CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

245 matches found

CVE-2026-4142

The Sentence To SEO keywords, description and tags plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Permanent keywords' field in all versions up to and including 1.0. This is due to insufficient input sanitization and output escaping. The plugin reads user input via...

4.4CVSS5.7AI score0.00027EPSS

Exploits0References1

RedhatCVE•added 4 days ago•4 views

CVE-2026-40186

ApostropheCMS is an open-source Node.js content management system. A regression introduced in commit 49d0bb7, included in versions 2.17.1 of the ApostropheCMS-maintained sanitize-html package bypasses allowedTags enforcement for text inside nonTextTagsArray elements textarea and option...

6.1CVSS5.7AI score0.00015EPSS

Exploits1References1

RedhatCVE•added 4 days ago•5 views

CVE-2026-39960

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and below contain flawed logic that causes improper escaping of a textarea custom field's contents in the Update Issue page, bugupdatepage.php allowing an attacker to inject HTML and, if CSP settings permit, execute...

5.4CVSS5.7AI score0.00033EPSS

Exploits0References1

RedhatCVE•added 2026/05/30 8:13 a.m.•10 views

CVE-2026-41897

Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.0.0 to 2.28.1, lack of validation of filtertarget parameter on returndynamicfilters.php normally used as an AJAX in View Issues Page allows an attacker to inject arbitrary HTML if the target is a TEXTAREA custom field. This...

5.3CVSS5.9AI score0.00049EPSS

Exploits0References1

NVD•added 2026/05/28 9:16 p.m.•6 views

CVE-2026-41897

5.3CVSS0.00049EPSS

Exploits0References3

CVE•added 2026/05/28 8:26 p.m.•15 views

CVE-2026-41897

CVE-2026-41897 affects MantisBT (Mantis Bug Tracker) from versions 1.0.0 through 2.28.1. The root cause is lack of validation of the filter_target parameter in return_dynamic_filters.php, used for AJAX on the View Issues page, which allows an attacker to inject arbitrary HTML when the target is a...

5.3CVSS5.9AI score0.00049EPSS

Exploits0References3

ATTACKERKB•added 2026/05/28 8:26 p.m.•8 views

CVE-2026-41897

5.3CVSS5.9AI score0.00049EPSS

Exploits0References4Affected Software1

EUVD•added 2026/05/28 8:26 p.m.•7 views

EUVD-2026-33024

5.3CVSS5.9AI score0.00049EPSS

Exploits0References3

Cvelist•added 2026/05/28 8:26 p.m.•24 views

CVE-2026-41897 MantisBT: Reflected XSS in Rendering Dynamic Custom Textarea Field

5.3CVSS0.00049EPSS

Exploits0References3

NVD•added 2026/05/20 10:16 p.m.•9 views

CVE-2026-39960

5.4CVSS0.00033EPSS

Exploits0References2

Cvelist•added 2026/05/20 9:11 p.m.•26 views

CVE-2026-39960 MantisBT is Vulnerable to Stored XSS through Custom Field Textarea Values

5.4CVSS0.00033EPSS

Exploits0References2

Vulnrichment•added 2026/05/20 9:11 p.m.•5 views

CVE-2026-39960 MantisBT is Vulnerable to Stored XSS through Custom Field Textarea Values

5.4CVSS6AI score0.00033EPSS

Exploits0References2

ATTACKERKB•added 2026/05/20 9:11 p.m.•4 views

CVE-2026-39960

5.4CVSS6AI score0.00033EPSS

Exploits0References3Affected Software1

EUVD•added 2026/05/20 9:11 p.m.•8 views

EUVD-2026-31192

5.4CVSS6AI score0.00033EPSS

Exploits0References2

CVE•added 2026/05/20 9:11 p.m.•15 views

CVE-2026-39960

MantisBT (versions ≤ 2.28.1) is vulnerable to Stored XSS via improper escaping of a textarea custom field on the Update Issue page (bug_update_page.php). The flaw allows an attacker, authenticated with bug report permission, to inject HTML and potentially execute JavaScript when the page loads, e...

5.4CVSS6AI score0.00033EPSS

Exploits0References2

Tenable Nessus•added 2026/05/18 12:0 a.m.•5 views

MantisBT 1.0.0 < 2.28.2 Dynamic Custom Textarea Field Reflected XSS (GHSA-j7v9-f46r-2rp4)

The version of MantisBT installed on the remote host is 1.0.0 or later but prior to 2.28.2. It is, therefore, affected by a vulnerability: - MantisBT is Vulnerable to Reflected XSS in Rendering Dynamic Custom Textarea Field. CVE-2026-41897 Note that Nessus has not tested for this issue but has...

5.3CVSS5.8AI score0.00049EPSS

Exploits0References2

Vulnrichment•added 2026/05/13 2:22 p.m.•5 views

CVE-2020-37225 Powie's WHOIS Domain Check 0.9.31 Persistent Cross-Site Scripting

Powie's WHOIS Domain Check 0.9.31 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by exploiting unsanitized input fields in plugin settings. Attackers can submit malicious payloads through textarea and input elements in t...

6.4CVSS5.9AI score0.00036EPSS

Exploits0References5

OSV•added 2026/05/11 7:39 p.m.•2 views

GHSA-J7V9-F46R-2RP4 MantisBT is Vulnerable to Reflected XSS in Rendering Dynamic Custom Textarea Field

Lack of validation of filtertarget parameter on returndynamicfilters.php normally used as an AJAX in View Issues Page allows an attacker to inject arbitrary HTML if the target is a TEXTAREA custom field. Impact Cross-site scripting XSS Patches - c885af13f0b8596714ffe11df757c09f35fbd8f4 Workaround...

5.3CVSS5.9AI score0.00049EPSS

Exploits0References4

Github Security Blog•added 2026/05/11 7:39 p.m.•6 views

MantisBT is Vulnerable to Reflected XSS in Rendering Dynamic Custom Textarea Field

5.3CVSS5.9AI score0.00049EPSS

Exploits0References4Affected Software1

Snyk•added 2026/05/11 7:39 p.m.•3 views

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the returndynamicfilters.php process when handling the filtertarget parameter. An attacker can execute arbitrary HTML or scripts in the context of a user's browser ...

5.4CVSS5.8AI score0.00049EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by