has been found, affecting an unknown part of the file /preview.php. The manipulation of the page, layout, sort by, and property id arguments leads to cross-sit...

6.1CVSS4.3AI score0.00283EPSS

Exploits0References4

OSV•added 2022/02/10 11:35 p.m.•1 views

GHSA-FR76-2WP8-FP92 Insecure template handling in Express-handlebars

8.6CVSS5.8AI score0.86122EPSS

Exploits1References7

OSV•added 2021/05/17 8:58 p.m.•4 views

GHSA-RWXP-HWWF-653V Insecure template handling in express-hbs

5.4CVSS6.6AI score0.00342EPSS

Exploits1References6

Cvelist•added 2021/05/14 6:25 p.m.•22 views

CVE-2021-32820 File disclosure in Express Handlebars

8.7AI score0.86122EPSS

Exploits1References5

Cvelist•added 2021/05/14 6:15 p.m.•9 views

CVE-2021-32817 File disclosure in express-hbs

5.4CVSS6.9AI score0.00342EPSS

Exploits1References4

CNNVD•added 2021/05/14 12:0 a.m.•3 views

handlebars 代码注入漏洞

handlebars is a semanticized web template system. A code injection vulnerability exists in Express-handlebars, where a layout parameter may trigger a file disclosure vulnerability in a downstream application...

8.6CVSS7.3AI score0.86122EPSS

Exploits1References8

Positive Technologies•added 2021/05/14 12:0 a.m.•1 views

PT-2021-19954 · Unknown · Express-Handlebars

Name of the Vulnerable Software and Affected Versions: Express-handlebars affected versions not specified Description: The layout parameter in Express-handlebars may trigger file disclosure vulnerabilities in downstream applications, allowing inclusion of files with existing extensions. Files...

8.6CVSS8.3AI score0.86122EPSS

Exploits1References11

CNVD•added 2020/03/10 12:0 a.m.•1 views

ThemeREX Addons Remote Code Execution Vulnerability

WordPress plugin ThemeREX Addons is a plugin that works with various ThemeREX themes, featuring several theme enhancements and widgets that extend the functionality of the theme in question. A remote code execution vulnerability exists in versions of ThemeREX Addons prior to 2020-03-09. The...

9.8CVSS8AI score0.6663EPSS

Exploits2References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by