CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6239 matches found

Cvelist•added 2025/02/19 4:2 p.m.•21 views

CVE-2024-28776 IBM Cognos Controller cross-site scripting

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

5.4CVSS0.00201EPSS

Exploits0References1

NVD•added 2025/02/19 8:15 a.m.•3 views

CVE-2024-11335

The UltraEmbed – Advanced Iframe Plugin For WordPress with Gutenberg Block Included plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframe' shortcode in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user...

6.4CVSS0.00297EPSS

Exploits0References2

CNVD•added 2025/02/19 12:0 a.m.•10 views

SAP NetWeaver Application Server Java Cross-Site Scripting Vulnerability

SAP NetWeaver Application Server Java is a German SAP SAP company provides a Java runtime environment of the application server. The product is mainly used to develop and run Java EE applications. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server Java, which can be...

6.5CVSS5.9AI score0.00419EPSS

Exploits1References1

Patchstack•added 2025/02/18 11:31 p.m.•1 views

WordPress Yay! Forms plugin <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Yay! Forms versions = 1.2.1...

6.4CVSS5.7AI score0.00375EPSS

Exploits0References1Affected Software1

CVE•added 2025/02/18 7:28 a.m.•52 views

CVE-2024-13575

The CVE CVE-2024-13575 concerns the WordPress plugin Web Stories Enhancer – Level Up Your Web Stories. It is vulnerable to Stored Cross-Site Scripting via the plugin’s web_stories_enhancer shortcode in all versions up to 1.3, due to insufficient input sanitization and output escaping on user-supp...

6.4CVSS5.8AI score0.00341EPSS

Exploits0References3Affected Software1

OSV•added 2025/02/18 5:15 a.m.•2 views

CVE-2024-13588

The Simplebooklet PDF Viewer and Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'simplebooklet' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

5.4CVSS5.9AI score0.00222EPSS

Exploits0References3

OSV•added 2025/02/18 5:15 a.m.•1 views

CVE-2024-13579

The WP-Asambleas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pollspopup' shortcode in all versions up to, and including, 2.85.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.4CVSS7.4AI score0.00222EPSS

Exploits0References2

Vulnrichment•added 2025/02/18 12:0 a.m.•6 views

CVE-2024-56882

Sage DPW before 202412000 is vulnerable to Cross Site Scripting XSS. Low-privileged Sage users with employee role privileges can permanently store JavaScript code in the Kurstitel and Kurzinfo input fields. The injected payload is executed for each authenticated user who views and interacts with...

5.3AI score0.00388EPSS

Exploits1References1

CNVD•added 2025/02/18 12:0 a.m.•9 views

IBM Aspera Shares Cross-Site Scripting Vulnerability (CNVD-2025-04172)

IBM Aspera Shares is a Web application from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Aspera Shares versions 1.9.0 through 1.10.0 PL6. The vulnerability stems from the application's lack of effective filtering and escaping of user-supplied data, which...

4.8CVSS6AI score0.00206EPSS

Exploits0References1

CNVD•added 2025/02/18 12:0 a.m.•3 views

JetBrains TeamCity Cross-Site Scripting Vulnerability

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from a cross-site...

6.1CVSS5.8AI score0.02733EPSS

Exploits0References1

Patchstack•added 2025/02/17 10:40 a.m.•2 views

WordPress VR Frases plugin < 4.0 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin VR-Frases versions 4.0...

7.1CVSS6.4AI score0.00312EPSS

Exploits1References1Affected Software1

CNVD•added 2025/02/17 12:0 a.m.•8 views

Adobe Experience Manager cross-scripting vulnerability (CNVD-2025-03621)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6.8AI score0.00368EPSS

Exploits0References1

CNVD•added 2025/02/17 12:0 a.m.•6 views

IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2025-04975)

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. IBM Sterling B2B Integrator suffe...

5.4CVSS6.1AI score0.00206EPSS

Exploits0References1

CNVD•added 2025/02/17 12:0 a.m.•6 views

IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2025-04977)

5.4CVSS6.1AI score0.00204EPSS

Exploits0References1

CNVD•added 2025/02/17 12:0 a.m.•10 views

IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2025-04978)

6.4CVSS6.1AI score0.00206EPSS

Exploits0References1

CVE•added 2025/02/14 7:24 p.m.•91 views

CVE-2025-25296

CVE-2025-25296 affects Label Studio versions prior to 1.16.0. The vulnerability is in the GET-based /projects/upload-example endpoint, where a crafted label_config permits injecting and rendering HTML without proper sanitization, enabling Cross-Site Scripting (XSS) . The CSP is in report-only mod...

6.1CVSS6.8AI score0.01778EPSS

Exploits2References2Affected Software1

RedhatCVE•added 2025/02/14 1:36 p.m.•11 views

CVE-2024-56939

LearnDash v6.7.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the ld-comment-body class...

5.4CVSS5.9AI score0.00308EPSS

Exploits1References1

Patchstack•added 2025/02/14 1:0 p.m.•2 views

WordPress Events Planner Plugin <= 1.3.10 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Events Planner versions = 1.3.10...

7.1CVSS6.1AI score0.00363EPSS

Exploits0Affected Software1

CVE•added 2025/02/14 12:44 p.m.•104 views

CVE-2025-24641

CVE-2025-24641: WordPress plugin Better WishList API (WordPress plugin)

7.1CVSS7.2AI score0.00211EPSS

Exploits0References1

CVE•added 2025/02/14 12:44 p.m.•45 views

CVE-2025-23648

CVE-2025-23648 concerns the WordPress plugin AdsMiddle by wjharil. The initial and connected sources describe an improper neutralization of input during web page generation that enables a reflected XSS vulnerability affecting AdsMiddle versions up to 1.0. The CVSS 3.1 score is 7.1 (HIGH) with net...

7.1CVSS7.2AI score0.0026EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by