Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

46 matches found

EUVD
EUVDadded 5 days ago9 views

EUVD-2026-33268

ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load...

4.8CVSS5.8AI score0.00033EPSS
Exploits0References2
Cvelist
Cvelistadded 5 days ago23 views

CVE-2026-10057 ITP Technology|ITS Intelligent SCADA System - Stored Cross-Site Scripting

ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load...

4.8CVSS0.00033EPSS
Exploits0References2
EUVD
EUVDadded 5 days ago9 views

EUVD-2026-33267

ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load...

4.8CVSS5.8AI score0.00033EPSS
Exploits0References2
CVE
CVEadded 5 days ago6 views

CVE-2026-10057

CVE-2026-10057 affects the ITS Intelligent SCADA System from ITP Technology. The vulnerability is a Stored Cross-Site Scripting (XSS) issue that lets privileged remote attackers inject persistent JavaScript that runs in users’ browsers when a page loads. The available documents confirm the affect...

4.8CVSS5.8AI score0.00033EPSS
Exploits0References2
CNNVD
CNNVDadded 5 days ago3 views

ITP ITS Intelligent SCADA System 跨站脚本漏洞

ITP ITS Intelligent SCADA System is an industrial automation monitoring and data acquisition platform developed by ITP, a company from Taiwan, China. The ITP ITS Intelligent SCADA System has a cross-site scripting vulnerability, which stems from stored-xss scripts. This vulnerability may allow...

4.8CVSS5.7AI score0.00033EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 5 days ago4 views

PT-2026-44763

ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load...

4.8CVSS5.8AI score0.00033EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/20 12:0 a.m.6 views

PT-2026-42264

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web configuration interface that allows authenticated attackers to execute persistent JavaScript by fragmenting malicious payloads across multiple administrative form fields...

8.4CVSS5.9AI score0.00046EPSS
Exploits0References3
NVD
NVDadded 2026/04/01 10:16 p.m.2 views

CVE-2026-34571

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, a Stored Cross-Site Scripting Stored XSS vulnerability exists in the backend user management functionality. The application fail...

9.9CVSS0.00061EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/04/01 8:41 p.m.2 views

CVE-2026-34530 File Browser is vulnerable to Stored Cross-Site Scripting via text/template branding injection

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the SPA index page in File Browser is vulnerable to Stored Cross-Site Scripting XSS via admin-controlled branding fields. An admin who...

6.9CVSS5.8AI score0.0003EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/02/28 9:47 p.m.2 views

CVE-2026-28561

wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows administrators to inject persistent JavaScript via forum description fields echoed without output escaping across multiple theme template files. On multisite installations or with a compromised admin account,...

5.5CVSS5.8AI score0.00044EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologiesadded 2026/02/28 12:0 a.m.5 views

PT-2026-22482

Name of the Vulnerable Software and Affected Versions wpForo Forum version 2.4.14 Description The software contains a stored cross-site scripting issue. This allows administrators to inject persistent JavaScript through forum description fields. The injected script executes when any user views th...

5.5CVSS5.8AI score0.00044EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2026/02/20 12:0 a.m.3 views

PT-2026-21341

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 21.0 AVideo version 18.0 Description AVideo allows Markdown in video comments and uses Parsedown v1.7.4 without Safe Mode enabled. Markdown links are not sufficiently sanitized, allowing javascript: URIs to be rendered...

5.1CVSS5.3AI score0.00013EPSS
Exploits0References11
RedhatCVE
RedhatCVEadded 2026/02/11 7:30 a.m.1 views

CVE-2026-2099

AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load...

5.4CVSS5.5AI score0.00053EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/02/10 7:9 a.m.3 views

CVE-2026-2099 Flowring|AgentFlow - Stored Cross-Site Scripting

AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load...

5.4CVSS5.5AI score0.00053EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/02/10 12:0 a.m.3 views

PT-2026-7239

AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load...

5.4CVSS5.5AI score0.00053EPSS
Exploits0References3
CNNVD
CNNVDadded 2026/02/10 12:0 a.m.2 views

Flowring Agentflow 跨站脚本漏洞

Flowring Agentflow is an intelligent process automation RPA platform developed by Flowring Corporation in China. Flowring Agentflow has a cross-site scripting vulnerability. This vulnerability stems from stored-xss scripts, which may allow authenticated remote attackers to inject persistent...

5.4CVSS5.7AI score0.00053EPSS
Exploits0References2
EUVD
EUVDadded 2026/02/04 12:0 a.m.1 views

EUVD-2025-206812

A stored cross-site scripting XSS vulnerability exists in the web management interface of the PPC Belden ONT 2K05X router running firmware v1.1.9206L. The Common Gateway Interface CGI component improperly handles user-supplied input, allowing a remote, unauthenticated attacker to inject arbitrary...

6.1CVSS5.2AI score0.00004EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/01/09 10:54 a.m.7 views

CVE-2022-23051

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svgfile' parameter...

5.4CVSS6.8AI score0.00221EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/09 10:53 a.m.4 views

CVE-2022-23045

PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent JavaScript code inside the "Site title" parameter while updating the site settings. The "Site title" setting is injected in several locations which triggers the XSS...

4.8CVSS6.6AI score0.00328EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/12/24 7:36 p.m.2 views

CVE-2021-47732

CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files tabs, enabling persistent script injection...

6.1CVSS6AI score0.0001EPSS
Exploits1References1
Rows per page
Query Builder