Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6239 matches found

OSV
OSVadded 2025/01/10 3:29 p.m.19 views

CVE-2025-22599 WeGIA has a Cross-Site Scripting (XSS) Reflected endpoint `home.php` parameter `msg_c`

WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the home.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msgc parameter. This vulnerability is fixed in 3.2.8...

6.4CVSS5.7AI score0.00393EPSS
Exploits1References3
OSV
OSVadded 2025/01/10 3:29 p.m.13 views

CVE-2025-22598 WeGIA has a Cross-Site Scripting (XSS) Stored endpoint 'cadastrarSocio.php' parameter 'nome'

WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the cadastrarSocio.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the localrecepcao parameter. The injected scripts ar...

8.3CVSS5.2AI score0.00339EPSS
Exploits1References3
CNVD
CNVDadded 2025/01/10 12:0 a.m.7 views

WordPress Plugin Estatik Mortgage Calculator Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.1CVSS6.2AI score0.00424EPSS
Exploits0References1
CNVD
CNVDadded 2025/01/10 12:0 a.m.7 views

WordPress plugin Hash Elements cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Hash...

6.5CVSS6.8AI score0.00237EPSS
Exploits0References1
The Hacker News
The Hacker Newsadded 2025/01/09 5:29 p.m.23 views

Major Vulnerabilities Patched in SonicWall, Palo Alto Expedition, and Aviatrix Controllers

Palo Alto Networks has released software patches to address several security flaws in its Expedition migration tool, including a high-severity bug that an authenticated attacker could exploit to access sensitive data. "Multiple vulnerabilities in the Palo Alto Networks Expedition migration tool...

9.2CVSS10AI score0.98545EPSS
Exploits5
Vulnrichment
Vulnrichmentadded 2025/01/09 3:39 p.m.4 views

CVE-2025-22295 WordPress Tripetto plugin <= 8.0.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tripetto WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto tripetto allows Stored XSS.This issue affects WordPress form builder plugin for contact forms, surveys and...

7.1CVSS8.6AI score0.00363EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/01/09 3:39 p.m.15 views

CVE-2025-22345 WordPress TS Comfort DB plugin <= 2.0.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tsinf TS Comfort DB ts-comfort-database allows Reflected XSS.This issue affects TS Comfort DB: from n/a through = 2.0.7...

7.1CVSS0.00303EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/01/09 3:39 p.m.13 views

CVE-2025-22807 WordPress Responsive Flickr Slideshow Plugin <= 2.6.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Robert Responsive Flickr Slideshow mobile-friendly-flickr-slideshow allows Stored XSS.This issue affects Responsive Flickr Slideshow: from n/a through = 2.6.0...

6.5CVSS0.00206EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/01/09 3:39 p.m.20 views

CVE-2025-22811 WordPress MT Addons for Elementor plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cristian Stan MT Addons for Elementor mt-addons-for-elementor allows Stored XSS.This issue affects MT Addons for Elementor: from n/a through = 1.0.6...

6.5CVSS0.00225EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/01/09 2:31 a.m.6 views

CVE-2024-13205 kurniaramadhan E-Commerce-PHP Create Product Page create_product.php cross site scripting

A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/createproduct.php of the component Create Product Page. The manipulation of the argument Name leads to cross site scripting. Th...

5.1CVSS5.7AI score0.00526EPSS
Exploits1References5
Positive Technologies
Positive Technologiesadded 2025/01/09 12:0 a.m.2 views

PT-2025-1786 · WordPress · Deliver Via Shipos For Woocommerce

Name of the Vulnerable Software and Affected Versions: Deliver via Shipos for WooCommerce plugin for WordPress versions up to, and including, 2.1.7 Description: The issue is related to Reflected Cross-Site Scripting via the dvsfw bulk label url parameter due to insufficient input sanitization and...

6.1CVSS6.8AI score0.0035EPSS
Exploits0References7
Cvelist
Cvelistadded 2025/01/09 12:0 a.m.10 views

CVE-2024-55226

Vaultwarden v1.32.5 was discovered to contain an authenticated reflected cross-site scripting XSS vulnerability via the component /api/core/mod.rs...

0.00366EPSS
Exploits1References3
NVD
NVDadded 2025/01/08 8:15 p.m.13 views

CVE-2025-22143

WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the listarpermissoes.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msge parameter. This vulnerability is fixed i...

6.4CVSS0.0031EPSS
Exploits1References1
Cvelist
Cvelistadded 2025/01/08 7:42 p.m.21 views

CVE-2025-22143 WeGIA Cross-Site Scripting (XSS) Reflected endpoint 'listar_permissoes.php' parameter 'msg_e'

WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the listarpermissoes.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msge parameter. This vulnerability is fixed i...

6.4CVSS0.0031EPSS
Exploits1References1
Cvelist
Cvelistadded 2025/01/08 4:19 p.m.11 views

CVE-2025-20167 Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied...

5.4CVSS0.00276EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/01/08 4:9 p.m.7 views

CVE-2025-20123 Cisco Crosswork Network Controller Stored Cross-Site Scripting Vulnerability

Multiple vulnerabilities in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against users of the interface of an affected system. These vulnerabilities exist because the web-based...

4.8CVSS5.2AI score0.00256EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/01/08 12:0 a.m.5 views

PT-2025-1023 · Cisco · Cisco Common Services Platform Collector

Name of the Vulnerable Software and Affected Versions: Cisco Common Services Platform Collector CSPC affected versions not specified Description: The issue is related to insufficient validation of user-supplied input by the web-based management interface of an affected system, allowing an...

5.5CVSS5.2AI score0.00357EPSS
Exploits0References8
NVD
NVDadded 2025/01/07 4:15 p.m.11 views

CVE-2025-22578

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in aazztech WP Cookie wp-cookie allows Stored XSS.This issue affects WP Cookie: from n/a through = 1.0.0...

5.9CVSS0.00277EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/01/07 2:57 p.m.6 views

CVE-2025-22573 WordPress Icons Enricher plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in copist Icons Enricher allows Stored XSS.This issue affects Icons Enricher: from n/a through 1.0.8...

6.5CVSS6.8AI score0.00263EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/01/07 10:49 a.m.17 views

CVE-2024-49633 WordPress DirectoryPress plugin <= 3.6.19 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Designinvento DirectoryPress directorypress allows Reflected XSS.This issue affects DirectoryPress: from n/a through = 3.6.19...

7.1CVSS0.0031EPSS
Exploits0References1
Rows per page
Query Builder