Lucene search
K

3779 matches found

Cvelist
Cvelist
added 2026/02/01 12:15 p.m.31 views

CVE-2021-47917 Simple CMS 2.1 Persistent Cross-Site Scripting via User Input Parameters

Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading...

6.4CVSS0.00289EPSS
Exploits1References3
EUVD
EUVD
added 2026/02/01 12:15 p.m.5 views

EUVD-2021-34757

PHP Melody version 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.php submitted parameter that allows remote attackers to inject malicious script code. Attackers can exploit this vulnerability to execute arbitrary JavaScript, potentially leading to session hijackin...

6.4CVSS6AI score0.00303EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/01 12:0 a.m.7 views

PT-2026-5568

BootCommerce 3.2.1 contains persistent input validation vulnerabilities that allow remote attackers to inject malicious script code through guest order checkout input fields. Attackers can exploit unvalidated input parameters to execute arbitrary scripts, potentially leading to session hijacking,...

6.4CVSS6.2AI score0.00301EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/01 12:0 a.m.7 views

PT-2026-5552

Easy Cart Shopping Cart 2021 contains a non-persistent cross-site scripting vulnerability in the search module's keyword parameter. Remote attackers can inject malicious script code through the search input to compromise user sessions and manipulate application content...

6.4CVSS5.9AI score0.00305EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/01 12:0 a.m.7 views

PHPSUGAR PHP Melody 跨站脚本漏洞

PHPSUGAR PHP Melody is a content management system developed by PHPSUGAR. The PHPSUGAR PHP Melody 3.0 version has a cross-site scripting vulnerability. This vulnerability stems from the submitted parameter in the edit-video.php file, which has a persistent cross-site scripting vulnerability. This...

6.4CVSS5.7AI score0.00303EPSS
Exploits1References4
NVD
NVD
added 2026/01/30 5:16 p.m.5 views

CVE-2020-37019

Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim...

6.4CVSS0.00398EPSS
Exploits0References5
EUVD
EUVD
added 2026/01/30 4:16 p.m.7 views

EUVD-2020-30960

Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user...

6.4CVSS5.9AI score0.00311EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/01/30 4:16 p.m.2 views

CVE-2020-37014

Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user...

6.4CVSS5.9AI score0.00311EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/28 12:0 a.m.26 views

CVE-2025-70336

A Stored cross-site scripting XSS vulnerability in 'Create New Live Item' in PodcastGenerator 3.2.9 allows remote attackers to inject arbitrary script or HTML via the 'TITLE', 'SHORT DESCRIPTION' and 'LONG DESCRIPTION' parameters. The saved payload gets executed on 'View All Live Items' and 'Live...

0.00176EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:52 p.m.8 views

CVE-2014-4017

Cross-site scripting XSS vulnerability in the Conversion Ninja plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.php...

4.3CVSS6AI score0.01636EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:50 p.m.9 views

CVE-2014-4946

Multiple cross-site scripting XSS vulnerabilities in Horde Internet Mail Program IMP before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via 1 unspecified flags or 2 a mailbox name in the dynamic mailbox view...

4.3CVSS5.9AI score0.01312EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:47 p.m.16 views

CVE-2005-1443

Multiple cross-site scripting XSS vulnerabilities in index.php for Invision Power Board IPB 2.0.3 and 2.1 Alpha 2 allows remote attackers to inject arbitrary web script or HTML via the 1 act, 2 Members, 3 calendar, or 4 HID parameters...

6.8CVSS6AI score0.01278EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:47 p.m.14 views

CVE-2005-1308

SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML...

7.5CVSS6.8AI score0.02284EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:41 p.m.7 views

CVE-2023-25347

A stored cross-site scripting XSS vulnerability in ChurchCRM 4.5.3, allows remote attackers to inject arbitrary web script or HTML via input fields. These input fields are located in the "Title" Input Field in EventEditor.php...

5.4CVSS5.4AI score0.00622EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:11 p.m.6 views

CVE-2018-18674

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board tail contents" parameter, aka the adm/boardformupdate.php bocontenttail parameter...

6.1CVSS6AI score0.01161EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:10 p.m.6 views

CVE-2018-18678

GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board group extra contents" parameter, aka the adm/boardgroupformupdate.php gr110 parameter...

6.1CVSS6AI score0.0113EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:9 p.m.6 views

CVE-2018-18671

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board head contents" parameter, aka the adm/boardformupdate.php bomobilecontenthead parameter...

6.1CVSS6AI score0.01521EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:53 a.m.6 views

CVE-2009-4039

Cross-site scripting XSS vulnerability in Piwigo before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.9AI score0.01913EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:53 a.m.5 views

CVE-2009-4398

Cross-site scripting XSS vulnerability in the Parish of the Holy Spirit Religious Art Gallery hsreligiousartgallery extension 0.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.00855EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:53 a.m.5 views

CVE-2009-4839

Multiple cross-site scripting XSS vulnerabilities in Basic Analysis and Security Engine BASE, possibly 1.4.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 admin/baseroleadmin.php, 2 admin/baseuseradmin.php, 3 baseconfcontents.php, 4...

4.3CVSS6AI score0.01083EPSS
Exploits0References1
Rows per page
Query Builder