CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2179 matches found

OSV•added 2025/07/31 4:15 p.m.•3 views

CVE-2025-52203

A stored cross-site scripting XSS vulnerability exists in DevaslanPHP project-management v1.2.4. The vulnerability resides in the Ticket Name field, which fails to properly sanitize user-supplied input. An authenticated attacker can inject malicious JavaScript payloads into this field, which are...

7.6CVSS5AI score0.00305EPSS

Exploits2References2

Positive Technologies•added 2025/07/31 12:0 a.m.•4 views

PT-2025-31555 · Unknown · Devaslanphp Project-Management

Name of the Vulnerable Software and Affected Versions: DevaslanPHP project-management version 1.2.4 Description: A stored cross-site scripting XSS issue exists in DevaslanPHP project-management version 1.2.4. The vulnerability is located in the Ticket Name field, which does not properly sanitize...

7.6CVSS5.5AI score0.00305EPSS

Exploits2References6

RedhatCVE•added 2025/07/30 9:31 a.m.•15 views

CVE-2025-27802

The Episerver Content Management System CMS by Optimizely was affected by multiple Stored Cross-Site Scripting XSS vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. RTE properties text fields, which could be used in the "Edit"...

4.8CVSS5.9AI score0.00313EPSS

Exploits1References1

CNVD•added 2025/07/30 12:0 a.m.•3 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-18564)

Adobe Experience Manager is an application developed by Adobe for creating, organizing and publishing digital content. It helps organizations manage their websites, mobile applications and other digital experiences more easily through an integrated interface. Users can utilize different tools and...

5.4CVSS6.5AI score0.00264EPSS

Exploits0References1

NVD•added 2025/07/28 9:15 a.m.•5 views

CVE-2025-27801

The Episerver Content Management System CMS by Optimizely was affected by multiple Stored Cross-Site Scripting XSS vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. ContentReference properties, which could be used in the "Edit"...

4.8CVSS0.00334EPSS

Exploits1References4

CVE•added 2025/07/28 8:47 a.m.•15 views

CVE-2025-27802

CVE-2025-27802: Stored XSS in Optimizely Episerver CMS (EPiServer.CMS.Core/UI) via Rich Text Editor fields in the Edit/Preview flow. An authenticated user with WebEditor role could inject JavaScript that runs when a page is previewed. Affected: Episerver CMS 11.x (<11.21.4 core with UI <11....

4.8CVSS5.4AI score0.00313EPSS

Exploits1References4

Cvelist•added 2025/07/28 8:47 a.m.•8 views

CVE-2025-27802 Stored Cross-Site Scripting in Episerver Content Management System (CMS) Edit Preview

4.8CVSS0.00313EPSS

Exploits1References3

Vulnrichment•added 2025/07/28 8:47 a.m.•2 views

CVE-2025-27802 Stored Cross-Site Scripting in Episerver Content Management System (CMS) Edit Preview

4.8CVSS5.4AI score0.00313EPSS

Exploits1References3

Cvelist•added 2025/07/28 8:40 a.m.•8 views

CVE-2025-27801 Stored Cross-Site Scripting in Episerver Content Management System (CMS) Media Selection Preview

The Episerver Content Management System CMS by Optimizely was affected by multiple Stored Cross-Site Scripting XSS vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. ContentReference properties, which could be used in the "Edit"...

4.8CVSS0.00334EPSS

Exploits1References3

Vulnrichment•added 2025/07/28 8:40 a.m.•3 views

CVE-2025-27801 Stored Cross-Site Scripting in Episerver Content Management System (CMS) Media Selection Preview

The Episerver Content Management System CMS by Optimizely was affected by multiple Stored Cross-Site Scripting XSS vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. ContentReference properties, which could be used in the "Edit"...

4.8CVSS5.4AI score0.00334EPSS

Exploits1References3

Cvelist•added 2025/07/28 8:33 a.m.•9 views

CVE-2025-27800 Stored Cross-Site Scripting in Episerver Content Management System (CMS) Admin Dashboard

The Episerver Content Management System CMS by Optimizely was affected by multiple Stored Cross-Site Scripting XSS vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. The Admin dashboard offered the functionality to add gadgets to...

4.8CVSS0.00346EPSS

Exploits1References3

CVE•added 2025/07/28 8:33 a.m.•15 views

CVE-2025-27800

CVE-2025-27800 corresponds to multiple stored XSS flaws in Optimizely Episerver CMS (EPiServer.CMS.Core/UI) affecting 11.x (<11.21.4 core and <11.37.5 UI) and 12.x (<12.22.1 core and

4.8CVSS5.4AI score0.00346EPSS

Exploits1References4

CNNVD•added 2025/07/28 12:0 a.m.•1 views

Optimizely Episerver Content Management System 安全漏洞

Optimizely Episerver Content Management System is an enterprise-class content management system from Optimizely, Inc. A security vulnerability exists in the Optimizely Episerver Content Management System that stems from stored cross-site scripting that allows an authenticated attacker to execute...

4.8CVSS5.9AI score0.00313EPSS

Exploits1References3

CNNVD•added 2025/07/28 12:0 a.m.•2 views

Optimizely Episerver Content Management System 安全漏洞

4.8CVSS5.9AI score0.00334EPSS

Exploits1References3

CNNVD•added 2025/07/28 12:0 a.m.•1 views

Optimizely Episerver Content Management System 安全漏洞

4.8CVSS5.9AI score0.00346EPSS

Exploits1References3

RedhatCVE•added 2025/07/27 12:19 a.m.•8 views

CVE-2025-45892

OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting XSS attack via the blog editor. The vulnerability arises because input in the blog's editor is not properly sanitized or escaped before being rendered. This allows attackers to inject malicious JavaScript code...

6.1CVSS5.8AI score0.00229EPSS

Exploits1References1

RedhatCVE•added 2025/07/26 4:26 p.m.•12 views

CVE-2025-46993

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.5AI score0.00264EPSS

Exploits0References1

NVD•added 2025/07/25 5:15 p.m.•7 views

CVE-2025-45892

6.1CVSS0.00229EPSS

Exploits1References2

CNVD•added 2025/07/25 12:0 a.m.•3 views

Adobe Experience Manager Cross-Site Scripting Vulnerability

Adobe Experience Manager is an enterprise-grade content management solution from Adobe designed to help companies efficiently build, manage and deliver multi-channel digital content and personalized experiences. A cross-site scripting vulnerability exists in Adobe Experience Manager, which can be...

5.4CVSS6.4AI score0.00349EPSS

Exploits0References1

Cvelist•added 2025/07/25 12:0 a.m.•12 views

CVE-2025-45892

0.00229EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by