Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1122394 matches found

Nuclei
Nucleiadded yesterday19 views

Event Espresso Core-Reg 4.10.7.p - Cross-Site Scripting

Event Espresso Core-Reg 4.10.7.p is vulnerable to cross-site scripting in wp-content/plugins/event-espresso-core-reg/adminpages/messages/templates/eemsgadminoverview.template.php and allows remote attackers to inject arbitrary web script or HTML via the page parameter. id: CVE-2020-26153 info:...

6.1CVSS6.4AI score0.13159EPSS
Exploits2References5
Nuclei
Nucleiadded yesterday32 views

Extreme Management Center 8.4.1.24 - Cross-Site Scripting

Extreme Management Center 8.4.1.24 contains a cross-site scripting vulnerability via a parameter in a GET request. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

6.1CVSS6.4AI score0.17063EPSS
Exploits0References5
Nuclei
Nucleiadded yesterday45 views

Wing FTP 6.4.4 - Cross-Site Scripting

Wing FTP 6.4.4 is vulnerable to cross-site scripting via its web interface because an arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of sandboxed arbitrary HTML and JavaScript in the user's browser. id: CVE-2020-27735 info: name: Wing FTP...

6.1CVSS6.4AI score0.52763EPSS
Exploits1References5
Nuclei
Nucleiadded yesterday14 views

SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting

SolarWinds Database Performance Analyzer 11.1.457 contains a reflected cross-site scripting vulnerability in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI. id: CVE-2018-19386 info: nam...

6.1CVSS6.2AI score0.14522EPSS
Exploits1References5
Nuclei
Nucleiadded yesterday5 views

Label Studio < 1.18.0 - Reflected XSS

Label Studio 1.18.0 contains a stored XSS caused by improper sanitization in POST /projects/upload-example/ endpoint, letting attackers inject malicious scripts to hijack sessions and perform unauthorized actions, exploit requires sending crafted requests. id: CVE-2025-47783 info: name: Label...

7.6CVSS5.8AI score0.00198EPSS
Exploits1References1
Nuclei
Nucleiadded yesterday23 views

Membership Database <= 1.0 - Cross-Site Scripting

Membership Database before 1.0 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker t...

6.1CVSS6.9AI score0.12454EPSS
Exploits2References3
Nuclei
Nucleiadded yesterday193 views

RealGimm by GruppoSCAI v1.1.37p38 - Cross-Site Scripting

Multiple reflected cross-site scripting XSS vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter. id:...

6.1CVSS6.5AI score0.17013EPSS
Exploits1References3
Nuclei
Nucleiadded yesterday124 views

XWiki >= 6.2-milestone-1 - Cross-Site Scripting

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the DeleteApplication page to perform a XSS, e.g. by using URL such as:...

9.6CVSS6.3AI score0.15561EPSS
Exploits0References2
Nuclei
Nucleiadded yesterday17 views

WordPress Under Construction <1.19 - Cross-Site Scripting

WordPress Under Construction plugin before 1.19 contains a cross-site scripting vulnerability. The plugin echoes out the raw value of $GLOBALS'PHPSELF' in the ucOptions.php file on certain configurations, including Apache+modPHP. id: CVE-2021-39320 info: name: WordPress Under Construction 1.19 -...

6.1CVSS6.2AI score0.19664EPSS
Exploits1References5
Nuclei
Nucleiadded yesterday16 views

Reprise License Manager 14.2 - Cross-Site Scripting

Reprise License Manager 14.2 contains a reflected cross-site scripting vulnerability in the /goform/loginprocess 'username' parameter via GET, whereby no authentication is required. id: CVE-2022-28363 info: name: Reprise License Manager 14.2 - Cross-Site Scripting author: Akincibor severity: medi...

6.1CVSS6.2AI score0.1389EPSS
Exploits3References5
Nuclei
Nucleiadded yesterday25 views

Quixplorer <=2.4.1 - Cross-Site Scripting

Quixplorer through 2.4.1 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. id:...

6.1CVSS6.4AI score0.06813EPSS
Exploits1References3
Nuclei
Nucleiadded yesterday82 views

Oracle Fusion Middleware WebCenter Sites 11.1.1.8.0 - Cross-Site Scripting

The Oracle WebCenter Sites 11.1.1.8.0 component of Oracle Fusion Middleware is impacted by easily exploitable cross-site scripting vulnerabilities that allow high privileged attackers with network access via HTTP to compromise Oracle WebCenter Sites. id: CVE-2018-3238 info: name: Oracle Fusion...

6.9CVSS6.8AI score0.30481EPSS
Exploits0References5
Nuclei
Nucleiadded yesterday17 views

Featurific For WordPress 1.6.2 - Cross-Site Scripting

A cross-site scripting vulnerability in cachedimage.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum parameter. id: CVE-2011-5265 info: name: Featurific For WordPress 1.6.2 - Cross-Site Scripting author:...

4.3CVSS5.8AI score0.06129EPSS
Exploits0References4
Nuclei
Nucleiadded yesterday18 views

LearnPress < 4.2.5.5 - Cross-Site Scripting

The LearnPress WordPress plugin before 4.2.5.5 does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2023-5558 info: name: LearnPress 4.2.5.5 - Cross-Site...

6.1CVSS6.3AI score0.0328EPSS
Exploits2References2
Nuclei
Nucleiadded yesterday10 views

WP Finance Plugin <= 1.3.6 - Cross-Site Scripting

WP Finance WordPress plugin = 1.3.6 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before output, letting attackers execute scripts in high privilege users' browsers, exploit requires victim to click a malicious link. id: CVE-2024-13097 info:...

5.4CVSS7.2AI score0.03222EPSS
Exploits1References2
Nuclei
Nucleiadded yesterday24 views

SuperWebMailer 9.31.0.01799 - Cross-Site Scripting

SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting XSS vulenrability via the component api.php. id: CVE-2024-24131 info: name: SuperWebMailer 9.31.0.01799 - Cross-Site Scripting author: DhiyaneshDK severity: medium description: | SuperWebMailer v9.31.0.01799 w...

6.1CVSS6.2AI score0.13158EPSS
Exploits1References2
Nuclei
Nucleiadded yesterday5 views

WP Extended < 3.0.0 - Stored Cross-Site Scripting

The Ultimate WordPress Toolkit - WP Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

7.1CVSS6AI score0.11677EPSS
Exploits0References4
Nuclei
Nucleiadded yesterday29 views

WordPress sitepress-multilingual-cms 3.6.3 - Cross-Site Scripting

WordPress plugin sitepress-multilingual-cms 3.6.3 is vulnerable to cross-site scripting in processforms via any localefilename parameter such as localefilenameen in an authenticated theme-localization.php request to wp-admin/admin.php. id: CVE-2018-18069 info: name: WordPress...

6.1CVSS6.2AI score0.14198EPSS
Exploits2References5
Nuclei
Nucleiadded yesterday25 views

WordPress Pie-Register <2.0.19 - Cross-Site Scripting

WordPress Pie Register before 2.0.19 contains a reflected cross-site scripting vulnerability in pie-register/pie-register.php which allows remote attackers to inject arbitrary web script or HTML via the invitaioncode parameter in a pie-register page to the default URL. id: CVE-2015-7377 info: nam...

4.3CVSS5.8AI score0.05825EPSS
Exploits3References5
Nuclei
Nucleiadded yesterday20 views

Visual CSS Style Editor < 7.5.4 - Cross-Site Scripting

The plugin does not sanitise and escape the wyppagetype parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue id: CVE-2021-24934 info: name: Visual CSS Style Editor 7.5.4 - Cross-Site Scripting author: Splint3r7 severity: medium description: | The...

6.1CVSS6.4AI score0.03752EPSS
Exploits2References2
Rows per page
Query Builder