CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6663 matches found

EUVD•added 2025/10/31 12:30 a.m.•1 views

EUVD-2024-55045

Nagios XI versions prior to 2024R1.1.3 are vulnerable to cross-site scripting XSS via the Executive Summary Report component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

5.1CVSS5.7AI score0.00703EPSS

Exploits0References4

EUVD•added 2025/10/31 12:30 a.m.•2 views

EUVD-2018-21610

Nagios Fusion versions prior to 4.1.5 are vulnerable to cross-site scripting XSS via the "fusionwindow" parameter. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

5.1CVSS5.6AI score0.00478EPSS

Exploits0References3

RedhatCVE•added 2025/10/31 12:13 a.m.•1 views

CVE-2025-63885

A stored cross-site scripting XSS vulnerability in AIxBlock commit 04f305 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the modeldesc field...

6.1CVSS5.7AI score0.00025EPSS

Exploits0References1

CNVD•added 2025/10/31 12:0 a.m.•2 views

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27636)

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the REMOTELOGADDR parameter of the...

5.4CVSS6.1AI score0.00024EPSS

Exploits0References1

CNVD•added 2025/10/31 12:0 a.m.•2 views

Simple Food Ordering System editcategory.php file cross-site scripting vulnerability

Simple Food Ordering System is a simple food ordering system. Simple Food Ordering System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter pname in the file /editcategory.php, which can be exploit...

6.1CVSS4.8AI score0.00038EPSS

Exploits1References1

CNVD•added 2025/10/31 12:0 a.m.•2 views

IBM QRadar SIEM Cross-Site Scripting Vulnerability (CNVD-2025-27446)

IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...

6.4CVSS5.9AI score0.0002EPSS

Exploits0References1

Positive Technologies•added 2025/10/31 12:0 a.m.•2 views

PT-2025-114: Stored XSS in FreeScout

The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to inject arbitrary HTML tags and JavaScript, leading to script execution in victims’ browsers and enabling social‑engineering attacks. Vulnerability status: Confirmed by vendor Date of...

6.1CVSS6AI score

Exploits0References1

CNVD•added 2025/10/31 12:0 a.m.•5 views

Client Details System clientview.php File Cross-Site Scripting Vulnerability

Client Details System is a client information system. Client Details System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the file /admin/clientview.php, which can be exploited by an attacker to execute...

5.4CVSS6.1AI score0.00029EPSS

Exploits1References1

NVD•added 2025/10/30 10:15 p.m.•2 views

CVE-2023-53689

Nagios Fusion versions prior to 4.2.0 contain a reflected cross-site scripting XSS vulnerability in the license key configuration flow that can result in execution of attacker-controlled script in the browser of a user who follows a crafted URL. While the application server itself is not directly...

6CVSS0.00207EPSS

Exploits0References3

OSV•added 2025/10/30 10:15 p.m.•1 views

CVE-2021-47690

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting XSS vulnerabilities in Overlay modals. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the conte...

5.4CVSS5.9AI score0.00478EPSS

Exploits0References2

NVD•added 2025/10/30 10:15 p.m.•1 views

CVE-2020-36860

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains multiple cross-site scripting XSS vulnerabilities in the object edit pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in th...

5.4CVSS0.00478EPSS

Exploits0References2

NVD•added 2025/10/30 10:15 p.m.•2 views

CVE-2018-25119

6.1CVSS0.00478EPSS

Exploits0References2

NVD•added 2025/10/30 10:15 p.m.•2 views

CVE-2013-10074

Nagios XI versions prior to 2012R2.6 are vulnerable to cross-site scripting XSS via the Tools Menu of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

5.4CVSS0.00478EPSS

Exploits0References2

Vulnrichment•added 2025/10/30 9:55 p.m.•1 views

CVE-2016-15051 Nagios XI < 5.2.4 XSS via Report startdate/enddate Fields

Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting XSS via the Reports interface through values from the startdate and enddate fields. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a...

5.1CVSS5.8AI score0.00478EPSS

Exploits0References2

Vulnrichment•added 2025/10/30 9:35 p.m.•1 views

CVE-2021-47690 Nagios XI < 5.8.2 Core Config Manager (CCM) XSS via Overlay Modals

5.1CVSS5.9AI score0.00478EPSS

Exploits0References2

Cvelist•added 2025/10/30 9:34 p.m.•2 views

CVE-2020-36860 Nagios XI < 5.7.4 Core Config Manager (CCM) XSS via Object Edit Pages

5.1CVSS0.00478EPSS

Exploits0References2

EUVD•added 2025/10/30 6:31 p.m.•1 views

EUVD-2025-37047

A stored cross-site scripting XSS vulnerability in AIxBlock commit 04f305 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the modeldesc field...

6.1CVSS5.1AI score0.00025EPSS

Exploits0References3

OSV•added 2025/10/30 3:2 p.m.•2 views

GO-2025-4065 Mattermost Server: Files may be rendered inline instead of downloaded, allowing script execution in github.com/mattermost/mattermost-server

Mattermost Server: Files may be rendered inline instead of downloaded, allowing script execution in github.com/mattermost/mattermost-server...

6.1CVSS7.1AI score0.00359EPSS

Exploits0References4

RedhatCVE•added 2025/10/28 10:0 p.m.•3 views

CVE-2025-62793

eLabFTW is an open source electronic lab notebook for research labs. The application served uploaded SVG files inline. Because SVG supports active content, an attacker could upload a crafted SVG that executes script when viewed, resulting in stored XSS under the application origin. A victim who...

6.8CVSS6.1AI score0.00029EPSS

Exploits0References1

CNNVD•added 2025/10/27 12:0 a.m.•1 views

code-projects Client Details System 代码注入漏洞

Client Details System is a client information system. Client Details System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the file /update-clients.php, which can be exploited by an attacker to execute...

5.4CVSS6AI score0.00029EPSS

Exploits1References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by