CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6355 matches found

CVE-2026-4983

Open VSX Registry does not sanitize SVG files uploaded as extension icons prior to storage, and serves them with Content-Type: image/svg+xml without security headers such as Content-Security-Policy or Content-Disposition: attachment. This allows an attacker to publish an extension with a maliciou...

4.1CVSS

Exploits0References1

Nuclei•added 13 hours ago•32 views

WBCE CMS v1.5.4 - Cross Site Scripting (Stored)

A cross-site scripting XSS vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field. id: CVE-2022-45038 info: name: WBCE CMS v1.5.4 - Cross Site Scripting Stored author:...

5.4CVSS6.2AI score0.01024EPSS

Exploits1References3

Nuclei•added 13 hours ago•13 views

ETQ Reliance - Reflected XSS via SQLConverterServlet

A reflected cross-site scripting XSS vulnerability exists in ETQ Reliance CG legacy platform within the SQLConverterServlet component. This vulnerability requires user interaction, such as clicking a crafted link, and may result in execution of unauthorized scripts in the user's context. The...

5.1CVSS6AI score0.01891EPSS

Exploits0References2

Nuclei•added 13 hours ago•29 views

Bootstrap Multiselect <= 1.1.2 - Cross-Site Scripting

A PHP script in the source code release echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting XSS vulnerability exploitable through Cross-Site Request Forgery CSRF. id: CVE-2025-47204 info: name: Bootstr...

6.1CVSS6AI score0.00404EPSS

Exploits0References1

Nuclei•added 13 hours ago•28 views

WordPress Yuzo <5.12.94 - Cross-Site Scripting

WordPress Yuzo Related Posts plugin before 5.12.94 is vulnerable to cross-site scripting because it mistakenly expects that isadmin verifies that the request comes from an admin user it actually only verifies that the request is for an admin page. An unauthenticated attacker can consequently inje...

6.1CVSS6.3AI score0.05331EPSS

Exploits1References5

Nuclei•added 13 hours ago•58 views

AppServ Open Project <=2.5.10 - Cross-Site Scripting

AppServ Open Project 2.5.10 and earlier contains a cross-site scripting vulnerability in index.php which allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter. id: CVE-2008-2398 info: name: AppServ Open Project =2.5.11 or apply the necessary security patches...

4.3CVSS5.9AI score0.06232EPSS

Exploits1References3

Nuclei•added 13 hours ago•22 views

Timesheet Next Gen <=1.5.3 - Cross-Site Scripting

Timesheet Next Gen 1.5.3 and earlier is vulnerable to cross-site scripting that allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the...

6.1CVSS6.5AI score0.043EPSS

Exploits1References5

Nuclei•added 13 hours ago•18 views

Redwood Report2Web 4.3.4.5 & 4.5.3 - Cross-Site Scripting

Redwood Report2Web 4.3.4.5 and 4.5.3 contains a cross-site scripting vulnerability in the login panel which allows remote attackers to inject JavaScript via the signIn.do urll parameter. id: CVE-2021-26710 info: name: Redwood Report2Web 4.3.4.5 & 4.5.3 - Cross-Site Scripting author: pikpikcu...

6.1CVSS6.3AI score0.06513EPSS

Exploits1References5

Nuclei•added 13 hours ago•36 views

FortiWeb - Cross Site Scripting

FortiWeb 6.3.0 through 6.3.7 and versions before 6.2.4 contain an unauthenticated cross-site scripting vulnerability. Improper neutralization of input during web page generation can allow a remote attacker to inject malicious payload in vulnerable API end-points. id: CVE-2021-22122 info: name:...

6.1CVSS6.3AI score0.1052EPSS

Exploits0References5

Nuclei•added 13 hours ago•35 views

Seo Panel 4.8.0 - Cross-Site Scripting

Seo Panel 4.8.0 contains a reflected cross-site scripting vulnerability via the seo/seopanel/login.php?sec=forgot email parameter. id: CVE-2021-3002 info: name: Seo Panel 4.8.0 - Cross-Site Scripting author: edoardottt severity: medium description: Seo Panel 4.8.0 contains a reflected cross-site...

6.1CVSS6.2AI score0.04278EPSS

Exploits1References5

Nuclei•added 13 hours ago•23 views

WordPress MF Gig Calendar <=1.1 - Cross-Site Scripting

WordPress MF Gig Calendar plugin 1.1 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize or escape the id GET parameter before outputting back in the admin dashboard when editing an event. id: CVE-2021-24510 info: name: WordPress MF Gig Calendar =1.2 which...

6.1CVSS6.2AI score0.0231EPSS

Exploits1References4

Nuclei•added 13 hours ago•41 views

Admidio - Cross-Site Scripting

A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The reflected cross-site scripting vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Through this vulnerability, an attacker is capable to execute malicious...

8.8CVSS6.3AI score0.05784EPSS

Exploits0References5

Nuclei•added 13 hours ago•27 views

OpenCATS 0.9.6 - Cross-Site Scripting

OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the joborderID parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch...

6.1CVSS6.4AI score0.01278EPSS

Exploits1References5

Nuclei•added 13 hours ago•26 views

ZZcms - Cross-Site Scripting

ZZcms 2019 contains a cross-site scripting vulnerability in the user login page. An attacker can inject arbitrary JavaScript code in the referer header via user/login.php, which can allow theft of cookie-based credentials and launch of subsequent attacks. id: CVE-2020-20285 info: name: ZZcms -...

5.4CVSS6.2AI score0.01552EPSS

Exploits1References3

Nuclei•added 13 hours ago•26 views

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

5.4CVSS5.9AI score0.01331EPSS

Exploits1References2

Nuclei•added 13 hours ago•24 views

CandidATS 3.0.0 - Cross-Site Scripting

CandidATS 3.0.0 contains a cross-site scripting vulnerability via the page parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

6.1CVSS6.4AI score0.01071EPSS

Exploits1References5

Nuclei•added 13 hours ago•35 views

School Dormitory Management System 1.0 - Authenticated Cross-Site Scripting

School Dormitory Management System 1.0 contains an authenticated cross-site scripting vulnerability via admin/inc/navigation.php:125. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-bas...

6.1CVSS6.4AI score0.03345EPSS

Exploits2References5

Nuclei•added 13 hours ago•40 views

WordPress All-in-One WP Migration <=7.62 - Cross-Site Scripting

WordPress All-in-One WP Migration plugin 7.62 and prior contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials a...

4.7CVSS5.9AI score0.01204EPSS

Exploits3References5

Nuclei•added 13 hours ago•42 views

BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting

BIBLIOsoft BIBLIOpac 2008 contains a cross-site scripting vulnerability via the db or action parameter to bin/wxis.exe/bibliopac/, which allows a remote attacker to inject arbitrary web script or HTML. id: CVE-2018-16139 info: name: BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting author:...

6.1CVSS6.4AI score0.02285EPSS

Exploits1References4

Nuclei•added 13 hours ago•34 views

FineCMS <=5.0.10 - Cross-Site Scripting

FineCMS through 5.0.10 contains a cross-site scripting vulnerability in controllers/api.php via the function parameter in a c=api&m=data2 request. id: CVE-2017-11629 info: name: FineCMS =5.0.11 which includes a fix for this vulnerability. reference: -...

6.1CVSS6.2AI score0.01937EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by