CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6663 matches found

EUVD•added 2025/12/18 9:31 p.m.•2 views

EUVD-2025-204371

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to upload files with spoofed Content-Type that do not match file extensions. Attackers can exploit this vulnerability by uploading malicious files with manipulated MIME types, allowing malicious scripts to execute i...

5.1CVSS5.9AI score0.00024EPSS

Exploits0References3

OSV•added 2025/12/18 8:15 p.m.•1 views

CVE-2024-58319

A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Pages dashboard widget configuration dialog. Attackers can exploit this vulnerability to execute malicious scripts in administrative users' browsers...

6.1CVSS5.8AI score

Exploits0References2

NVD•added 2025/12/18 8:15 p.m.•1 views

CVE-2022-50681

A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via administration input fields in the Rich text editor component. Attackers can exploit this vulnerability to execute arbitrary scripts in users' browsers...

6.1CVSS0.0003EPSS

Exploits0References2

Vulnrichment•added 2025/12/18 7:53 p.m.•1 views

CVE-2024-58323 Kentico Xperience <= 13.0.158 Checkbox Form Component Stored XSS

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Checkbox form component. This allows malicious scripts to execute in users' browsers by exploiting HTML support in the form builder...

5.4CVSS5.8AI score0.00024EPSS

Exploits0References2

Vulnrichment•added 2025/12/18 7:53 p.m.•4 views

CVE-2022-50681 Kentico Xperience <= 13.0.88 Rich Text Editor Reflected XSS

6.1CVSS6.2AI score0.0003EPSS

Exploits0References2

Positive Technologies•added 2025/12/18 12:0 a.m.•2 views

PT-2025-52303

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A reflected cross-site scripting issue exists in Kentico Xperience. This allows attackers to inject malicious scripts through administration input fields within the Rich text editor...

6.1CVSS6AI score0.0003EPSS

Exploits0References5

Positive Technologies•added 2025/12/18 12:0 a.m.•2 views

PT-2025-52299

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A stored cross-site scripting issue exists in Kentico Xperience. Attackers can upload files with a manipulated Content-Type that does not align with the file extension. This allows...

5.1CVSS5.9AI score0.00024EPSS

Exploits0References4

CNNVD•added 2025/12/18 12:0 a.m.•1 views

Kentico Xperience 跨站脚本漏洞

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject malicious script via the rich text editor component of the page and form builder...

6.1CVSS5.6AI score0.00024EPSS

Exploits0References2

Vulnrichment•added 2025/12/18 12:0 a.m.•1 views

CVE-2025-63949

A Reflected Cross-Site Scripting XSS vulnerability in yohanawi Hotel Management System commit 87e004a allows a remote attacker to execute arbitrary web script via the 'error' parameter in pages/room.php...

5.8AI score0.00056EPSS

Exploits1References2

NVD•added 2025/12/17 11:15 p.m.•1 views

CVE-2023-53915

Zenphoto 1.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting HTML content into album descriptions. Attackers can create albums with malicious iframe or script tags in the description field that execute when users vi...

5.1CVSS0.00024EPSS

Exploits1References3

Vulnrichment•added 2025/12/17 10:16 p.m.•4 views

CVE-2025-68147 opensourcepos has a Cross-site Scripting vulnerability

Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and prior to version 3.4.2, a Stored Cross-Site Scripting XSS vulnerability exists in the "Return Policy" configuration field. The application doe...

8.1CVSS5AI score0.00047EPSS

Exploits4References3

RedhatCVE•added 2025/12/17 8:7 a.m.•2 views

CVE-2025-29231

A stored cross-site scripting XSS vulnerability in the pagesave component of Linksys E5600 V1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hostname and domainName parameters...

6.1CVSS5.6AI score0.00024EPSS

Exploits0References1

Positive Technologies•added 2025/12/17 12:0 a.m.•3 views

PT-2025-51970

Name of the Vulnerable Software and Affected Versions Serendipity version 2.4.0 Description An authenticated user can inject malicious scripts through blog entry creation. An attacker can create blog entries with JavaScript payloads that execute when other users view the compromised post. This is...

5.4CVSS5.8AI score0.00024EPSS

Exploits1References9

RedhatCVE•added 2025/12/16 8:44 p.m.•2 views

CVE-2023-53884

Webedition CMS v2.9.8.8 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the media upload feature to inject and execute arbitrary scripts when the file is...

5.4CVSS6.4AI score0.00029EPSS

Exploits1References1

Vulnrichment•added 2025/12/16 5:3 p.m.•2 views

CVE-2023-53903 WebsiteBaker 2.13.3 Stored Cross-Site Scripting via SVG File Upload

WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files with script tags that execute when the file is viewed, enabling persistent cross-site scripting...

5.4CVSS5.8AI score0.00024EPSS

Exploits1References3

CNNVD•added 2025/12/16 12:0 a.m.•2 views

Linksys E5600 安全漏洞

Linksys E5600 is a powerful, compact and reliable WiFi 5 router from Linksys, Inc. A security vulnerability exists in Linksys E5600 version V1.1.0.26, which originates from stored cross-site scripting in the pagesave component and could lead to arbitrary web script execution...

6.1CVSS6AI score0.00024EPSS

Exploits0References2

OSV•added 2025/12/15 9:15 p.m.•3 views

CVE-2023-53887

Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser...

5.4CVSS5.9AI score

Exploits0References3

Cvelist•added 2025/12/15 8:28 p.m.•15 views

CVE-2023-53884 Webedition CMS v2.9.8.8 Stored Cross-Site Scripting via SVG Upload

5.1CVSS0.00029EPSS

Exploits1References3

Vulnrichment•added 2025/12/15 8:28 p.m.•1 views

CVE-2023-53884 Webedition CMS v2.9.8.8 Stored Cross-Site Scripting via SVG Upload

5.1CVSS6.1AI score0.00029EPSS

Exploits1References3

CVE•added 2025/12/15 8:28 p.m.•8 views

CVE-2023-53882

JLex GuestBook 1.6.4 is affected by a reflected cross-site scripting (XSS) vulnerability in the q URL parameter. The issue allows attackers to craft malicious links that inject scripts into victims’ browsers, potentially stealing session tokens or executing arbitrary JavaScript.Reportedly, remedi...

5.1CVSS5.7AI score0.00052EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by