CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

32426 matches found

GithubExploit•added 2026/05/28 8:57 a.m.•66 views

portswigger-xss-labs

PortSwigger Web Security Academy — XSS Labs All 30 Completed...

5.8AI score

Exploits0

Cvelist•added 2026/05/28 8:25 a.m.•29 views

CVE-2024-47097 Reflected Cross-Site Scripting in Follet School Solutions Destiny

Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the site parameter of handleloginform.do...

5.1CVSS0.00319EPSS

Exploits0References1

Vulnrichment•added 2026/05/28 8:25 a.m.•9 views

CVE-2024-47097 Reflected Cross-Site Scripting in Follet School Solutions Destiny

Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the site parameter of handleloginform.do...

5.1CVSS6AI score0.00319EPSS

Exploits0References1

CVE•added 2026/05/28 8:25 a.m.•15 views

CVE-2024-47097

Follet Destiny (Destiny Library Manager) by Follett School Solutions is affected by CVE-2024-47097. The vulnerability is a reflected Cross-Site Scripting (XSS) in which a remote attacker can run arbitrary client-side code via the site parameter of handleloginform.do, affecting versions before 22....

5.1CVSS6AI score0.00319EPSS

Exploits0References1

Vulnrichment•added 2026/05/28 8:25 a.m.•8 views

CVE-2024-47096 Reflected Cross-Site Scripting in Follet School Solutions Destiny

Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the showSupportExpiredMessage parameter of handleloginform.do...

5.1CVSS6AI score0.00319EPSS

Exploits0References1

CVE•added 2026/05/28 6:45 a.m.•16 views

CVE-2026-7660

The CVE concerns the Easy Updates Manager WordPress plugin (up to version 9.0.20). It is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter due to insufficient input sanitization and output escaping in the pagination() function, enabling injected scripts to run in pages when a...

6.1CVSS6AI score0.00205EPSS

Exploits0References7

Vulnrichment•added 2026/05/28 6:45 a.m.•8 views

CVE-2026-7660 Easy Updates Manager <= 9.0.20 - Reflected Cross-Site Scripting via 'paged' Parameter

The Easy Updates Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter in versions up to, and including, 9.0.20 This is due to insufficient input sanitization and output escaping in the pagination function. This makes it possible for attackers to...

6.1CVSS6AI score0.00205EPSS

Exploits0References7

EUVD•added 2026/05/28 6:45 a.m.•8 views

EUVD-2026-32737

6.1CVSS6AI score0.00205EPSS

Exploits0References7

Packet Storm•added 2026/05/28 12:0 a.m.•65 views

📄 WebFileSys 2.31.1 Cross Site Scripting

WebFileSys version 2.31.1 suffers from multiple cross site scripting vulnerabilities. CVE-2026-29971 An attacker can execute arbitrary JavaScript in the victim's browser, potentially leading to session hijacking or privilege escalation. CVE-2026-29971 Vulnerability Reflected Cross-Site Scripting...

6.1CVSS5.3AI score0.00299EPSS

Exploits3

NVD•added 2026/05/27 11:16 a.m.•15 views

CVE-2026-42754

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in phbernard Favicon favicon-by-realfavicongenerator allows Reflected XSS.This issue affects Favicon: from n/a through = 1.3.46...

7.1CVSS0.00203EPSS

Exploits0References1

NVD•added 2026/05/27 11:16 a.m.•12 views

CVE-2026-42734

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dylan Kuhn Geo Mashup geo-mashup allows Reflected XSS.This issue affects Geo Mashup: from n/a through = 1.13.19...

7.1CVSS0.0018EPSS

Exploits0References1

NVD•added 2026/05/27 11:16 a.m.•7 views

CVE-2026-3349

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter on the redirect page in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

6.1CVSS0.00256EPSS

Exploits0References3

Vulnrichment•added 2026/05/27 9:49 a.m.•11 views

CVE-2026-42754 WordPress Favicon plugin <= 1.3.46 - Cross Site Scripting (XSS) vulnerability

7.1CVSS5.8AI score0.00203EPSS

Exploits0References1

Vulnrichment•added 2026/05/27 9:49 a.m.•8 views

CVE-2026-42734 WordPress Geo Mashup plugin <= 1.13.19 - Cross Site Scripting (XSS) vulnerability

7.1CVSS5.8AI score0.0018EPSS

Exploits0References1

ATTACKERKB•added 2026/05/27 9:49 a.m.•10 views

CVE-2026-42734

7.1CVSS5.8AI score0.0018EPSS

Exploits0References2

Cvelist•added 2026/05/27 9:49 a.m.•29 views

CVE-2026-42734 WordPress Geo Mashup plugin <= 1.13.19 - Cross Site Scripting (XSS) vulnerability

7.1CVSS0.0018EPSS

Exploits0References1

ATTACKERKB•added 2026/05/27 9:27 a.m.•7 views

CVE-2026-3349

6.1CVSS6AI score0.00256EPSS

Exploits0References4

Vulnrichment•added 2026/05/27 9:27 a.m.•10 views

CVE-2026-3349 MinhNhut Link Gateway <= 3.6.1 - Reflected Cross-Site Scripting via 'url' Parameter

6.1CVSS6AI score0.00256EPSS

Exploits0References3

CVE•added 2026/05/27 9:27 a.m.•16 views

CVE-2026-3349

The CVE describes a vulnerability in the MinhNhut Link Gateway plugin for WordPress: a Reflected Cross-Site Scripting issue exploitable via the url parameter on the redirect page, affecting all versions up to and including 3.6.1. The root cause is insufficient input sanitization and output escapi...

6.1CVSS6AI score0.00256EPSS

Exploits0References3

NVD•added 2026/05/27 9:16 a.m.•11 views

CVE-2025-52747

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jthemes Themebox - Digital Products Ecommerce allows Reflected XSS. This issue affects Themebox - Digital Products Ecommerce: from n/a through 1.4.2...

7.1CVSS0.0018EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by