CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5210 matches found

Cvelist•added 2024/04/17 12:0 a.m.•16 views

CVE-2024-30952

A stored cross-site scripting XSS vulnerability in PESCMS-TEAM v2.3.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the domain input field under /youdoamin/?g=Team&m=Setting&a=action...

5.5AI score0.00327EPSS

Exploits0References1

Vulnrichment•added 2024/04/17 12:0 a.m.•11 views

CVE-2024-32339

Multiple cross-site scripting XSS vulnerabilities in the HOW TO page of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into any of the parameters...

6.1AI score0.00404EPSS

Exploits1References1

Vulnrichment•added 2024/04/17 12:0 a.m.•12 views

CVE-2024-32343

A cross-site scripting XSS vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter...

5.8AI score0.00413EPSS

Exploits1References1

Cvelist•added 2024/04/17 12:0 a.m.•13 views

CVE-2024-32745

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE DESCRIPTION parameter under the CURRENT PAGE module...

5.7AI score0.00316EPSS

Exploits1References1

Cvelist•added 2024/04/17 12:0 a.m.•12 views

CVE-2024-32337

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ADMIN LOGIN URL parameter under the Security module...

5.7AI score0.00426EPSS

Exploits1References1

Cvelist•added 2024/04/17 12:0 a.m.•15 views

CVE-2024-32342

A cross-site scripting XSS vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Permalink parameter...

5.7AI score0.00435EPSS

Exploits1References1

WPVulnDB•added 2024/04/17 12:0 a.m.•15 views

HT Mega < 2.4.7 - Contributor+ Stored XSS via Lightbox Widget

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's lightbox widget due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject...

6.4CVSS5.7AI score0.0032EPSS

Exploits0References1Affected Software1

CVE•added 2024/04/17 12:0 a.m.•57 views

CVE-2024-32343

Boid CMS v2.1.0 has an XSS vulnerability in the Create Page, exploitable by injecting a crafted payload into the Content parameter. The issue is documented across multiple sources with no explicit exploitation details provided and a CVSS v3.1 base score of 6.1 (MEDIUM), requiring user interaction...

6.1CVSS5.8AI score0.00413EPSS

Exploits1References1Affected Software1

WPVulnDB•added 2024/04/17 12:0 a.m.•11 views

Short URL <= 1.6.8 - Reflected Cross-Site Scripting

Description The Short URL plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

7.1CVSS6.3AI score0.00351EPSS

Exploits0References1

WPVulnDB•added 2024/04/17 12:0 a.m.•21 views

EZ Form Calculator <= 2.14.0.3 - Reflected Cross-Site Scripting

Description The EZ Form Calculator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.14.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

7.1CVSS6.3AI score0.00351EPSS

Exploits0References1

Vulnrichment•added 2024/04/17 12:0 a.m.•13 views

CVE-2024-32744

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module...

5.8AI score0.00399EPSS

Exploits1References1

CVE•added 2024/04/17 12:0 a.m.•55 views

CVE-2024-32746

CVE-2024-32746 describes an XSS vulnerability in WonderCMS v3.4.3 within the Settings section, exploitable via a crafted payload injected into the MENU parameter under the Menu module. Affected software is WonderCMS 3.4.3; impact is arbitrary script/HTML execution in the user’s browser. Core deta...

4.6CVSS5.8AI score0.00454EPSS

Exploits1References1Affected Software1

Cvelist•added 2024/04/17 12:0 a.m.•16 views

CVE-2024-32340

5.7AI score0.00711EPSS

Exploits1References1

Cvelist•added 2024/04/17 12:0 a.m.•15 views

CVE-2024-32344

A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit parameter under the Language section...

5.7AI score0.00528EPSS

Exploits1References1

CVE•added 2024/04/17 12:0 a.m.•48 views

CVE-2024-32745

CVE-2024-32745 is an XSS vulnerability in WonderCMS v3.4.3. The issue stems from lack of proper filtering/escaping in the PAGE DESCRIPTION parameter of the CURRENT PAGE module under Settings, allowing an attacker to inject arbitrary web scripts or HTML. Public references consistently describe the...

5.9CVSS5.8AI score0.00316EPSS

Exploits1References1Affected Software1

CVE•added 2024/04/17 12:0 a.m.•59 views

CVE-2024-32345

CMSimple v5.15 is affected by a cross-site scripting (XSS) vulnerability in the Settings menu, specifically via the Configuration parameter under Language. The underlying issue is insufficient filtering/escaping of user-supplied data in that parameter, enabling attackers to inject arbitrary web s...

7.2CVSS5.8AI score0.00456EPSS

Exploits1References1Affected Software1

CVE•added 2024/04/17 12:0 a.m.•57 views

CVE-2024-32342

Boid CMS v2.1.0 is affected by an XSS in the Create Page, exploitable via a crafted payload to the Permalink parameter. The vulnerability arises from improper handling of input in the Create Page flow, allowing attackers to execute arbitrary scripts/HTML in the context of users viewing the affect...

6.1CVSS5.8AI score0.00435EPSS

Exploits1References1Affected Software1

CVE•added 2024/04/17 12:0 a.m.•52 views

CVE-2024-32344

CMSimple v5.15 is affected by an XSS in the Settings menu, via crafted input in the Language section Edit parameter. The vulnerability arises from insufficient filtering/escaping of user-supplied data in that parameter, enabling arbitrary script/HTML execution. In-the-wild details are not provide...

6.8CVSS5.8AI score0.00528EPSS

Exploits1References1Affected Software1

CVE•added 2024/04/17 12:0 a.m.•63 views

CVE-2024-32341

CVE-2024-32341 affects WonderCMS v3.4.3, specifically the Home page. The vulnerability is described as multiple XSS flaws that allow an attacker to inject arbitrary web scripts or HTML via crafted payloads into parameters, as noted across multiple sources. Some connected documents describe the im...

5.4CVSS6AI score0.00386EPSS

Exploits1References1Affected Software1

CVE•added 2024/04/17 12:0 a.m.•50 views

CVE-2024-32339

WonderCMS v3.4.3 has multiple XSS vulnerabilities on the HOW TO page. The flaws arise from insufficient input filtering/escaping on the HOW TO page, allowing an attacker to inject arbitrary web scripts/HTML via crafted payloads into parameters. Per sources, this can lead to theft of cookie-based ...

6.1CVSS6AI score0.00404EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by