CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

17 matches found

EUVD-2019-20179

WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post title field. Attackers can submit POST requests to the post editing endpoint with script payloads in the...

6.4CVSS5.6AI score

Exploits0References4

NVD•added 2026/03/13 7:54 p.m.•1 views

CVE-2026-22192

Voltronic Power SNMP Web Pro version 1.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to access privileged management functions by manipulating browser localStorage values. Attackers can modify client-side authentication state to bypass server-side access...

9.9CVSS0.00059EPSS

Exploits0References4

NVD•added 2026/02/20 11:16 p.m.•4 views

CVE-2019-25448

OrientDB 3.0.17 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating users with script payloads in the name parameter. Attackers can send POST requests to the document endpoint with JavaScript code in the name field to...

6.4CVSS0.00046EPSS

Exploits1References3

Vulnrichment•added 2026/02/20 10:56 p.m.•4 views

CVE-2019-25448 OrientDB 3.0.17 Stored Cross-Site Scripting via User Creation

6.4CVSS5.5AI score0.00046EPSS

Exploits1References3

CVE•added 2026/02/19 12:2 p.m.•7 views

CVE-2019-25425

CVE-2019-25425 describes a reflected cross-site scripting vulnerability in Comodo Dome Firewall 2.7.0 . The issue arises via the smtpconfig endpoint, where an attacker can submit crafted input to the VIRUS_ADMIN parameter and perform POST requests to inject JavaScript that executes in an administ...

6.1CVSS5.6AI score0.00022EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2026/02/19 12:0 a.m.•3 views

PT-2026-20805

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the username parameter. Attackers can send POST requests to the login endpoint with script payloads in the username...

6.1CVSS5.6AI score0.00045EPSS

Exploits1References4

CVE•added 2026/02/18 8:59 p.m.•9 views

CVE-2019-25400

CVE-2019-25400 affects IPFire 2.21 Core Update 127. The vulnerabilities are multiple reflected XSS in the fwhosts.cgi script, exploitable via numerous parameters (e.g., HOSTNAME, IP, SUBNET, NETREMARK, HOSTREMARK, newhost, grp_name, remark, SRV_NAME, SRV_PORT, SRVGRP_NAME, SRVGRP_REMARK, updatesr...

5.4CVSS5.6AI score0.00069EPSS

Exploits1References4Affected Software1

NVD•added 2026/02/15 2:16 p.m.•4 views

CVE-2019-25371

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diagping.php endpoint with script payloads i...

6.1CVSS0.00055EPSS

Exploits1References4

OSV•added 2026/02/15 2:16 p.m.•2 views

CVE-2019-25370

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POST requests to interfacesvlanedit.php with script payloads in the tag, descr, or vlanif parameters ...

6.1CVSS5.6AI score

Exploits0References4

ATTACKERKB•added 2026/02/15 1:58 p.m.•2 views

CVE-2019-25370

6.1CVSS5.5AI score0.00048EPSS

Exploits1References4Affected Software1

NVD•added 2026/01/30 5:16 p.m.•1 views

CVE-2020-37014

Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user...

6.4CVSS0.00081EPSS

Exploits0References5

Vulnrichment•added 2026/01/30 4:16 p.m.•3 views

CVE-2020-37014 Tryton 5.4 - Persistent Cross-Site Scripting

6.4CVSS5.9AI score0.00081EPSS

Exploits0References5

Positive Technologies•added 2026/01/23 12:0 a.m.•3 views

PT-2026-4502

MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through thread titles. Attackers can modify thread titles with script payloads that will execute when other users view the trending widget...

6.1CVSS5.2AI score0.00044EPSS

Exploits1References4

RedhatCVE•added 2025/12/17 6:2 p.m.•5 views

CVE-2023-53898

Rukovoditel 3.4.1 contains a stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert iframe and script payloads in application copyright text to execute arbitrary JavaScript in victim browsers...

5.4CVSS6.4AI score0.00024EPSS

Exploits1References1

NVD•added 2025/12/16 5:16 p.m.•2 views

CVE-2023-53898

5.4CVSS0.00024EPSS

Exploits1References3

EUVD•added 2025/12/12 12:30 a.m.•2 views

EUVD-2024-55342

Microweber 2.0.15 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into user profile fields. Attackers can input script payloads in the first name field that will execute when the profile is viewed by other users, potentially...

5.3CVSS5.7AI score0.00045EPSS

Exploits1References5

CNNVD•added 2021/07/06 12:0 a.m.•2 views

WordPress plugin VikRentCar跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Plugin is a WordPress open source application plugin. WordPress' VikRentCar has a cross-site scripting...

5.4CVSS5.4AI score0.00085EPSS

Exploits2References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by