Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

11 matches found

RedhatCVE
RedhatCVEadded 2026/06/05 7:51 p.m.6 views

CVE-2025-52206

ISPConfig 3.3.0 is vulnerable to Cross Site Scripting XSS via the system status webpage...

4.7CVSS5.5AI score0.00221EPSS
Exploits1References1
EUVD
EUVDadded 2026/05/05 6:33 p.m.4 views

EUVD-2025-209641

ISPConfig 3.3.0 is vulnerable to Cross Site Scripting XSS via the system status webpage...

4.7CVSS5.8AI score0.00221EPSS
Exploits1References3
NVD
NVDadded 2026/05/05 4:16 p.m.6 views

CVE-2025-52206

ISPConfig 3.3.0 is vulnerable to Cross Site Scripting XSS via the system status webpage...

4.7CVSS0.00221EPSS
Exploits1References2
CNNVD
CNNVDadded 2026/05/05 12:0 a.m.7 views

ISPConfig 跨站脚本漏洞

ISPConfig is a set of open-source host control panels based on Linux by the ISPConfig company. It allows for the management of multiple servers through a web-based control panel, the creation of websites, and the monitoring of server status. Version 3.3.0 of ISPConfig contains a cross-site...

4.7CVSS5.6AI score0.00221EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/05/05 12:0 a.m.31 views

CVE-2025-52206

ISPConfig 3.3.0 is vulnerable to Cross Site Scripting XSS via the system status webpage...

0.00221EPSS
Exploits1References2
CVE
CVEadded 2026/05/05 12:0 a.m.11 views

CVE-2025-52206

ISPConfig 3.3.0 is vulnerable to Cross Site Scripting (XSS) via the system status webpage. The vulnerability affects the ISPConfig system-status UI, specifically the monitor/show_sys_state.php endpoint (state=server&server=[removed]...), allowing reflected user-supplied input to execute script in...

4.7CVSS5.8AI score0.00221EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologiesadded 2026/05/05 12:0 a.m.5 views

PT-2026-37054

Name of the Vulnerable Software and Affected Versions ISPConfig version 3.3.0 Description Cross Site Scripting XSS is possible via the system status webpage. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...

4.7CVSS5.8AI score0.00221EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/05/05 12:0 a.m.1 views

CVE-2025-52206

ISPConfig 3.3.0 is vulnerable to Cross Site Scripting XSS via the system status webpage...

5.8AI score0.00221EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2026/05/05 12:0 a.m.4 views

CVE-2025-52206

ISPConfig 3.3.0 is vulnerable to Cross Site Scripting XSS via the system status webpage...

5.8AI score0.00221EPSS
Exploits1References2
NVD
NVDadded 2026/03/16 6:16 p.m.1 views

CVE-2026-29510

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Name field. Attackers can inject malicious scripts through the System Status interface that execut...

5.4CVSS0.00138EPSS
Exploits0References2
CVE
CVEadded 2026/03/16 4:56 p.m.6 views

CVE-2026-29513

CVE-2026-29513 describes a stored XSS in Hereta ETH-IMC408M firmware ≤1.0.15. An authenticated attacker can inject JavaScript through the Device Location field via the System Status interface, with scripts executing in browsers of users viewing the status page. The CVSS 4.0 metrics indicate Netwo...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder