CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6714 matches found

RedhatCVE•added 2025/05/23 12:15 a.m.•10 views

CVE-2022-44954

webtareas 2.4p5 was discovered to contain a cross-site scripting XSS vulnerability in the component /contacts/listcontacts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name field after clicking "Add"...

5.4CVSS6.1AI score0.00415EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 12:13 a.m.•14 views

CVE-2022-27441

A stored cross-site scripting XSS vulnerability in TPCMS v3.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Phone text box...

4.8CVSS5.6AI score0.00423EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 12:6 a.m.•4 views

CVE-2022-25575

Multiple cross-site scripting XSS vulnerabilities in Parking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via crafted payloads injected into the user name, password, and verification code text boxes...

6.1CVSS6.2AI score0.00631EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 12:6 a.m.•4 views

CVE-2022-25464

A stored cross-site scripting XSS vulnerability in the component /admin/contenttemp of DoraCMS v2.1.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

4.8CVSS5.6AI score0.00435EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 12:2 a.m.•6 views

CVE-2022-43079

A cross-site scripting XSS vulnerability in /admin/add-fee.php of Train Scheduler App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter...

6.1CVSS5.8AI score0.00473EPSS

Exploits1References1

Cvelist•added 2025/05/23 12:0 a.m.•10 views

CVE-2024-51108

Multiple stored cross-site scripting XSS vulnerabilities in the component /admin/card-bwdates-report.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the fromdate and todate...

0.00209EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 11:59 p.m.•11 views

CVE-2022-43660

Improper neutralization of Server-Side Includes SSW within a web page in Movable Type series allows a remote authenticated attacker with Privilege of 'Manage of Content Types' may execute an arbitrary Perl script and/or an arbitrary OS command. Affected products/versions are as follows: Movable...

7.2CVSS7AI score0.00972EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 11:54 p.m.•6 views

CVE-2022-23391

A cross-site scripting XSS vulnerability in Pybbs v6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Search box...

6.1CVSS5.7AI score0.00611EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 11:49 p.m.•3 views

CVE-2022-43119

A cross-site scripting XSS vulnerability in Clansphere CMS v2011.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username parameter...

6.1CVSS5.8AI score0.00473EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 11:39 p.m.•3 views

CVE-2022-21158

A stored cross-site scripting vulnerability in marktext versions prior to v0.17.0 due to improper handling of the link with javascript: scheme inside the document may allow an attacker to execute an arbitrary script on the PC of the user using marktext...

5.4CVSS6.3AI score0.00514EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 11:25 p.m.•4 views

CVE-2022-39800

SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the network. On successful exploitation, an attacker can view or modify information causing a limited...

6.1CVSS6.8AI score0.00583EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 11:5 p.m.•4 views

CVE-2022-34619

A stored cross-site scripting XSS vulnerability in Mealie v0.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Shopping Lists item names text field...

5.4CVSS5.5AI score0.0069EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 11:5 p.m.•6 views

CVE-2022-34560

A cross-site scripting XSS vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the History parameter...

7.1CVSS5.8AI score0.00314EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 11:5 p.m.•6 views

CVE-2022-34561

A cross-site scripting XSS vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the video description parameter...

4.3CVSS5.8AI score0.00398EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 11:3 p.m.•5 views

CVE-2022-34140

A stored cross-site scripting XSS vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field...

5.4CVSS5.4AI score0.03381EPSS

Exploits7References1

RedhatCVE•added 2025/05/22 10:59 p.m.•5 views

CVE-2022-32987

Multiple cross-site scripting XSS vulnerabilities in /bsms/?page=manageaccount of Simple Bakery Shop Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username or Full Name fields...

4.8CVSS6.1AI score0.00461EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 10:56 p.m.•7 views

CVE-2022-32074

A stored cross-site scripting XSS vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file...

5.4CVSS5.5AI score0.0119EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:52 p.m.•4 views

CVE-2022-31455

A cross-site scripting XSS vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a user chat box...

6.1CVSS5.8AI score0.00357EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:50 p.m.•4 views

CVE-2022-30738

Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows attackers to spoof address bar via executing script...

4.3CVSS6.8AI score0.00501EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:45 p.m.•10 views

CVE-2022-45223

Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting XSS vulnerability in /Admin/add-student.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter...

4.8CVSS6.1AI score0.00467EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by