CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3715 matches found

EUVD•added 2026/01/30 4:16 p.m.•2 views

EUVD-2020-30960

Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user...

6.4CVSS5.9AI score0.00081EPSS

Exploits0References5

ATTACKERKB•added 2026/01/30 4:16 p.m.•2 views

CVE-2020-37014

6.4CVSS5.9AI score0.00081EPSS

Exploits0References5

Cvelist•added 2026/01/28 12:0 a.m.•23 views

CVE-2025-70336

A Stored cross-site scripting XSS vulnerability in 'Create New Live Item' in PodcastGenerator 3.2.9 allows remote attackers to inject arbitrary script or HTML via the 'TITLE', 'SHORT DESCRIPTION' and 'LONG DESCRIPTION' parameters. The saved payload gets executed on 'View All Live Items' and 'Live...

0.00066EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 12:52 p.m.•3 views

CVE-2014-4017

Cross-site scripting XSS vulnerability in the Conversion Ninja plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.php...

4.3CVSS6AI score0.00174EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 12:50 p.m.•6 views

CVE-2014-4946

Multiple cross-site scripting XSS vulnerabilities in Horde Internet Mail Program IMP before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via 1 unspecified flags or 2 a mailbox name in the dynamic mailbox view...

4.3CVSS5.9AI score0.00475EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:47 p.m.•4 views

CVE-2005-1443

Multiple cross-site scripting XSS vulnerabilities in index.php for Invision Power Board IPB 2.0.3 and 2.1 Alpha 2 allows remote attackers to inject arbitrary web script or HTML via the 1 act, 2 Members, 3 calendar, or 4 HID parameters...

6.8CVSS6AI score0.01039EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 12:47 p.m.•5 views

CVE-2005-1308

SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML...

7.5CVSS6.8AI score0.02941EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:41 p.m.•5 views

CVE-2023-25347

A stored cross-site scripting XSS vulnerability in ChurchCRM 4.5.3, allows remote attackers to inject arbitrary web script or HTML via input fields. These input fields are located in the "Title" Input Field in EventEditor.php...

5.4CVSS5.4AI score0.00446EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 12:11 p.m.•4 views

CVE-2018-18674

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board tail contents" parameter, aka the adm/boardformupdate.php bocontenttail parameter...

6.1CVSS6AI score0.00664EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:10 p.m.•4 views

CVE-2018-18678

GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board group extra contents" parameter, aka the adm/boardgroupformupdate.php gr110 parameter...

6.1CVSS6AI score0.00664EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:9 p.m.•4 views

CVE-2018-18671

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board head contents" parameter, aka the adm/boardformupdate.php bomobilecontenthead parameter...

6.1CVSS6AI score0.00363EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:53 a.m.•3 views

CVE-2009-4039

Cross-site scripting XSS vulnerability in Piwigo before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.9AI score0.0247EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:53 a.m.•2 views

CVE-2009-4398

Cross-site scripting XSS vulnerability in the Parish of the Holy Spirit Religious Art Gallery hsreligiousartgallery extension 0.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.00263EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:53 a.m.•3 views

CVE-2009-4839

Multiple cross-site scripting XSS vulnerabilities in Basic Analysis and Security Engine BASE, possibly 1.4.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 admin/baseroleadmin.php, 2 admin/baseuseradmin.php, 3 baseconfcontents.php, 4...

4.3CVSS6AI score0.00329EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:52 a.m.•7 views

CVE-2009-4518

Cross-site scripting XSS vulnerability in the Insert Node module 5.x before 5.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via an inserted node...

4.3CVSS6AI score0.00319EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:52 a.m.•3 views

CVE-2009-4859

Multiple cross-site scripting XSS vulnerabilities in Online Work Order Suite OWOS Lite Edition 3.10 allow remote attackers to inject arbitrary web script or HTML via the show parameter to 1 default.asp and 2 report.asp, and the 3 go parameter to login.asp...

4.3CVSS6AI score0.00263EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 11:52 a.m.•4 views

CVE-2009-4688

Multiple cross-site scripting XSS vulnerabilities in index.php in PHP Shopping Cart Selling Website Script allow remote attackers to inject arbitrary web script or HTML via the 1 txtkeywords and 2 cid parameters...

4.3CVSS6.1AI score0.00863EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 11:51 a.m.•6 views

CVE-2009-4989

Cross-site scripting XSS vulnerability in index.php in AJ Auction Pro OOPD 3.0 allows remote attackers to inject arbitrary web script or HTML via the txtkeyword parameter in a search action...

4.3CVSS5.9AI score0.02646EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 11:51 a.m.•4 views

CVE-2009-4972

Cross-site scripting XSS vulnerability in index.php aka the log in page in SimpleID before 0.6.5 allows remote attackers to inject arbitrary web script or HTML via the s parameter...

4.3CVSS5.9AI score0.00329EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:50 a.m.•6 views

CVE-2009-4852

Multiple cross-site scripting XSS vulnerabilities in SemanticScuttle before 0.94.1 allow remote attackers to inject arbitrary web script or HTML via the sort parameter to index.php, and other unspecified vectors, a different issue than CVE-2008-6113. NOTE: some of these details are obtained from...

4.3CVSS6AI score0.00359EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by