CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

343 matches found

ATTACKERKB•added 2026/01/29 2:28 p.m.•3 views

CVE-2020-37018

GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through message subjects. Attackers can craft messages with embedded JavaScript that will execute when an administrator reads the message, potentially stealing...

6.4CVSS5.9AI score0.0024EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/01/28 12:0 a.m.•6 views

PT-2026-5104

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...

5.1CVSS5.9AI score0.00173EPSS

Exploits0References2

EUVD•added 2026/01/26 5:42 p.m.•3 views

EUVD-2020-30847

Grav CMS 1.6.30 with Admin Plugin 1.9.18 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the page title field. Attackers can create a new page with a malicious script in the title, which will be executed when the pag...

6.4CVSS5.8AI score0.00567EPSS

Exploits0References3

Positive Technologies•added 2026/01/26 12:0 a.m.•3 views

PT-2026-4779

6.4CVSS5.8AI score0.00567EPSS

Exploits0References4

RedhatCVE•added 2026/01/16 9:31 p.m.•5 views

CVE-2021-47839

A flaw was found in Marky. This persistent cross-site scripting XSS vulnerability allows attackers to inject malicious scripts into markdown files. Attackers can upload specially crafted markdown files containing JavaScript code. When these files are opened, the embedded scripts execute,...

7.2CVSS6.4AI score0.00409EPSS

Exploits0References7

NVD•added 2026/01/16 7:16 p.m.•4 views

CVE-2021-47839

Marky 0.0.1 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code executio...

7.2CVSS0.00409EPSS

Exploits0References7

CVE•added 2026/01/16 7:9 p.m.•8 views

CVE-2021-47838

CVE-2021-47838 affects Markright 1.0 with a persistent cross-site scripting vulnerability in markdown handling. Attackers can upload specially crafted markdown files that execute arbitrary JavaScript when opened, potentially enabling remote code execution on the victim’s system. The provided docu...

7.2CVSS7.3AI score0.00409EPSS

Exploits0References4

Positive Technologies•added 2026/01/16 12:0 a.m.•5 views

PT-2026-3292

Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution...

7.2CVSS7.4AI score0.00409EPSS

Exploits0References5

Positive Technologies•added 2026/01/16 12:0 a.m.•4 views

PT-2026-3290

Freeter 1.2.1 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads in custom widget titles and files. Attackers can craft malicious files with embedded scripts that execute when victims interact with the application, potentially enabling remot...

7.2CVSS7.4AI score0.00409EPSS

Exploits0References5

Positive Technologies•added 2026/01/16 12:0 a.m.•4 views

PT-2026-3289

Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into category titles. Attackers can create a new contact category with a script payload that will execute when the page is viewed by other users...

6.4CVSS6.2AI score0.00248EPSS

Exploits0References4

Cvelist•added 2026/01/13 10:52 p.m.•19 views

CVE-2022-50937 Ametys CMS v4.4.1 - Cross Site Scripting (XSS)

Ametys CMS v4.4.1 contains a persistent cross-site scripting vulnerability in the link directory's input fields for external links. Attackers can inject malicious script code in link text and descriptions to execute persistent attacks that compromise user sessions and manipulate application modul...

6.1CVSS0.00262EPSS

Exploits1References4

Vulnrichment•added 2026/01/13 10:52 p.m.•3 views

CVE-2022-50937 Ametys CMS v4.4.1 - Cross Site Scripting (XSS)

6.1CVSS6.1AI score0.00262EPSS

Exploits1References4

Positive Technologies•added 2026/01/13 12:0 a.m.•6 views

PT-2026-2413

Name of the Vulnerable Software and Affected Versions Ametys CMS version 4.4.1 Description Ametys CMS version 4.4.1 has a persistent cross-site scripting issue in the link directory’s input fields for external links. An attacker can inject malicious script code into the link text and descriptions...

6.1CVSS6.7AI score0.00262EPSS

Exploits1References8

RedhatCVE•added 2026/01/09 10:10 a.m.•7 views

CVE-2019-11318

Zimbra Collaboration before 8.8.12 Patch 1 has persistent XSS...

5.4CVSS7AI score0.01106EPSS

Exploits0References1

Positive Technologies•added 2025/12/23 12:0 a.m.•6 views

PT-2025-52838

Name of the Vulnerable Software and Affected Versions CSZ CMS version 1.2.7 Description The software contains a persistent cross-site scripting issue that permits unauthorized users to inject malicious JavaScript into private messages. An attacker can send messages containing script payloads with...

6.4CVSS6AI score0.00249EPSS

Exploits1References6

CNNVD•added 2025/12/18 12:0 a.m.•3 views

CamaleonCMS 跨站脚本漏洞

CamaleonCMS is an advanced RubyonRails-based dynamic content management system CMS from the CamaleonCMS team. A cross-site scripting vulnerability exists in CamaleonCMS version 2.7.4, which stems from a persistent cross-site scripting vulnerability that could lead to the execution of arbitrary...

5.1CVSS6.2AI score0.00205EPSS

Exploits1References3

RedhatCVE•added 2025/12/12 10:17 p.m.•4 views

CVE-2024-58292

XMB Forum 1.9.12.06 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript into templates and front page settings. Attackers can insert XSS payloads in footer templates and news ticker fields, enabling script execution for...

5.3CVSS5.7AI score0.0036EPSS

Exploits0References1

Github Security Blog•added 2025/11/24 10:13 p.m.•7 views

Formwork CMS has Stored Cross-Site Scripting Vulnerebility in Blog Tags

Summary Inserting unsanitized data into the blog tag field in Formwork CMS results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controlled script executed in their browser. Because the issue is...

6.5CVSS5.6AI score0.00174EPSS

Exploits1References5Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•8 views

EUVD-2019-5205

Malware in sbrugna...

5.4CVSS5.6AI score0.00521EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2010-5295

Malware in sbrugna...

6.1CVSS6.3AI score0.00836EPSS

Exploits0References3