CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1122144 matches found

Beautiful Cookie Consent Banner < 2.10.2 - Cross-Site Scripting

The Beautiful Cookie Consent Banner for WordPress is vulnerable to Stored Cross-Site Scripting via the 'nscbarcontenthref' parameter in versions up to, and including, 2.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS6.6AI score0.65715EPSS

Exploits0References4

Nuclei•added 9 hours ago•4 views

Vite dev server - Cross-Site Scripting

Vite's dev server, when used with appType: 'custom' and manually invoking server.transformIndexHtml using the unmodified request URL, is vulnerable to XSS via a crafted URL payload. If the HTML being served includes an inline module script ..., an attacker can inject a script via the URL,...

6.1CVSS6.7AI score0.07321EPSS

Exploits1References2

Nuclei•added 9 hours ago•14 views

Ditty (formerly Ditty News Ticker) < 3.0.15 - Cross-Site Scripting

The Ditty formerly Ditty News Ticker WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting XSS vulnerability. id: CVE-2022-0533 info: name: Ditty formerly Ditty News Ticker 3.0.15 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | The Ditty formerly...

6.1CVSS6.4AI score0.04689EPSS

Exploits2References4

Nuclei•added 9 hours ago•21 views

WordPress XML Sitemap Generator for Google <2.0.4 - Cross-Site Scripting/Remote Code Execution

WordPress XML Sitemap Generator for Google plugin before 2.0.4 contains a cross-site scripting vulnerability that can lead to remote code execution. It does not validate a parameter which can be set to an arbitrary value, thus causing cross-site scripting via error message or remote code executio...

6.1CVSS6.9AI score0.03049EPSS

Exploits1References5

Nuclei•added 9 hours ago•21 views

WordPress Plugin MapPress <2.73.4 - Cross-Site Scripting

WordPress Plugin MapPress before version 2.73.4 does not sanitize and escape the 'mapid' parameter before outputting it back in the "Bad mapid" error message, leading to reflected cross-site scripting. id: CVE-2022-0208 info: name: WordPress Plugin MapPress 2.73.4 - Cross-Site Scripting author:...

6.1CVSS6.3AI score0.04312EPSS

Exploits2References4

Nuclei•added 9 hours ago•27 views

kkFileView 4.1.0 - Cross-Site Scripting

kkFileView 4.1.0 contains multiple cross-site scripting vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java. id: CVE-2022-35151 info: name: kkFileView 4.1.0 - Cross-Site Scripting author: arafatansari severity: medium description: | kkFileView 4.1.0...

6.1CVSS6.2AI score0.04409EPSS

Exploits1References5

Nuclei•added 9 hours ago•21 views

Open edX <2022-06-06 - Cross-Site Scripting

Open edX before 2022-06-06 contains a reflected cross-site scripting vulnerability via the 'next' parameter in the logout URL. id: CVE-2022-32195 info: name: Open edX 2022-06-06 - Cross-Site Scripting author: arafatansari severity: medium description: | Open edX before 2022-06-06 contains a...

6.1CVSS6.2AI score0.04056EPSS

Exploits0References5

Nuclei•added 9 hours ago•20 views

Wavlink WN-535G3 - Cross-Site Scripting

Wavlink WN-535G3 contains a POST cross-site scripting vulnerability via the hostname parameter at /cgi-bin/login.cgi. id: CVE-2022-30489 info: name: Wavlink WN-535G3 - Cross-Site Scripting author: For3stCo1d severity: medium description: | Wavlink WN-535G3 contains a POST cross-site scripting...

6.1CVSS6.7AI score0.28752EPSS

Exploits1References5

Nuclei•added 9 hours ago•15 views

Reprise License Manager 14.2 - Cross-Site Scripting

Reprise License Manager 14.2 contains a reflected cross-site scripting vulnerability in the /goform/loginprocess 'username' parameter via GET, whereby no authentication is required. id: CVE-2022-28363 info: name: Reprise License Manager 14.2 - Cross-Site Scripting author: Akincibor severity: medi...

6.1CVSS6.2AI score0.1389EPSS

Exploits3References5

Nuclei•added 9 hours ago•9 views

PHP Login System 2.0.1 - Cross-Site Scripting

msaad1999's PHP-Login-System 2.0.1 contains a reflected cross-site scripting caused by unsanitized input in 'validator' parameter in /reset-password, letting remote attackers execute arbitrary JavaScript in a user's browser, exploit requires attacker to craft malicious URL id: CVE-2023-38875 info...

6.1CVSS6.5AI score0.08597EPSS

Exploits0References2

Nuclei•added 9 hours ago•44 views

Clansphere CMS 2011.4 - Cross-Site Scripting

Clansphere CMS 2011.4 contains an unauthenticated reflected cross-site scripting vulnerability via the "module" parameter. id: CVE-2021-27309 info: name: Clansphere CMS 2011.4 - Cross-Site Scripting author: edoardottt severity: medium description: | Clansphere CMS 2011.4 contains an unauthenticat...

6.1CVSS6.2AI score0.00887EPSS

Exploits1References4

Nuclei•added 9 hours ago•20 views

Sidekiq <=6.2.0 - Cross-Site Scripting

Sidekiq through 5.1.3 and 6.x through 6.2.0 contains a cross-site scripting vulnerability via the queue name of the live-poll feature when Internet Explorer is used. id: CVE-2021-30151 info: name: Sidekiq =6.2.0 - Cross-Site Scripting author: DhiyaneshDk severity: medium description: Sidekiq...

6.1CVSS6.2AI score0.139EPSS

Exploits1References5

Nuclei•added 9 hours ago•21 views

WordPress Anti-Malware Security and Brute-Force Firewall <4.21.83 - Cross-Site Scripting

WordPress Anti-Malware Security and Brute-Force Firewall plugin before 4.21.83 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in an admin dashboard. id: CVE-2022-2599 info: name: WordPress Anti-Malware Security an...

6.1CVSS6.2AI score0.30915EPSS

Exploits2References4

Nuclei•added 9 hours ago•35 views

phpMyAdmin < 5.1.2 - Cross-Site Scripting

An issue was discovered in phpMyAdmin 5.1 before 5.1.2 that could allow an attacker to inject malicious code into aspects of the setup script, which can allow cross-site or HTML injection. id: CVE-2022-23808 info: name: phpMyAdmin 5.1.2 - Cross-Site Scripting author: cckuailong,daffainfo severity...

6.1CVSS6.4AI score0.49362EPSS

Exploits2References5

Nuclei•added 9 hours ago•24 views

WordPress Tutor LMS <2.0.10 - Cross Site Scripting

WordPress Tutor LMS plugin before 2.0.10 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the resetkey and userid parameters before outputting then back in attributes. An attacker can inject arbitrary script in the browser of an unsuspecting user in the conte...

6.1CVSS6.4AI score0.20076EPSS

Exploits2References3

Nuclei•added 9 hours ago•22 views

Membership Database <= 1.0 - Cross-Site Scripting

Membership Database before 1.0 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker t...

6.1CVSS6.9AI score0.12454EPSS

Exploits2References3

Nuclei•added 9 hours ago•23 views

WordPress Events Calendar <1.4.5 - Cross-Site Scripting

WordPress Events Calendar plugin before 1.4.5 contains multiple cross-site scripting vulnerabilities. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the...

6.1CVSS6.4AI score0.04142EPSS

Exploits2References2

Nuclei•added 9 hours ago•20 views

CandidATS 3.0.0 - Cross-Site Scripting

CandidATS 3.0.0 contains a cross-site scripting vulnerability via the page parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

6.1CVSS6.4AI score0.02714EPSS

Exploits1References5

Nuclei•added 9 hours ago•17 views

Kae's File Manager <=1.4.7 - Cross-Site Scripting

Kae's File Manager through 1.4.7 contains a cross-site scripting vulnerability via a crafted GET request to /kfm/index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.4AI score0.09244EPSS

Exploits1References5

Nuclei•added 9 hours ago•19 views

Academy Learning Management System <5.9.1 - Cross-Site Scripting

Academy Learning Management System before 5.9.1 contains a cross-site scripting vulnerability via the Search parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.4AI score0.30743EPSS

Exploits2References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by