CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2025/03/17 2:15 p.m.•9 views

CVE-2025-0599

A stored Cross-site Scripting XSS vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

8.7CVSS0.0023EPSS

Openbugbounty•added 2025/03/17 8:1 a.m.•7 views

9mmstore.eu Cross Site Scripting vulnerability OBB-4037173

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Openbugbounty•added 2025/03/17 3:55 a.m.•7 views

zckingy.com Cross Site Scripting vulnerability OBB-4037044

Openbugbounty•added 2025/03/16 1:24 p.m.•8 views

v-creation.jp Cross Site Scripting vulnerability OBB-4036876

NVD•added 2025/03/16 6:15 a.m.•13 views

CVE-2025-1621

The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00247EPSS

Exploits1References1

RedhatCVE•added 2025/03/15 8:17 a.m.•6 views

CVE-2025-25625

A stored cross-site scripting vulnerability exists in FS model S3150-8T2F switches running firmware s3150-8t2f-switch-fsos-220d118101 and web firmware v2.2.2, which allows an authenticated web interface user to bypass input filtering on user names, and stores un-sanitized HTML and Javascript on t...

5.4CVSS5.7AI score0.00217EPSS

RedhatCVE•added 2025/03/15 8:11 a.m.•7 views

CVE-2024-57348

Cross Site Scripting vulnerability in PecanProject pecan through v.1.8.0 allows a remote attacker to execute arbitrary code via the crafted payload to the hostname, sitegroupid, lat, lon and sitename parameters...

6.1CVSS7.3AI score0.00317EPSS

Exploits1References1

Openbugbounty•added 2025/03/15 7:13 a.m.•6 views

theglobalquality.com Cross Site Scripting vulnerability OBB-4036583

RedhatCVE•added 2025/03/14 7:2 p.m.•21 views

CVE-2025-2211

A vulnerability was found in aitangbao springboot-manager 3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sysDictDetail/add. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit h...

4.8CVSS5.9AI score0.00448EPSS

Exploits1References1

RedhatCVE•added 2025/03/14 3:51 p.m.•8 views

CVE-2025-28918

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in A. Jones Featured Image Thumbnail Grid thumbnail-grid allows Stored XSS.This issue affects Featured Image Thumbnail Grid: from n/a through = 6.8...

6.5CVSS7.2AI score0.00245EPSS

Openbugbounty•added 2025/03/12 8:18 a.m.•5 views

jcbcreatives.com Cross Site Scripting vulnerability OBB-4035760

OSV•added 2025/03/12 4:15 a.m.•2 views

CVE-2025-2077

The Simple Amazon Affiliate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'msg' parameter in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS7.4AI score0.00287EPSS

Exploits0References2

Vulnrichment•added 2025/03/11 10:0 p.m.•6 views

CVE-2025-2210 aitangbao springboot-manager add cross site scripting

A vulnerability has been found in aitangbao springboot-manager 3.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /sysJob/add. The manipulation of the argument name leads to cross site scripting. The attack can be launched remotely. The explo...

4.8CVSS3.4AI score0.00448EPSS

Exploits1References4

NVD•added 2025/03/11 9:15 p.m.•13 views

CVE-2025-28908

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pipdig pipDisqus pipdisqus allows Stored XSS.This issue affects pipDisqus: from n/a through = 1.6...

5.9CVSS0.00264EPSS

CVE•added 2025/03/11 9:1 p.m.•49 views

CVE-2025-28918

CVE-2025-28918 : Stored XSS in WordPress plugin Featured Image Thumbnail Grid up to version 6.6.1 . Root cause: improper neutralization of input during web page generation in the plugin, enabling stored cross-site scripting. Affected product/component: WordPress Plugin – Featured Image Thumbnail ...

6.5CVSS7.2AI score0.00245EPSS

Vulnrichment•added 2025/03/11 9:0 p.m.•6 views

CVE-2025-28906 WordPress Skitter Slideshow plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Thiago S.F. Skitter Slideshow wp-skitter-slideshow allows Stored XSS.This issue affects Skitter Slideshow: from n/a through = 2.5.2...

5.9CVSS7.2AI score0.00496EPSS

Vulnrichment•added 2025/03/11 9:0 p.m.•10 views

CVE-2025-28870 WordPress amoCRM WebForm plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in amocrm amoCRM WebForm amocrm-webform allows DOM-Based XSS.This issue affects amoCRM WebForm: from n/a through = 1.1...

6.5CVSS8.6AI score0.00246EPSS