Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

532 matches found

Cvelist
Cvelistadded 3 days ago32 views

CVE-2026-7299 CVE-2026-7299

Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other...

6.3CVSS0.00041EPSS
Exploits2References5
Vulnrichment
Vulnrichmentadded 2026/05/27 5:4 p.m.8 views

CVE-2026-46426 Budibase: Unrestricted Upload of File with Dangerous Type

Budibase is an open-source low-code platform. Prior to 3.38.2, the file upload endpoint POST /api/attachments/process does not enforce active-content restrictions for authenticated users. The checks for dangerous file extensions are conditionally wrapped inside if isPublicUser or if isPublicUser ...

7.6CVSS5.8AI score0.00033EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/16 3:25 p.m.31 views

CVE-2020-37233 WordPress Plugin Buddypress 6.2.0 Persistent Cross-Site Scripting

WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers with moderator privileges to inject malicious script code through the figure parameter in wp:html blocks. Attackers can inject iframe elements with event handlers like...

6.4CVSS0.00032EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/16 3:25 p.m.4 views

EUVD-2020-31235

WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers with moderator privileges to inject malicious script code through the figure parameter in wp:html blocks. Attackers can inject iframe elements with event handlers like...

6.4CVSS5.8AI score0.00032EPSS
Exploits0References3
CVE
CVEadded 2026/05/15 6:36 p.m.8 views

CVE-2021-47963

CVE-2021-47963 affects Anote 1.0 and describes a persistent cross-site scripting vulnerability in which attackers can inject malicious payloads into markdown files stored by the application. When a crafted markdown file containing embedded JavaScript is opened, it can execute system commands on t...

7.2CVSS6.5AI score0.00027EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/15 6:36 p.m.6 views

CVE-2021-47962 Savsoft Quiz 5.0 Persistent Cross-Site Scripting via User Settings

Savsoft Quiz 5.0 contains a persistent cross-site scripting vulnerability in the user account settings page that allows authenticated attackers to inject malicious HTML and JavaScript code. Attackers can inject script payloads into user profile fields at the edituser endpoint, which execute in th...

6.4CVSS5.7AI score0.00034EPSS
Exploits0References4
NVD
NVDadded 2026/05/13 4:16 p.m.7 views

CVE-2020-37222

Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoint. Attackers can send POST requests to /web/?c=bbs&a=reply with HTML and JavaScript payloads in t...

7.2CVSS0.001EPSS
Exploits0References4
CVE
CVEadded 2026/05/13 2:22 p.m.8 views

CVE-2020-37225

Powie’s WHOIS Domain Check 0.9.31 has a persistent cross-site scripting (XSS) vulnerability in pwhois_settings.php, exploitable by authenticated attackers via unsanitized input in plugin settings (textarea/input fields). This can execute JavaScript in the admin context and may enable privilege es...

6.4CVSS5.9AI score0.00036EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/05/13 2:22 p.m.24 views

CVE-2020-37225 Powie's WHOIS Domain Check 0.9.31 Persistent Cross-Site Scripting

Powie's WHOIS Domain Check 0.9.31 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by exploiting unsanitized input fields in plugin settings. Attackers can submit malicious payloads through textarea and input elements in t...

6.4CVSS0.00036EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/05/13 2:22 p.m.6 views

CVE-2020-37222 Kuicms Php EE 2.0 Persistent Cross-Site Scripting via bbs reply

Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoint. Attackers can send POST requests to /web/?c=bbs&a=reply with HTML and JavaScript payloads in t...

7.2CVSS5.9AI score0.001EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/10 12:52 p.m.26 views

CVE-2021-47950 Advanced Guestbook 2.4.4 Persistent XSS via Smilies

Advanced Guestbook 2.4.4 contains a persistent cross-site scripting vulnerability in the smilies administration interface that allows authenticated attackers to inject malicious scripts by manipulating the semotion parameter. Attackers can submit POST requests to admin.php with JavaScript code in...

6.4CVSS0.00032EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/04/29 7:24 p.m.0 views

CVE-2018-25309 MyBB Recent threads 17.0 Persistent Cross-Site Scripting

MyBB Recent threads 17.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating threads with crafted subject lines. Attackers can create threads with script tags in the subject parameter to execute arbitrary JavaScript in the browser...

7.2CVSS5.3AI score0.00028EPSS
Exploits1References3
NVD
NVDadded 2026/04/04 2:16 p.m.2 views

CVE-2018-25248

MyBB Downloads Plugin 2.0.3 contains a persistent cross-site scripting vulnerability that allows regular members to inject malicious scripts through the download title field. Attackers can submit a new download with HTML/JavaScript code in the title parameter, which executes when administrators...

7.2CVSS0.00031EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2026/03/15 6:34 p.m.0 views

CVE-2015-20113 RealtyScript 4.0.2 Multiple Cross-Site Request Forgery and Persistent Cross-Site Scripting Vulnerabilities

Next Click Ventures RealtyScript 4.0.2 contains cross-site request forgery and persistent cross-site scripting vulnerabilities that allow attackers to perform administrative actions and inject malicious scripts. Attackers can craft malicious web pages that execute unauthorized actions when...

6.9CVSS5.7AI score0.00039EPSS
Exploits2References3
CVE
CVEadded 2026/03/15 6:34 p.m.5 views

CVE-2013-20006

Qool CMS (notably version 2.0 RC2 per ZSL report) contains multiple persistent cross-site scripting vulnerabilities in administrative scripts. POST parameters such as title, name, email, username, link, and task are not properly sanitized before storage and return, allowing injected JavaScript to...

8.7CVSS5.9AI score0.00069EPSS
Exploits1References3
OSV
OSVadded 2026/02/11 3:30 p.m.2 views

GHSA-9278-6HCJ-2P4J Kimai 2 vulnerable to persistent cross-site scripting in the timesheet descriptions

Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into timesheet descriptions. Attackers can insert SVG-based XSS payloads in the description field to execute arbitrary JavaScript when the page is loaded and viewed by other users...

6.4CVSS5.5AI score0.0001EPSS
Exploits1References7
NVD
NVDadded 2026/02/06 5:16 p.m.2 views

CVE-2019-25294

html5snmp 1.11 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through the 'Remark' parameter in addrouteroperation.php. Attackers can craft a POST request with a script payload in the Remark field to execute arbitrary JavaScript in victi...

6.1CVSS0.00033EPSS
Exploits1References3
CVE
CVEadded 2026/02/06 4:41 p.m.7 views

CVE-2019-25294

The vulnerability (CVE-2019-25294) affects html5_snmp 1.11. A persistent cross-site scripting flaw exists in add_router_operation.php via the Remark parameter. An attacker can send a crafted POST request containing a script payload in Remark, causing arbitrary JavaScript to execute in a victim’s ...

6.4CVSS5.4AI score0.00033EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2026/02/03 10:9 p.m.22 views

CVE-2020-37087 Easy Transfer 1.7 for iOS - Persistent Cross-Site Scripting

Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts by manipulating the oldPath, newPath, and path parameters in Create Folder and Move/Edit functions. Attackers can exploit improper input...

5.1CVSS0.00226EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/02/03 4:52 p.m.28 views

CVE-2020-37103 DotNetNuke 9.5 - Persistent Cross-Site Scripting

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially...

6.4CVSS0.00061EPSS
Exploits1References4
Rows per page
Query Builder