CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

106035 matches found

Extreme Management Center 8.4.1.24 - Cross-Site Scripting

Extreme Management Center 8.4.1.24 contains a cross-site scripting vulnerability via a parameter in a GET request. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

6.1CVSS6.2AI score0.17063EPSS

Exploits0References5

Nuclei•added yesterday•34 views

osTicket < 1.10.2 - Cross-Site Scripting

Cross-site scripting XSS vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "sort" parameter. id: CVE-2018-7196 info: name: osTicket 1.10.2 - Cross-Site Scripting author: ritikchaddha severity: medium...

6.1CVSS6.4AI score0.00723EPSS

Exploits1References2

Nuclei•added yesterday•7 views

VDO.Ninja - DOM-Based Cross-Site Scripting

VDO.Ninja 28.0 to 28.3 contains a reflected XSS caused by improper sanitization of the room parameter in examples/control.html, letting remote attackers execute scripts, exploit requires crafted URL. id: CVE-2025-62613 info: name: VDO.Ninja - DOM-Based Cross-Site Scripting author: 0xAkoko severit...

6.9CVSS5.6AI score0.02073EPSS

Exploits0References3

Nuclei•added yesterday•53 views

Apache ActiveMQ <=5.15.5 - Cross-Site Scripting

Apache ActiveMQ versions 5.0.0 to 5.15.5 are vulnerable to cross-site scripting via the web based administration console on the queue.jsp page. The root cause of this issue is improper data filtering of the QueueFilter parameter. id: CVE-2018-8006 info: name: Apache ActiveMQ =5.15.5 - Cross-Site...

6.1CVSS6.4AI score0.78485EPSS

Exploits0References10

Nuclei•added yesterday•22 views

CandidATS 3.0.0 - Cross-Site Scripting

CandidATS 3.0.0 contains a cross-site scripting vulnerability via the page parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

6.1CVSS6.2AI score0.02714EPSS

Exploits1References5

Nuclei•added yesterday•41 views

Parallels H-Sphere 3.0.0 P9/3.1 P1 - Cross-Site Scripting

Parallels H-Sphere 3.0.0 P9 and 3.1 P1 contains multiple cross-site scripting vulnerabilities in login.php in webshell4. An attacker can inject arbitrary web script or HTML via the err, errorcode, and login parameters, thus allowing theft of cookie-based authentication credentials and launch of...

4.3CVSS5.3AI score0.01345EPSS

Exploits1References5

Nuclei•added yesterday•155 views

SPIP <3.1.2 - Cross-Site Scripting

SPIP 3.1.2 and earlier contains a cross-site scripting vulnerability in validerxml.php which allows remote attackers to inject arbitrary web script or HTML via the varurl parameter in a validerxml action. id: CVE-2016-7981 info: name: SPIP 3.1.2 - Cross-Site Scripting author: pikpikcu severity:...

6.1CVSS6.6AI score0.43499EPSS

Exploits2References5

Nuclei•added yesterday•10 views

WSO2 - Server Side Request Forgery

WSO2 products contain SSRF and reflected XSS vulnerabilities in the deprecated Try-It feature accessible only to administrative users, caused by improper URL validation and direct content reflection, letting attackers trick admins into executing arbitrary JavaScript and querying internal services...

5.9CVSS5.6AI score0.00654EPSS

Exploits0References1

Nuclei•added yesterday•19 views

WordPress Stop User Enumeration <=1.3.7 - Cross-Site Scripting

WordPress Stop User Enumeration 1.3.7 and earlier are vulnerable to unauthenticated reflected cross-site scripting. id: CVE-2017-18536 info: name: WordPress Stop User Enumeration =1.3.7 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress Stop User Enumeration 1.3.7 an...

6.1CVSS5.8AI score0.02172EPSS

Exploits1References4

Nuclei•added yesterday•19 views

ActiveHelper LiveHelp Server 3.1.0 - Cross-Site Scripting

Multiple cross-site scripting vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 MESSAGE, 2 EMAIL, or 3 NAME parameter. id: CVE-2014-4513 info: name: ActiveHelp...

4.3CVSS5.4AI score0.02772EPSS

Exploits1References2

Nuclei•added yesterday•21 views

Movies <= 0.6 - Cross-Site Scripting

A cross-site scripting vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php. id: CVE-2014-4539 info: name: Movies = 0.6 - Cross-Site Scripting author: daffainfo...

6.1CVSS6.3AI score0.0161EPSS

Exploits2References4

Nuclei•added yesterday•27 views

HPE System Management - Cross-Site Scripting

HPE System Management contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other...

5.4CVSS6.5AI score0.59937EPSS

Exploits2References5

Nuclei•added yesterday•24 views

2 Click Socialmedia Buttons < 0.34 - Cross-Site Scripting

A cross-site scripting vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter. id: CVE-2012-4273 info: name: 2 Click Socialmedia Buttons 0.34 - Cross-Site Scripti...

4.3CVSS5.4AI score0.00963EPSS

Exploits1References5

Nuclei•added yesterday•31 views

ReQlogic v11.3 - Cross Site Scripting

ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters. id: CVE-2022-41441 info: name: ReQlogic v11.3 - Cross Site Scripting author: r3Y3r53 severity: medium description: | ReQlogic v11.3 allow attackers ...

6.1CVSS6.7AI score0.06229EPSS

Exploits3References5

Nuclei•added yesterday•73 views

H3C SSL VPN <=2022-07-10 - Cross-Site Scripting

H3C SSL VPN 2022-07-10 and prior contains a cookie-based cross-site scripting vulnerability in wnm/login/login.json svpnlang. id: CVE-2022-35416 info: name: H3C SSL VPN =2022-07-10 - Cross-Site Scripting author: 0x240x23elu severity: medium description: | H3C SSL VPN 2022-07-10 and prior contains...

6.1CVSS6.1AI score0.06631EPSS

Exploits1References5

Nuclei•added yesterday•27 views

Xinuo Openserver 5/6 - Cross-Site scripting

Xinuo formerly SCO Openserver versions 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section' and is vulnerable to reflected cross-site scripting. id: CVE-2020-25495 info: name: Xinuo Openserver 5/6 - Cross-Site scripting author: 0xAkoko severity:...

6.1CVSS6AI score0.01051EPSS

Exploits3References5

Nuclei•added yesterday•20 views

osTicket < 1.10.2 - Cross-Site Scripting

Cross-site scripting XSS vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "message" parameter. id: CVE-2018-7192 info: name: osTicket 1.10.2 - Cross-Site Scripting author: ritikchaddha severity:...

6.1CVSS6.4AI score0.0013EPSS

Exploits1References2

Nuclei•added yesterday•7 views

WordPress Redirect After Login <= 0.1.9 - Admin Stored XSS

Marcelotorres Redirect After Login plugin = 0.1.9 contains a stored cross-site scripting caused by insufficient sanitization in the login redirect parameter, letting attackers execute scripts in the context of the affected site, exploit requires admin privileges. id: CVE-2023-27624 info: name:...

5.9CVSS6.4AI score0.00485EPSS

Exploits0References2

Nuclei•added yesterday•24 views

WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting

A cross-site scripting vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page. id: CVE-2012-4242 info: name: WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting author:...

4.3CVSS5.4AI score0.06071EPSS

Exploits3References4

Nuclei•added yesterday•26 views

kkFileView 4.1.0 - Cross-Site Scripting

kkFileView 4.1.0 contains multiple cross-site scripting vulnerabilities via the errorMsg parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and...

6.1CVSS6.2AI score0.02352EPSS

Exploits1References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by