CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6654 matches found

osTicket < 1.10.2 - Cross-Site Scripting

Cross-site scripting XSS vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "sort" parameter. id: CVE-2018-7196 info: name: osTicket 1.10.2 - Cross-Site Scripting author: ritikchaddha severity: medium...

6.1CVSS6.5AI score0.00533EPSS

Exploits1References2

EUVD•added 2026/02/25 12:30 p.m.•4 views

EUVD-2026-8519

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aysblock' shortcode in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS5.6AI score0.00045EPSS

Exploits0References5

RedhatCVE•added 2026/02/12 1:4 a.m.•7 views

CVE-2025-70297

A stored cross-site scripting XSS vulnerability in the recipe asset upload and media serving component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary web script or HTML via an uploaded SVG file that is served as image/svg+xml and rendered by a victim s browser...

6.1CVSS5.4AI score0.00062EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 12:51 p.m.•4 views

CVE-2014-4945

Multiple cross-site scripting XSS vulnerabilities in Horde Internet Mail Program IMP before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via an unspecified flag in the basic 1 mailbox or 2 message view...

4.3CVSS5.9AI score0.00516EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:49 p.m.•4 views

CVE-2014-4856

Cross-site scripting XSS vulnerability in the Polldaddy Polls & Ratings plugin before 2.0.25 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a ratings shortcode and a unique ID. NOTE: some of these details are obtained from third party informati...

4.3CVSS5.9AI score0.00174EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:49 p.m.•4 views

CVE-2014-4308

Multiple cross-site scripting XSS vulnerabilities in NICE Recording eXpress aka Cybertech eXpress before 6.5.5 allow remote attackers to inject arbitrary web script or HTML via the 1 USRLNM parameter to myaccount/mysettings.edit.validate.asp or the frame parameter to 2...

4.3CVSS6AI score0.00225EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 12:49 p.m.•3 views

CVE-2014-4335

Multiple cross-site scripting XSS vulnerabilities in BarracudaDrive 6.7.2 allow remote attackers to inject arbitrary web script or HTML via the 1 host or 2 password parameter to rtl/protected/admin/ddns/...

4.3CVSS6.1AI score0.00225EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 12:47 p.m.•5 views

CVE-2005-1713

Multiple cross-site scripting XSS vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HTML via the 1 templatedropdown and 2 shoutbox plugins...

4.3CVSS6AI score0.00346EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:46 p.m.•6 views

CVE-2005-1715

Cross-site scripting XSS vulnerability in index.php for TOPo 2.2 2.2.178 allows remote attackers to inject arbitrary web script or HTML via the 1 m, 2 s, 3 ID, or 4 t parameters, or the 5 field name, 6 Your Web field, or 7 email field in the comments section...

4.3CVSS6AI score0.00674EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 12:46 p.m.•1 views

CVE-2005-1085

Cross-site scripting XSS vulnerability in the control panel in aeDating 3.2 allows remote attackers to inject arbitrary web script or HTML...

4.3CVSS6.1AI score0.00297EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:22 p.m.•3 views

CVE-2018-14864

Incorrect access control in asset bundles in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier allows remote authenticated users to inject arbitrary web script via a crafted attachment...

6.5CVSS6.5AI score0.00134EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:11 p.m.•5 views

CVE-2018-18672

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board head contents" parameter, aka the adm/boardformupdate.php bocontenthead parameter...

6.1CVSS6AI score0.00363EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:10 p.m.•8 views

CVE-2018-18675

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board title contents" parameter, aka the adm/boardformupdate.php bomobilesubject parameter...

6.1CVSS6AI score0.00363EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:54 a.m.•6 views

CVE-2009-4602

Cross-site scripting XSS vulnerability in the Randomizer module 5.x through 5.x-1.0 and 6.x through 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.00246EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:54 a.m.•4 views

CVE-2009-4161

Cross-site scripting XSS vulnerability in the AN Search it! ansearchit extension 2.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.00263EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:53 a.m.•6 views

CVE-2009-4400

Cross-site scripting XSS vulnerability in the Parish Administration Database steparishadmin extension 0.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.00263EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:53 a.m.•8 views

CVE-2009-4497

Cross-site scripting XSS vulnerability in LXR Cross Referencer 0.9.5 and 0.9.6 allows remote attackers to inject arbitrary web script or HTML via the i parameter to the ident program...

4.3CVSS5.8AI score0.00192EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:51 a.m.•6 views

CVE-2009-4910

Cross-site scripting XSS vulnerability in the WebVPN portal on Cisco Adaptive Security Appliances ASA 5580 series devices with software before 8.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCsq78418...

4.3CVSS6AI score0.00296EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:50 a.m.•4 views

CVE-2009-4717

Multiple cross-site scripting XSS vulnerabilities in Gonafish WebStatCaffe allow remote attackers to inject arbitrary web script or HTML via the 1 host parameter to stat/host.php, nodayshow parameter to 2 mostvisitpage.php and 3 visitorduration.php in stat/, 4 nopagesmost parameter to...

4.3CVSS6AI score0.00175EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 11:49 a.m.•6 views

CVE-2009-4999

Cross-site scripting XSS vulnerability in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 3.5.1 before 3.5.1-016 allows remote attackers to inject arbitrary web script or HTML via the Name field...

4.3CVSS5.8AI score0.00202EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by