CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

46 matches found

Cvelist•added 2025/11/12 7:30 a.m.•4 views

CVE-2025-12869 aEnrich｜eHRD - Stored Cross-Site Scripting

The a+HRD developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing remote attackers with administrator privileges to inject persistent JavaScript codes that are executed in users' browsers upon page load...

4.8CVSS0.0003EPSS

Exploits0References2

CVE•added 2025/11/12 7:30 a.m.•6 views

CVE-2025-12869

CVE-2025-12869 affects the a+HRD product by aEnrich. The issue is a Stored Cross-Site Scripting vulnerability that allows remote attackers with administrator privileges to inject persistent JavaScript executed in users’ browsers on page load. Documents consistently describe this as stored XSS in ...

4.8CVSS5.5AI score0.0003EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2025/11/12 12:0 a.m.•3 views

PT-2025-46571

Name of the Vulnerable Software and Affected Versions a+HRD affected versions not specified Description The software contains a Stored Cross-Site Scripting issue. This allows remote attackers with administrator privileges to inject persistent JavaScript code. This code is executed in users'...

4.8CVSS6.1AI score0.0003EPSS

Exploits0References5

Hacker One•added 2025/10/30 2:36 a.m.•7 views

Revive Adserver: Stored-XSS in Banner Name field

Version: ==revive-adserver 6.0.0== Summary: A stored Cross-Site Scripting XSS vulnerability exists in the Banner → Name field. An attacker can create or edit a banner with a malicious payload in the Name field; that payload is stored and later executed in the browser of users who were added to th...

5.4CVSS5.2AI score0.00016EPSS

Exploits1

Veracode•added 2025/10/17 7:30 a.m.•2 views

Stored Cross-Site Scripting (XSS)

decap-cms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization and escaping of user-controlled input fields such as title, description, tags, and body in the admin preview pane, which allows an attacker with low-privilege access to inject...

6.1CVSS5.8AI score0.00018EPSS

Exploits2References2Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2008-3608

Malware in sbrugna...

4.3CVSS6.2AI score0.00389EPSS

Exploits0References8

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-32296

Malicious code in bioql PyPI...

5.9CVSS6.6AI score0.00066EPSS

Exploits1References2

NVD•added 2025/10/03 2:15 p.m.•3 views

CVE-2025-60447

A stored Cross-Site Scripting XSS vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists in the email template configuration component located at /admin/setting.php?action=mail, which allows administrators to input HTML code that is not properly sanitized, leading to...

5.9CVSS0.00066EPSS

Exploits1References1

Cvelist•added 2025/06/02 4:44 p.m.•23 views

CVE-2024-3509 Stored Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products via Rich Text Editor

A stored cross-site scripting XSS vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich Text Editor within the registry section. To exploit this vulnerability, a malicious actor must have a valid user account with administrative...

4.3CVSS0.00081EPSS

Exploits0References1

Vulnrichment•added 2025/06/02 4:44 p.m.•10 views

CVE-2024-3509 Stored Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products via Rich Text Editor

4.3CVSS4.6AI score0.00081EPSS

Exploits0References1

RedhatCVE•added 2025/02/08 6:49 a.m.•6 views

CVE-2024-57428

A stored cross-site scripting XSS vulnerability in PHPJabbers Cinema Booking System v2.0 exists due to unsanitized input in file upload fields eventimg, seatmaps and seat number configurations numbernewX in pjActionCreate. Attackers can inject persistent JavaScript, leading to phishing, malware...

9.3CVSS5.5AI score0.02013EPSS

Exploits4References1

NVD•added 2025/02/06 5:15 p.m.•11 views

CVE-2024-57428

9.3CVSS0.02013EPSS

Exploits4References2

Vulnrichment•added 2025/02/06 12:0 a.m.•8 views

CVE-2024-57428

5.6AI score0.02013EPSS

Exploits4References2

Packet Storm•added 2023/04/10 12:0 a.m.•276 views

Palo Alto Cortex XSOAR 6.5.0 Cross Site Scripting

Exploit Title: Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting XSS Exploit Author: omurugur Vendor Homepage: https://security.paloaltonetworks.com/CVE-2022-0020 Version: 6.5.0 - 6.2.0 - 6.1.0 Tested on: relevant os CVE : CVE-2022-0020 Author Web: https://www.justsecnow.com Author Socia...

6.8CVSS5.7AI score0.00999EPSS

Exploits3

Exploit DB•added 2023/04/08 12:0 a.m.•252 views

Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting (XSS)

6.8CVSS5.7AI score0.00999EPSS

Exploits3

NVD•added 2022/03/03 10:15 p.m.•8 views

CVE-2022-25220

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding...

4.8CVSS0.00305EPSS

Exploits1References2

NVD•added 2022/03/03 10:15 p.m.•11 views

CVE-2022-23051

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svgfile' parameter...

5.4CVSS0.00221EPSS

Exploits1References2

Prion•added 2022/03/03 10:15 p.m.•13 views

Code injection

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding...

3.5CVSS5.1AI score0.00305EPSS

Exploits1References2Affected Software1

Cvelist•added 2022/03/03 9:55 p.m.•10 views

CVE-2022-23051

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svgfile' parameter...

5.8AI score0.00221EPSS

Exploits1References2

CNNVD•added 2022/03/03 12:0 a.m.•2 views

PeTeReport 跨站脚本漏洞

PeTeReport is an open source application vulnerability reporting tool. Designed to assist penetration testing/red team efforts by simplifying the task of report writing and generation, PeTeReport version 0.5 contains a cross-site scripting vulnerability that stems from the software's lack of...

4.8CVSS5.3AI score0.00305EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by