CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6239 matches found

Vulnrichment•added 2025/01/15 3:23 p.m.•5 views

CVE-2025-22758 WordPress Elementor AI Addons plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Harnani Elementor AI Addons ai-addons-for-elementor allows DOM-Based XSS.This issue affects Elementor AI Addons: from n/a through = 2.2.1...

6.5CVSS7.2AI score0.00269EPSS

Exploits0References1

NVD•added 2025/01/15 11:15 a.m.•23 views

CVE-2024-35280

A improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiDeceptor 5.3.0, FortiDeceptor 5.2.0, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions, FortiDeceptor 4.3 all versions, FortiDeceptor 4.2 all versions, FortiDeceptor 4....

6.1CVSS0.00278EPSS

Exploits0References1

CVE•added 2025/01/15 10:7 a.m.•54 views

CVE-2024-35280

CVE-2024-35280 describes a cross-site scripting vulnerability in Fortinet FortiDeceptor, affecting versions 3.x through 5.3.0. The issue stems from improper neutralization of input during web page generation, allowing a reflected XSS in recovery endpoints. Public details are corroborated across m...

6.1CVSS5AI score0.00278EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/01/14 2:21 p.m.•5 views

CVE-2024-39363

A cross-site scripting xss vulnerability exists in the login.cgi setlangCountryCode functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this...

9.6CVSS8.8AI score0.48086EPSS

Exploits1References1

Cvelist•added 2025/01/14 12:8 a.m.•19 views

CVE-2025-0057 Cross-Site Scripting vulnerability in SAP NetWeaver AS JAVA (User Admin Application)

SAP NetWeaver AS JAVA User Admin Application is vulnerable to stored cross site scripting vulnerability. An attacker posing as an admin can upload a photo with malicious JS content. When a victim visits the vulnerable component, the attacker can read and modify information within the scope of...

4.8CVSS0.0023EPSS

Exploits0References2

Vulnrichment•added 2025/01/14 12:0 a.m.•7 views

CVE-2024-50857

The ipdojob request in GestioIP v3.5.7 is vulnerable to Cross-Site Scripting XSS. It allows data exfiltration and enables CSRF attacks. The vulnerability requires specific user permissions within the application to exploit successfully...

4.9AI score0.01172EPSS

Exploits3References3

CNNVD•added 2025/01/14 12:0 a.m.•3 views

Fortinet FortiSOAR 跨站脚本漏洞

Fortinet FortiSOAR is a Security Orchestration, Automation and Response SOAR solution from Fortinet, Inc. A cross-site scripting vulnerability exists in Fortinet FortiSOAR that stems from improper input invalidation during web page generation. An authenticated attacker can exploit this...

6.8CVSS6AI score0.00447EPSS

Exploits0References1

ICS•added 2025/01/14 12:0 a.m.•6 views

Siemens Industrial Edge Management

SUMMARY Industrial Edge Management is affected by a reflected cross-site scripting XSS vulnerability that could allow an attacker to extract sensitive information by tricking users into accessing a malicious link. Siemens recommends countermeasures for products where fixes are not, or not yet...

6.1CVSS6.1AI score0.00273EPSS

Exploits0References10

Vulnrichment•added 2025/01/13 11:35 p.m.•10 views

CVE-2025-23038 Cross-Site Scripting (XSS) Stored endpoint 'remuneracao.php ' parameter 'descricao' in WeGIA

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the remuneracao.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into th...

6.4CVSS5.4AI score0.00273EPSS

Exploits1References2

OSV•added 2025/01/13 11:35 p.m.•10 views

CVE-2025-23038 Cross-Site Scripting (XSS) Stored endpoint 'remuneracao.php ' parameter 'descricao' in WeGIA

6.4CVSS5.3AI score0.00273EPSS

Exploits1References4

CVE•added 2025/01/13 8:58 p.m.•50 views

CVE-2025-22614

WeGIA is affected by a Stored Cross‑Site Scripting (XSS) in the dependente_editarInfoPessoal.php endpoint, specifically via the nome and SobrenomeForm parameters. The vulnerability arises from inadequate input validation/sanitization, allowing attackers to store malicious scripts on the server th...

6.4CVSS5.2AI score0.00273EPSS

Exploits1References2Affected Software1

OSV•added 2025/01/13 8:54 p.m.•13 views

CVE-2025-22616 WeGIA Cross-Site Scripting (XSS) Stored endpoint 'dependente_parentesco_adicionar.php' parameter 'descricao'

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the dependenteparentescoadicionar.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicio...

6.4CVSS5.3AI score0.00273EPSS

Exploits1References4

Patchstack•added 2025/01/13 5:49 p.m.•4 views

WordPress Bold pagos en linea Plugin <= 3.1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Parasimpaticki Patchstack Alliance in WordPress Plugin Bold pagos en linea versions = 3.1.4...

7.1CVSS6.1AI score0.00261EPSS

Exploits0Affected Software1

Vulnrichment•added 2025/01/13 1:11 p.m.•9 views

CVE-2025-22499 WordPress F4 Post Tree Plugin <= 1.1.18 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FAKTOR VIER F4 Post Tree f4-tree allows Reflected XSS.This issue affects F4 Post Tree: from n/a through = 1.1.18...

7.1CVSS8.6AI score0.00246EPSS

Exploits0References1

Vulnrichment•added 2025/01/13 12:0 a.m.•5 views

CVE-2024-57488

Code-Projects Online Car Rental System 1.0 is vulnerable to Cross Site Scripting XSS via the vehicalorcview parameter in /admin/edit-vehicle.php...

6AI score0.02311EPSS

Exploits3References2

Vulnrichment•added 2025/01/13 12:0 a.m.•9 views

CVE-2023-42249

Selesta Visual Access Manager 4.42.2 is vulnerable to Cross Site Scripting XSS via vam/vamvisits.php...

5.9AI score0.00224EPSS

Exploits0References1

CNVD•added 2025/01/13 12:0 a.m.•7 views

Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability (CNVD-2025-01386)

Cisco Common Services Platform Collector is a common services platform data collector from Cisco USA. Cisco Common Services Platform Collector suffers from a stored cross-site scripting vulnerability that can be exploited by remote attackers to inject malicious script or HTML code, which can be...

5.4CVSS5.6AI score0.00357EPSS

Exploits0References1

CVE•added 2025/01/13 12:0 a.m.•36 views

CVE-2023-42230

Pat Infinite Solutions HelpdeskAdvanced versions <= 11.0.33 are vulnerable to Cross-Site Scripting (XSS) via the WSCView/Save function. The root cause is XSS in the WSCView/Save workflow, as documented by Red Hat and other sources. Affected product: Pat Infinite Solutions HelpdeskAdvanced

6.1CVSS5.8AI score0.00275EPSS

Exploits0References1Affected Software1

OSV•added 2025/01/10 9:31 p.m.•7 views

GHSA-J4V9-CM37-H7C2 Microweber Cross-site Scripting vulnerability

Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the campaign Name Internal Name field in the Add new campaign function...

6.9CVSS5.3AI score0.0109EPSS

Exploits4References3

CVE•added 2025/01/10 3:30 p.m.•50 views

CVE-2025-22600

CVE-2025-22600 refers to a reflected Cross-Site Scripting (XSS) vulnerability in the WeGIA web manager, specifically in the Configuracao_doacao.php endpoint via the avulso parameter. The root cause is a reflected XSS condition that allows injection of scripts, enabling potential script execution ...

6.5CVSS6AI score0.00393EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by