CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

100 matches found

Site Reviews < 7.2.5 - Unauthenticated Stored XSS

Site Reviews WordPress plugin before 7.2.5 contains a stored cross-site scripting caused by improper sanitization and escaping of review fields, letting unauthenticated users execute malicious scripts, exploit requires no authentication. id: CVE-2025-1232 info: name: Site Reviews 7.2.5 -...

8.8CVSS7.2AI score0.20938EPSS

Exploits1References3

NVD•added 2026/05/02 9:16 a.m.•2 views

CVE-2026-5324

The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when ...

7.2CVSS0.00174EPSS

Exploits0References8

ATTACKERKB•added 2026/05/02 8:27 a.m.•1 views

CVE-2026-5324

7.2CVSS6AI score0.00174EPSS

Exploits0References9

Patchstack•added 2026/05/01 9:31 a.m.•2 views

WordPress Marijuana Age Verify plugin <= 1.5.5 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Marijuana Age Verify versions = 1.5.5...

6.1CVSS5.8AI score0.00135EPSS

Exploits0References1Affected Software1

OSV•added 2026/03/12 8:57 p.m.•3 views

GO-2026-4669 SiYuan has a SVG Sanitizer Bypass via Whitespace in `javascript:` URI — Unauthenticated XSS in github.com/siyuan-note/siyuan/kernel

SiYuan has a SVG Sanitizer Bypass via Whitespace in javascript: URI — Unauthenticated XSS in github.com/siyuan-note/siyuan/kernel...

6.4CVSS5.8AI score0.00502EPSS

Exploits1References3

Cvelist•added 2026/03/10 8:58 p.m.•22 views

CVE-2026-31809 SiYuan has a SVG Sanitizer Bypass via Whitespace in `javascript:` URI — Unauthenticated XSS

SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer SanitizeSVG checks href attributes for the javascript: prefix using strings.HasPrefix. However, inserting ASCII tab , newline , or carriage return characters inside the javascript: string bypasses this prefi...

6.4CVSS0.00502EPSS

Exploits1References1

Positive Technologies•added 2026/03/04 12:0 a.m.•2 views

PT-2026-23104

Name of the Vulnerable Software and Affected Versions ZITADEL versions 4.0.0 through 4.11.1 Description ZITADEL, an open source identity management platform, contains a cross-site scripting XSS issue in its login V2 interface, specifically within the /saml-post endpoint. This flaw allows for...

9.9CVSS5.8AI score0.07313EPSS

Exploits68References149

Positive Technologies•added 2026/01/15 12:0 a.m.•1 views

PT-2026-3136

Name of the Vulnerable Software and Affected Versions Mitel MiContact Center Business versions through 10.2.0.10 Mitel CX versions through 1.1.0.1 Description A flaw exists in the Multimedia Email component that could allow an unauthenticated attacker to perform a Cross-Site Scripting XSS attack...

8.2CVSS6.1AI score0.00038EPSS

Exploits0References5

OSV•added 2026/01/14 5:16 p.m.•1 views

CVE-2025-67834

Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the filter parameter...

5.4CVSS5.8AI score

Exploits0References2

RedhatCVE•added 2026/01/09 10:45 a.m.•1 views

CVE-2022-0698

Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter...

6.1CVSS6.5AI score0.02106EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:18 a.m.•4 views

CVE-2019-18881

WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile...

6.1CVSS6.2AI score0.00356EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:55 a.m.•1 views

CVE-2023-40663

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Rextheme WP VR plugin = 8.3.4 versions...

7.1CVSS5.8AI score0.00175EPSS

Exploits0References1

Vulnrichment•added 2025/12/31 6:40 p.m.•1 views

CVE-2021-47743 COMMAX Biometric Access Control System 1.0.0 Reflected XSS via Cookie Parameters

COMMAX Biometric Access Control System 1.0.0 contains an unauthenticated reflected cross-site scripting vulnerability in cookie parameters 'CMXADMINNM' and 'CMXCOMPLEXNM'. Attackers can inject malicious HTML and JavaScript code into these cookie values to execute arbitrary scripts in a victim's...

6.1CVSS6.3AI score0.00024EPSS

Exploits1References6

Patchstack•added 2025/12/30 8:33 a.m.•4 views

WordPress Advance WP Query Search Filter plugin <= 1.0.10 - Reflected XSS via taxo_ajax vulnerability

Reflected XSS via taxoajax vulnerability discovered by Yevgen Goncharuk in WordPress Plugin Advance WP Query Search Filter versions = 1.0.10...

6.1CVSS6AI score0.0002EPSS

Exploits0References1Affected Software1

EUVD•added 2025/10/15 6:31 p.m.•1 views

EUVD-2025-34666

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of the web UI. This vulnerability exists because the web ...

6.1CVSS6.3AI score0.00033EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-6011

Malware in sbrugna...

6.1CVSS7AI score0.00341EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-8805

Malware in sbrugna...

6.1CVSS6.3AI score0.00313EPSS

Exploits0References3