CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6236 matches found

NVD•added 2025/10/11 10:15 a.m.•3 views

CVE-2025-10167

The Stock History & Reports Manager for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'algwcstocksnapshotrestocked shortcode in all versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS0.0004EPSS

Exploits0References4

RedhatCVE•added 2025/10/11 8:26 a.m.•3 views

CVE-2025-40640

Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createinvoicesubmit.php”, using the “customerName0” parameter. This vulnerability could allow a...

5.1CVSS4.8AI score0.00033EPSS

Exploits0References1

Cvelist•added 2025/10/10 11:17 a.m.•7 views

CVE-2025-7781 WP JobHunt <= 7.6 - Authenticated (Candidate+) Stored Cross-Site Scripting via ‘cs_job_title’

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Stored Cross-Site Scripting via the ‘csjobtitle’ parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS0.00032EPSS

Exploits0References2

Cvelist•added 2025/10/09 3:57 p.m.•5 views

CVE-2025-59974 Junos Space Security Director: Persistent Cross-Site Scripting (XSS) vulnerability

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Junos Space Security Director allows an attacker to inject malicious scripts into the application, which are then stored and executed in the context of other users' browsers when they access...

9.3CVSS0.00037EPSS

Exploits0References1

NVD•added 2025/10/08 2:15 p.m.•2 views

CVE-2025-43829

Stored cross-site scripting XSS vulnerability in diagram type products in Commerce in Liferay Portal 7.4.3.18 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 18 through update 92 allows remote attackers to inject arbitrary web script or...

5.4CVSS0.00031EPSS

Exploits0References1

Vulnrichment•added 2025/10/08 5:2 a.m.•2 views

CVE-2025-11433 itsourcecode Leave Management System Query Parameter controller.php redirect cross site scripting

A security flaw has been discovered in itsourcecode Leave Management System 1.0. This impacts the function redirect of the file /module/employee/controller.php?action=reset of the component Query Parameter Handler. Performing a manipulation of the argument ID results in cross site scripting. It i...

5.1CVSS3.6AI score0.00029EPSS

Exploits1References5