CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1122222 matches found

WordPress Simpel Reserveren <=3.5.2 - Cross-Site Scripting

WordPress plugin Simpel Reserveren 3.5.2 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.5AI score0.07335EPSS

Exploits1References5

Nuclei•added 14 hours ago•71 views

Django Debug Page - Cross-Site Scripting

Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5 has HTML autoescaping disabled in a portion of the template for the technical 500 debug page. We detected that right circumstances DEBUG=True are present to allow a cross-site scripting attack. id: CVE-2017-12794 info: name: Django Debug Page -...

6.1CVSS6.6AI score0.09727EPSS

Exploits0References5

Nuclei•added 14 hours ago•23 views

WordPress 2kb Amazon Affiliates Store <2.1.1 - Cross-Site Scripting

WordPress 2kb Amazon Affiliates Store plugin before 2.1.1 contains multiple cross-site scripting vulnerabilities. The plugin allows an attacker to inject arbitrary web script or HTML via the 1 page parameter or 2 kbAction parameter in the kbAmz page to wp-admin/admin.php, thus making possible the...

6.1CVSS6.3AI score0.00147EPSS

Exploits1References5

Nuclei•added 14 hours ago•16 views

User Role by BestWebSoft < 1.5.6 - Cross-Site Scripting

The user-role plugin before 1.5.6 for WordPress has multiple XSS issues. id: CVE-2017-18566 info: name: User Role by BestWebSoft 1.5.6 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The user-role plugin before 1.5.6 for WordPress has multiple XSS issues. impact: |...

6.1CVSS6.4AI score0.00097EPSS

Exploits1References4

Nuclei•added 14 hours ago•23 views

Custom Search by BestWebSoft < 1.36 - Cross-Site Scripting

The custom-search-plugin plugin before 1.36 for WordPress has multiple XSS issues. id: CVE-2017-18494 info: name: Custom Search by BestWebSoft 1.36 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The custom-search-plugin plugin before 1.36 for WordPress has multiple X...

6.1CVSS6.4AI score0.00104EPSS

Exploits1References4

Nuclei•added 14 hours ago•16 views

Jeesns 1.4.2 - Cross-Site Scripting

Jeesns 1.4.2 is vulnerable to reflected cross-site scripting in the /newVersion component and allows attackers to execute arbitrary web scripts or HTML. id: CVE-2020-19283 info: name: Jeesns 1.4.2 - Cross-Site Scripting author: pikpikcu severity: medium description: Jeesns 1.4.2 is vulnerable to...

6.1CVSS6.5AI score0.01992EPSS

Exploits1References4

Nuclei•added 14 hours ago•18 views

D-Link DIR-816L 2.x - Cross-Site Scripting

D-Link DIR-816L devices 2.x before 1.10b04Beta02 contains a cross-site scripting vulnerability. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter before being printed on the webpage. An attacker can inject arbitrary script in the browser of an unsuspecting us...

6.1CVSS6.5AI score0.13735EPSS

Exploits1References4

Nuclei•added 14 hours ago•18 views

WordPress Laborator Neon Theme 2.0 - Cross-Site Scripting

WordPress Laborator Neon theme 2.0 contains a cross-site scripting vulnerability via the data/autosuggest-remote.php q parameter. id: CVE-2019-20141 info: name: WordPress Laborator Neon Theme 2.0 - Cross-Site Scripting author: knassar702 severity: medium description: WordPress Laborator Neon them...

6.1CVSS6.2AI score0.12494EPSS

Exploits1References5

Nuclei•added 14 hours ago•26 views

Xinuo Openserver 5/6 - Cross-Site scripting

Xinuo formerly SCO Openserver versions 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section' and is vulnerable to reflected cross-site scripting. id: CVE-2020-25495 info: name: Xinuo Openserver 5/6 - Cross-Site scripting author: 0xAkoko severity:...

6.1CVSS6.2AI score0.01051EPSS

Exploits3References5

Nuclei•added 14 hours ago•28 views

ATutor < 2.2.1 - Cross Site Scripting

ATutor 2.2.1 was discovered with a vulnerability, a reflected cross-site scripting XSS, in ATtutor 2.2.1 via token body parameter. id: CVE-2023-27008 info: name: ATutor 2.2.1 - Cross Site Scripting author: r3Y3r53 severity: medium description: | ATutor 2.2.1 was discovered with a vulnerability, a...

6.1CVSS6.2AI score0.39715EPSS

Exploits1References3

Nuclei•added 14 hours ago•27 views

PMB v7.4.6 - Cross-Site Scripting

PMB v7.4.6 allows an attacker to perform a reflected XSS on exportz3950.php via the 'query' parameter. id: CVE-2023-24737 info: name: PMB v7.4.6 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | PMB v7.4.6 allows an attacker to perform a reflected XSS on exportz3950.php via t...

6.1CVSS6.4AI score0.03412EPSS

Exploits1References3

Nuclei•added 14 hours ago•21 views

WordPress GN Publisher <1.5.6 - Cross-Site Scripting

WordPress GN Publisher plugin before 1.5.6 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow th...

6.1CVSS6.7AI score0.17362EPSS

Exploits3References5

Nuclei•added 14 hours ago•22 views

WordPress Japanized for WooCommerce <2.5.8 - Cross-Site Scripting

WordPress Japanized for WooCommerce plugin before 2.5.8 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This...

6.1CVSS6.9AI score0.21417EPSS

Exploits2References3

Nuclei•added 14 hours ago•72 views

H3C SSL VPN <=2022-07-10 - Cross-Site Scripting

H3C SSL VPN 2022-07-10 and prior contains a cookie-based cross-site scripting vulnerability in wnm/login/login.json svpnlang. id: CVE-2022-35416 info: name: H3C SSL VPN =2022-07-10 - Cross-Site Scripting author: 0x240x23elu severity: medium description: | H3C SSL VPN 2022-07-10 and prior contains...

6.1CVSS6.2AI score0.06631EPSS

Exploits1References5

Nuclei•added 14 hours ago•19 views

WWBN AVideo 11.6 - Cross-Site Scripting

WWBN AVideo 11.6 contains a cross-site scripting vulnerability in the footer alerts functionality via the 'msg' parameter, which is inserted into the document with insufficient sanitization. id: CVE-2022-32772 info: name: WWBN AVideo 11.6 - Cross-Site Scripting author: arafatansari severity: medi...

9.6CVSS6.8AI score0.07798EPSS

Exploits0References5

Nuclei•added 14 hours ago•20 views

WWBN AVideo 11.6 - Cross-Site Scripting

WWBN AVideo 11.6 contains a cross-site scripting vulnerability in the footer alerts functionality via the 'toast' parameter, which is inserted into the document with insufficient sanitization. id: CVE-2022-32770 info: name: WWBN AVideo 11.6 - Cross-Site Scripting author: arafatansari severity:...

9.6CVSS6.8AI score0.14418EPSS

Exploits0References5

Nuclei•added 14 hours ago•25 views

Bank Locker Management System - Cross-Site Scripting

A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file add-locker-form.php of the component Assign Locker. The manipulation of the argument ahname leads to cross site scripting. It is possible to initiate...

4.8CVSS3.8AI score0.327EPSS

Exploits1References4

Nuclei•added 14 hours ago•22 views

Helmet Store Showroom - Cross Site Scripting

Helmet Store Showroom 1.0 is vulnerable to Cross Site Scripting XSS. id: CVE-2022-46073 info: name: Helmet Store Showroom - Cross Site Scripting author: Harsh severity: medium description: | Helmet Store Showroom 1.0 is vulnerable to Cross Site Scripting XSS. impact: | Successful exploitation of...

6.1CVSS6.3AI score0.25932EPSS

Exploits1References3

Nuclei•added 14 hours ago•16 views

Rukovoditel <= 3.2.1 - Cross Site Scripting

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Highlight Row feature at /index.php?module=entities/listingtypes&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the...

5.4CVSS6.2AI score0.01093EPSS

Exploits1References4

Nuclei•added 14 hours ago•26 views

Rukovoditel <= 3.2.1 - Cross Site Scripting

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add New Field function at /index.php?module=entities/fields&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name...

5.4CVSS6.2AI score0.02007EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by