CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

222285 matches found

NVD•added 2025/12/18 8:15 p.m.•3 views

CVE-2024-58318

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the rich text editor component for page and form builders. Attackers can exploit this vulnerability by entering malicious URIs, potentially allowing malicious scripts to execute in...

6.1CVSS0.00139EPSS

Exploits0References2

OSV•added 2025/12/18 8:15 p.m.•3 views

CVE-2020-36891

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to upload files with spoofed Content-Type that do not match file extensions. Attackers can exploit this vulnerability by uploading malicious files with manipulated MIME types, allowing malicious scripts to execute i...

5.4CVSS5.8AI score0.00179EPSS

Exploits0References2

OSV•added 2025/12/18 8:15 p.m.•3 views

CVE-2022-50680

A stored cross-site scripting vulnerability in Kentico Xperience allows administration users to inject malicious scripts via email marketing templates. Attackers can exploit this vulnerability to execute malicious scripts that could compromise user browsers and steal sensitive information...

4.8CVSS5.8AI score

Exploits0References2

NVD•added 2025/12/18 8:15 p.m.•5 views

CVE-2022-50680

5.1CVSS0.0017EPSS

Exploits0References2

Vulnrichment•added 2025/12/18 7:53 p.m.•2 views

CVE-2023-53936 Cameleon CMS 2.7.4 Authenticated Persistent Cross-Site Scripting via Post Creation

Cameleon CMS 2.7.4 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts into post titles. Attackers can create posts with embedded SVG scripts that execute when other users mouse over the post title, potentially stealing...

5.1CVSS5.9AI score0.00205EPSS

Exploits1References3

Cvelist•added 2025/12/18 7:53 p.m.•21 views

CVE-2023-53936 Cameleon CMS 2.7.4 Authenticated Persistent Cross-Site Scripting via Post Creation

5.1CVSS0.00205EPSS

Exploits1References3

Cvelist•added 2025/12/18 7:53 p.m.•22 views

CVE-2023-53736 Kentico Xperience <= 13.0.120 Administration Interface Reflected XSS

A reflected cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts in the administration interface. Attackers can exploit this vulnerability to execute arbitrary scripts within the administrative context...

5.4CVSS0.00165EPSS

Exploits0References2

Vulnrichment•added 2025/12/18 7:53 p.m.•1 views

CVE-2023-53737 Kentico Xperience <= 13.0.101 Localization Application Stored XSS

A stored cross-site scripting vulnerability in Kentico Xperience allows global administrators to inject malicious payloads via the Localization application. Attackers can execute scripts that could affect multiple parts of the administration interface...

5.1CVSS5.8AI score0.0014EPSS

Exploits0References2

Vulnrichment•added 2025/12/18 7:53 p.m.•4 views

CVE-2022-50683 Kentico Xperience <= 13.0.74 Form Configuration Stored XSS

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form redirect URL configuration. This allows malicious scripts to execute in users' browsers through unvalidated form configuration settings...

5.4CVSS5.9AI score0.00138EPSS

Exploits0References2

Vulnrichment•added 2025/12/18 7:53 p.m.•2 views

CVE-2020-36889 Kentico Xperience <= 12.0.90 Administration Interface Stored XSS

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via error messages containing specially crafted object names. This allows malicious scripts to execute in users' browsers when administrators view error messages in the administration...

5.4CVSS5.8AI score0.00179EPSS

Exploits0References2

RedHat Linux•added 2025/12/18 1:35 a.m.•4 views

python: Virtual environment (venv) activation scripts don't quote paths

A vulnerability has been found in the Python venv module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts, for example, "source venv/bin/activate". This flaw allows...

7.8CVSS7.2AI score0.00647EPSS

Exploits0References7

EUVD•added 2025/12/18 12:34 a.m.•2 views

EUVD-2023-60219

Textpattern CMS 4.8.8 contains a stored cross-site scripting vulnerability in the article excerpt field that allows authenticated users to inject malicious scripts. Attackers can insert JavaScript payloads into the excerpt, which will execute when the article is viewed by other users...

5.1CVSS5.6AI score0.00255EPSS

Exploits1References4

CNNVD•added 2025/12/18 12:0 a.m.•3 views

Kentico Xperience 跨站脚本漏洞

Kentico Xperience is a digital experience platform from Kentico. A cross-site scripting vulnerability exists in the Kentico Xperience email marketing templates, which can be exploited by attackers to execute malicious scripts that can compromise a user's browser and steal sensitive information...

5.1CVSS5.7AI score0.0017EPSS

Exploits0References2

CVE•added 2025/12/18 12:0 a.m.•22 views

CVE-2025-67163

CVE-2025-67163 affects Simple Machines Forum (SMF) v2.1.6 (and SMF

6.1CVSS5.2AI score0.00206EPSS

Exploits0References5Affected Software1

Positive Technologies•added 2025/12/18 12:0 a.m.•5 views

PT-2025-52302

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A stored cross-site scripting issue exists in Kentico Xperience. Administration users can inject malicious scripts through email marketing templates. Exploitation allows attackers t...

5.1CVSS5.8AI score0.0017EPSS

Exploits0References5

CNNVD•added 2025/12/18 12:0 a.m.•3 views

Kentico Xperience 跨站脚本漏洞

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...

5.4CVSS5.9AI score0.00138EPSS

Exploits0References2

CNNVD•added 2025/12/18 12:0 a.m.•2 views

Kentico Xperience 跨站脚本漏洞

5.4CVSS5.9AI score0.00138EPSS

Exploits0References2

Positive Technologies•added 2025/12/18 12:0 a.m.•2 views

PT-2025-52305

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A stored cross-site scripting issue exists in Kentico Xperience. This allows attackers to inject malicious scripts through the form redirect URL configuration. Successful exploitati...

5.4CVSS5.8AI score0.00138EPSS

Exploits0References5

CNNVD•added 2025/12/18 12:0 a.m.•3 views

Kentico Xperience 跨站脚本漏洞

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute malicious script in an administrator user's browser...

6.1CVSS5.7AI score0.00155EPSS

Exploits0References2

CVE•added 2025/12/17 10:44 p.m.•9 views

CVE-2023-53933

CVE-2023-53933 affects Serendipity 2.4.0. An authenticated attacker can upload PHP files with a .phar extension via the media upload endpoint, enabling remote code execution on the server. The vulnerability arises from accepting or processing uploaded files in a way that allows execution of syste...

8.8CVSS8.4AI score0.00874EPSS

Exploits1References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by