CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1123136 matches found

WordPress Feed Them Social <3.0.1 - Cross-Site Scripting

WordPress Feed Them Social plugin before 3.0.1 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back in the page. id: CVE-2022-2383 info: name: WordPress Feed Them Social 3.0.1 - Cross-Site Scripting author: akincibor...

6.1CVSS6AI score0.06392EPSS

Exploits2References5

Nuclei•added yesterday•36 views

FUDForum 3.1.0 - Cross-Site Scripting

FUDForum 3.1.0 contains a cross-site scripting vulnerability which allows remote attackers to inject JavaScript via index.php in the "srch" parameter. id: CVE-2021-27519 info: name: FUDForum 3.1.0 - Cross-Site Scripting author: kh4sh3i severity: medium description: | FUDForum 3.1.0 contains a...

6.1CVSS6.1AI score0.03939EPSS

Exploits4References5

Nuclei•added yesterday•28 views

WordPress Supsystic Contact Form <1.7.15 - Cross-Site Scripting

WordPress Supsystic Contact Form plugin before 1.7.15 contains a cross-site scripting vulnerability. It does not sanitize the tab parameter of its options page before outputting it in an attribute. id: CVE-2021-24276 info: name: WordPress Supsystic Contact Form 1.7.15 - Cross-Site Scripting autho...

6.1CVSS6AI score0.08366EPSS

Exploits5References5

Nuclei•added yesterday•23 views

Advantech R-SeeNet 2.4.12 - Cross-Site Scripting

Advantech R-SeeNet 2.4.12 contains a reflected cross-site scripting vulnerability in the sshform.php script functionality. id: CVE-2021-21800 info: name: Advantech R-SeeNet 2.4.12 - Cross-Site Scripting author: arafatansari severity: medium description: | Advantech R-SeeNet 2.4.12 contains a...

9.6CVSS6.9AI score0.64875EPSS

Exploits1References5

Nuclei•added yesterday•17 views

GTranslate < 2.8.65 - Cross-Site Scripting

In the Pro and Enterprise versions of GTranslate 2.8.65, the gtranslaterequesturivar function runs at the top of all pages and echoes out the contents of $SERVER'REQUESTURI'. Although this uses addslashes, and most modern browsers automatically URLencode requests, this plugin is still vulnerable ...

6.1CVSS6.3AI score0.02674EPSS

Exploits2References2

Nuclei•added yesterday•17 views

Rukovoditel <= 3.2.1 - Cross Site Scripting

A stored cross-site scripting XSS vulnerability in the Global Entities feature /index.php?module=entities/entities of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Entity"...

5.4CVSS6AI score0.04456EPSS

Exploits1References3

Nuclei•added yesterday•30 views

Landing Page Builder < 1.4.9.6 - Cross-Site Scripting

The Landing Page Builder WordPress plugin before 1.4.9.6 was affected by a reflected XSS in page-builder-add on the ulpbpost admin page. id: CVE-2021-25067 info: name: Landing Page Builder 1.4.9.6 - Cross-Site Scripting author: theamanrawat severity: medium description: | The Landing Page Builder...

5.4CVSS6.1AI score0.08064EPSS

Exploits2References5

Nuclei•added yesterday•22 views

WordPress FlatPM <3.0.13 - Cross-Site Scripting

WordPress FlatPM plugin before 3.0.13 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape certain parameters before outputting them back in pages, which can be exploited against high privilege users such as admin. An attacker can steal cookie-based authenticatio...

5.4CVSS5.7AI score0.0485EPSS

Exploits2References5

Nuclei•added yesterday•14 views

WordPress Visualizer <3.3.1 - Cross-Site Scripting

WordPress Visualizer plugin before 3.3.1 contains a stored cross-site scripting vulnerability via /wp-json/visualizer/v1/update-chart WP-JSON API endpoint. An unauthenticated attacker can execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard...

6.1CVSS6.4AI score0.01687EPSS

Exploits2References5

Nuclei•added yesterday•15 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/ssl-provider-account.php Username field. id: CVE-2018-20010 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD through version 4.11.01 is...

4.8CVSS5.7AI score0.00455EPSS

Exploits5References4

Nuclei•added yesterday•48 views

Monstra CMS 3.0.4 - Cross-Site Scripting

Monstra CMS 3.0.4 contains a cross-site scripting vulnerability via the registration form i.e., the login parameter to users/registration. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal...

6.1CVSS6.6AI score0.00365EPSS

Exploits0References4

Nuclei•added yesterday•23 views

WordPress Woody Ad Snippets <2.2.5 - Cross-Site Scripting/Remote Code Execution

WordPress Woody Ad Snippets prior to 2.2.5 is susceptible to cross-site scripting and remote code execution via admin/includes/class.import.snippet.php, which allows unauthenticated options import as demonstrated by storing a cross-site scripting payload for remote code execution. id:...

8.8CVSS8AI score0.70211EPSS

Exploits2References5

Nuclei•added yesterday•18 views

Open-School 3.0/Community Edition 2.3 - Cross-Site Scripting

Open-School 3.0, and Community Edition 2.3, allows cross-site scripting via the osv/index.php?r=students/guardians/create id parameter. id: CVE-2019-14696 info: name: Open-School 3.0/Community Edition 2.3 - Cross-Site Scripting author: pikpikcu severity: medium description: Open-School 3.0, and...

6.1CVSS6AI score0.32208EPSS

Exploits5References5

Nuclei•added yesterday•21 views

Timesheet Next Gen <=1.5.3 - Cross-Site Scripting

Timesheet Next Gen 1.5.3 and earlier is vulnerable to cross-site scripting that allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the...

6.1CVSS6.3AI score0.15846EPSS

Exploits1References5

Nuclei•added yesterday•16 views

WordPress Plugin Flexible Custom Post Type < 0.1.7 - Cross-Site Scripting

A cross-site scripting vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter. id: CVE-2011-5106 info: name: WordPress Plugin Flexible Custom Post Type 0.1.7 - Cross-Site...

4.3CVSS5.4AI score0.00989EPSS

Exploits1References5

Nuclei•added yesterday•19 views

WordPress 15Zine <3.3.0 - Cross-Site Scripting

WordPress 15Zine before 3.3.0 is vulnerable to reflected cross-site scripting because the theme does not sanitize the cbi parameter before including it in the HTTP response via the cbsa AJAX action. id: CVE-2020-36510 info: name: WordPress 15Zine 3.3.0 - Cross-Site Scripting author: veshraj...

6.1CVSS6.1AI score0.02579EPSS

Exploits2References3

Nuclei•added yesterday•14 views

rConfig 3.9.4 - Cross-Site Scripting

The rConfig 3.9.4 is vulnerable to cross-site scripting. The devicemgmnt.php file improperly validates the request coming from the user input. Due to this flaw, An attacker can exploit this vulnerability by crafting arbitrary javascript in deviceId GET parameter of devicemgmnt.php resulting in...

5.4CVSS6.1AI score0.54902EPSS

Exploits1References5

Nuclei•added yesterday•16 views

PacsOne Server <7.1.1 - Cross-Site Scripting

PacsOne Server PACS Server In One Box below 7.1.1 is vulnerable to cross-site scripting. id: CVE-2020-29164 info: name: PacsOne Server 7.1.1 - Cross-Site Scripting author: geeknik severity: medium description: PacsOne Server PACS Server In One Box below 7.1.1 is vulnerable to cross-site scripting...

6.1CVSS5.7AI score0.10218EPSS

Exploits1References5

Nuclei•added yesterday•17 views

Rukovoditel <= 2.7.2 - Cross-Site Scripting

A stored cross site scripting XSS vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. id: CVE-2020-35987 info: name: Rukovoditel = 2.7.2 - Cross-Site...

5.4CVSS5.8AI score0.02921EPSS

Exploits1References3

Nuclei•added yesterday•7 views

ONLYOFFICE Docs (DocumentServer) - Reflected Cross-Site Scripting

ONLYOFFICE Docs DocumentServer = 8.3.1 contains a reflected XSS caused by improper sanitization of crafted HTTP POST requests via the WOPI protocol, letting attackers inject malicious scripts reflected in HTML response, exploit requires crafted POST requests. id: CVE-2025-5301 info: name:...

6.1CVSS5.5AI score0.04975EPSS

Exploits1References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by