CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5210 matches found

Cvelist•added 2024/03/06 12:0 a.m.•17 views

CVE-2023-49983

A cross-site scripting XSS vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter...

5.7AI score0.00574EPSS

Exploits1References2

Cvelist•added 2024/03/05 1:55 a.m.•28 views

CVE-2024-1782 Blue Triad EZAnalytics <= 1.0 - Reflected Cross-Site Scripting via 'bt_webid'

The Blue Triad EZAnalytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'btwebid' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

6.1CVSS6.1AI score0.00374EPSS

Exploits0References2

Vulnrichment•added 2024/03/02 11:15 a.m.•12 views

CVE-2024-0611 Master Slider – Responsive Touch Slider <= 3.9.9 - Authenticated(Editor+) Stored Cross-Site Scripting via slider callback

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slides callback functionality in all versions up to, and including, 3.9.9. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web...

4.4CVSS6.7AI score0.00656EPSS

Exploits1References3

Cvelist•added 2024/03/02 11:15 a.m.•24 views

CVE-2024-0611 Master Slider – Responsive Touch Slider <= 3.9.9 - Authenticated(Editor+) Stored Cross-Site Scripting via slider callback

4.4CVSS4.5AI score0.00656EPSS

Exploits1References3

Cvelist•added 2024/03/02 9:37 a.m.•31 views

CVE-2024-0378 AI Engine <= 2.2.0 - Unauthenticated Stored Cross-Site Scripting

The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI chat data when discussion tracking is enabled in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This...

6.5CVSS6AI score0.0061EPSS

Exploits0References2

NVD•added 2024/03/01 11:15 p.m.•8 views

CVE-2024-25434

A cross-site scripting XSS vulnerability in Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Publicname parameter...

5.4CVSS5.6AI score0.00406EPSS

Exploits1References2

Prion•added 2024/03/01 11:15 p.m.•15 views

Cross site scripting

A cross-site scripting XSS vulnerability in the Production module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function...

6.1AI score0.00443EPSS

Exploits2References2

NVD•added 2024/03/01 10:15 p.m.•6 views

CVE-2023-49539

Book Store Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability in /bsmsci/index.php/category. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the category parameter...

6.1CVSS5.9AI score0.00577EPSS

Exploits1References4

NVD•added 2024/03/01 10:15 p.m.•9 views

CVE-2023-49540

Book Store Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability in /bsmsci/index.php/history. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the history parameter...

6.1CVSS5.9AI score0.00577EPSS

Exploits1References4

Vulnrichment•added 2024/03/01 12:0 a.m.•10 views

CVE-2024-25438

A cross-site scripting XSS vulnerability in the Submission module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function...

5.8AI score0.00443EPSS

Exploits1References2

WPVulnDB•added 2024/03/01 12:0 a.m.•13 views

Master Slider <= 3.9.9 - Editor+ Stored XSS via slider callback

Description The plugin is vulnerable to Stored Cross-Site Scripting via the slides callback functionality. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only...

4.8CVSS4.7AI score0.00656EPSS

Exploits1References1

Vulnrichment•added 2024/03/01 12:0 a.m.•11 views

CVE-2023-49539

6.1AI score0.00577EPSS

Exploits1References4

Vulnrichment•added 2024/03/01 12:0 a.m.•14 views

CVE-2024-25434

A cross-site scripting XSS vulnerability in Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Publicname parameter...

5.8AI score0.00406EPSS

Exploits1References2

Cvelist•added 2024/03/01 12:0 a.m.•13 views

CVE-2024-25434

A cross-site scripting XSS vulnerability in Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Publicname parameter...

5.7AI score0.00406EPSS

Exploits1References2

CVE•added 2024/03/01 12:0 a.m.•67 views

CVE-2024-25438

CVE-2024-25438 describes a cross-site scripting (XSS) vulnerability in the Submission module of PKP Open Journal Systems (PKP OJS) version 3.3. The issue allows an attacker to inject arbitrary web scripts or HTML via a crafted payload in the Input subject field under the Add Discussion function. ...

6.1CVSS5.7AI score0.00443EPSS

Exploits1References2Affected Software1

CVE•added 2024/03/01 12:0 a.m.•87 views

CVE-2023-49540

CVE-2023-49540 affects Book Store Management System v1.0. A cross-site scripting (XSS) flaw is in the /bsms_ci/index.php/history endpoint, exploitable by injecting a payload into the history parameter to run arbitrary scripts/HTML. Reported by multiple sources, the CVSSv3.1 base score is 6.1 (Med...

6.1CVSS6AI score0.00577EPSS

Exploits1References4Affected Software1

Cvelist•added 2024/03/01 12:0 a.m.•18 views

CVE-2024-25438

5.7AI score0.00443EPSS

Exploits1References2

NVD•added 2024/02/29 7:15 a.m.•7 views

CVE-2024-25292

Cross-site scripting XSS vulnerability in RenderTune v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Upload Title parameter...

9.6CVSS5.8AI score0.01485EPSS

Exploits2References1

Prion•added 2024/02/29 6:15 a.m.•21 views

Cross site scripting

The Restaurant Solutions – Checklist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Checklist points in version 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inje...

3.2CVSS4.4AI score0.0042EPSS

Exploits1References2

Vulnrichment•added 2024/02/29 5:32 a.m.•9 views

CVE-2024-1977

4.4CVSS4.4AI score0.0042EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by