CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Openbugbounty•added 2025/04/09 3:49 p.m.•7 views

rangamaticollege.gov.bd Cross Site Scripting vulnerability OBB-4042961

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE•added 2025/04/09 2:3 p.m.•50 views

CVE-2023-33844

Incident summary: CVE-2023-33844 affects IBM Security Verify Governance 10.0.2 with a cross-site scripting (XSS) flaw in the Web UI. The root cause involves insufficient filtering/escaping of user-supplied data, enabling arbitrary JavaScript execution that can lead to credentials disclosure withi...

5.4CVSS5.3AI score0.00182EPSS

Exploits0References1Affected Software1

Openbugbounty•added 2025/04/09 9:3 a.m.•2 views

jomos.vn Cross Site Scripting vulnerability OBB-4042862

Openbugbounty•added 2025/04/09 2:28 a.m.•5 views

executive-class-at-mts-hotel.hotelinewyork.com Cross Site Scripting vulnerability OBB-4042754

CNVD•added 2025/04/09 12:0 a.m.•5 views

ForestBlog keywords parameter cross-site scripting vulnerability

ForestBlog is a blogging system. A cross-site scripting vulnerability exists in ForestBlog 20250321 and earlier versions, which stems from the lack of effective filtering and escaping of user-supplied data by the parameter keywords, and can be exploited by an attacker to execute arbitrary Web...

5.4CVSS4.7AI score0.00275EPSS

Exploits1References1

CNNVD•added 2025/04/09 12:0 a.m.•1 views

WordPress plugin Doppler Forms 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

7.1CVSS7.2AI score0.00144EPSS

Patchstack•added 2025/04/08 9:41 p.m.•4 views

WordPress WP Project Manager plugin <= 2.6.22 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by siavashvafshar in WordPress Plugin WP Project Manager versions = 2.6.22...

6.4CVSS6.3AI score0.00232EPSS

Exploits0References1Affected Software1

CVE•added 2025/04/08 4:59 p.m.•52 views

CVE-2025-32211

CVE-2025-32211 (Broadstreet): Authenticated Stored Cross-Site Scripting in Broadstreet WordPress plugin, affected

6.5CVSS7.2AI score0.00174EPSS

Openbugbounty•added 2025/04/08 2:23 p.m.•7 views

event.ru Cross Site Scripting vulnerability OBB-4042681

CVE•added 2025/04/08 1:31 a.m.•57 views

CVE-2025-3397

Summary: CVE-2025-3397 affects YzmCMS 7.1 in an unknown function within message.tpl; manipulating the gourl argument triggers cross-site scripting. Exploitation is possible remotely and public disclosure exists. Multiple sources (CNVD/CNNVD/NVD/OSV/etc.) confirm the issue but provide no official ...

6.1CVSS6.2AI score0.00424EPSS

Exploits1References5Affected Software1

Openbugbounty•added 2025/04/07 12:25 p.m.•4 views

classifieds.cleveland.com Cross Site Scripting vulnerability OBB-4042527

RedhatCVE•added 2025/04/06 5:29 p.m.•22 views

CVE-2025-32188

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ILLID Advanced Woo Labels advanced-woo-labels allows Stored XSS.This issue affects Advanced Woo Labels: from n/a through = 2.15...

6.5CVSS7.2AI score0.00313EPSS

RedhatCVE•added 2025/04/06 5:16 p.m.•7 views

CVE-2025-32133

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro Secure Copy Content Protection and Content Locking secure-copy-content-protection allows Stored XSS.This issue affects Secure Copy Content Protection and Content Locking: from n/a through =...

5.9CVSS7.2AI score0.00327EPSS

RedhatCVE•added 2025/04/06 5:10 p.m.•6 views

CVE-2025-32169

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Suresh Prasad Showeblogin Social showeblogin-facebook-page-like-box allows DOM-Based XSS.This issue affects Showeblogin Social: from n/a through = 7.0...

6.5CVSS7.2AI score0.00313EPSS

RedhatCVE•added 2025/04/06 7:33 a.m.•13 views

CVE-2025-3219

A vulnerability was found in CodeCanyon Perfex CRM 3.2.1. It has been classified as problematic. Affected is an unknown function of the file /perfex/clients/project/2 of the component Project Discussions Module. The manipulation of the argument description leads to cross site scripting. It is...

5.4CVSS6.3AI score0.00296EPSS

Exploits1References1

Openbugbounty•added 2025/04/05 8:13 p.m.•9 views

duel-de-mots.com Cross Site Scripting vulnerability OBB-4042389

RedhatCVE•added 2025/04/05 2:22 p.m.•6 views

CVE-2025-31900

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in lexicata Lexicata lexicata allows Reflected XSS.This issue affects Lexicata: from n/a through = 1.0.16...

7.1CVSS7.2AI score0.00191EPSS

Patchstack•added 2025/04/04 7:40 p.m.•4 views

WordPress Link Library plugin <= 7.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Link Additional Parameters vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Link Additional Parameters vulnerability discovered by siavashvafshar in WordPress Plugin Link Library versions = 7.7.3...

6.4CVSS6.3AI score0.00203EPSS

Exploits0References1Affected Software1

NVD•added 2025/04/04 4:15 p.m.•19 views

CVE-2025-32136

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in activecampaign ActiveCampaign activecampaign-subscription-forms allows Stored XSS.This issue affects ActiveCampaign: from n/a through = 8.1.16...

5.9CVSS0.00327EPSS