Lucene search
K

1042949 matches found

CVE
CVE
added 3 hours ago5 views

CVE-2026-10551

The Breeze Cache WordPress plugin before 2.5.6 is vulnerable to unauthenticated Stored XSS due to a predictable replacement hash used during HTML minification and an abused regular expression, enabling an attacker to inject arbitrary HTML attributes in the final HTML output by predicting the plac...

6.2AI score
Exploits0References1
Nuclei
Nuclei
added yesterday20 views

IceWarp Server 10.2.1 - Cross-Site Scripting

IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting XSS via the meta parameter. id: CVE-2024-55218 info: name: IceWarp Server 10.2.1 - Cross-Site Scripting author: s4e-io severity: medium description: | IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting XSS via the meta parameter...

6.1CVSS6.1AI score0.00685EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday59 views

Citrix Gateway and Citrix ADC - Cross-Site Scripting

Citrix ADC and Citrix Gateway versions before 13.1 and 13.1-45.61, 13.0 and 13.0-90.11, 12.1 and 12.1-65.35 contain a cross-site scripting vulnerability due to improper input validation. id: CVE-2023-24488 info: name: Citrix Gateway and Citrix ADC - Cross-Site Scripting author: johnk3r,DhiyaneshD...

6.1CVSS6.6AI score0.80907EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday128 views

Citrix StoreFront - Cross-Site Scripting

Reflected Cross-Site Scripting issue which is exploitable without authentication. This vulnerability was exploitable through coercing an error message during an XML parsing procedure in the SSO flow. id: CVE-2023-5914 info: name: Citrix StoreFront - Cross-Site Scripting author: DhiyaneshDK...

7.2CVSS6.6AI score0.73142EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday55 views

Sidekiq < 7.0.8 - Cross-Site Scripting

An XSS vulnerability on a Sidekiq admin panel can pose serious risks to the security and functionality of the system. id: CVE-2023-1892 info: name: Sidekiq 7.0.8 - Cross-Site Scripting author: ritikchaddha,princechaddha severity: critical description: | An XSS vulnerability on a Sidekiq admin pan...

9.6CVSS7AI score0.02742EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday83 views

Seo By 10Web < 1.2.7 - Cross-Site Scripting

The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. id:...

4.8CVSS6.6AI score0.00909EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday33 views

Aajoda Testimonials < 2.2.2 - Cross-Site Scripting

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. id: CVE-2023-2178 info: name: Aajoda Testimonials...

4.8CVSS6.4AI score0.00773EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday116 views

OpenCMS 14 & 15 - Cross Site Scripting

Cross-site scripting XSS vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. id: CVE-2023-6379 info: name: OpenCMS 14 & 15 - Cross Site Scripting author: msegoviag severity: medium description: | Cross-site scripting XSS vulnerability in Alkacon...

6.1CVSS6.4AI score0.01752EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday127 views

OPNsense - Cross-Site Scripting to RCE

There is a XSS in /ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 via openAction in app/controllers/OPNsense/Cron/ItemController.php. id: CVE-2023-39007 info: name: OPNsense - Cross-Site Scripting to RCE author: ritikchaddha...

9.6CVSS7AI score0.02315EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday57 views

MooDating 1.2 - Cross-Site Scripting

A vulnerability classified as problematic has been found in mooSocial mooDating 1.2. This affects an unknown part of the file /pages of the component URL Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. id: CVE-2023-3846 info: name: MooDatin...

6.1CVSS4.5AI score0.03648EPSS
Exploits4References4
Nuclei
Nuclei
added yesterday70 views

PHPJabbers Availability Booking Calendar 5.0 - Cross-Site Scripting

A vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument sessionid leads to cross site scripting. The attack can be launched...

6.1CVSS4.4AI score0.01766EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday60 views

OpenEMR < 7.0.1 - Cross-site Scripting

Cross-site Scripting XSS - Reflected in GitHub repository openemr/openemr prior to 7.0.1. id: CVE-2023-2949 info: name: OpenEMR 7.0.1 - Cross-site Scripting author: ritikchaddha,princechaddha severity: medium description: | Cross-site Scripting XSS - Reflected in GitHub repository openemr/openemr...

8.3CVSS6.7AI score0.01472EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday47 views

WP Helper Lite < 4.3 - Cross-Site Scripting

The WP Helper Lite WordPress plugin, in versions 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability. id: CVE-2023-0448 info: name: WP Helper Lite 4.3 - Cross-Site Scripting author: ritikchaddha severity: medium description: | T...

6.1CVSS6.4AI score0.44513EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday54 views

Webkul QloApps 1.6.0 - Cross-site Scripting

An unauthenticated Cross-Site Scripting XSS vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST emailcreate and back parameter. id: CVE-2023-36289 info: name: Webkul QloApps 1.6.0 - Cross-site Scripting author:...

6.1CVSS6.4AI score0.01169EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday46 views

Ninja Forms < 3.6.22 - Cross-Site Scripting

Ninja Forms before 3.6.22 is susceptible to cross-site scripting via the page parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to...

6.1CVSS6.7AI score0.00925EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday45 views

Shield Security Plugin < 20.0.6 - Cross-Site Scripting

The Shield Security WordPress plugin before 20.0.6 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the 'navsub' parameter in the admin dashboard, allowing authenticated users to execute arbitrary JavaScript in the context of other...

6.1CVSS6.3AI score0.01444EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday140 views

Base64 Encoder/Decoder <= 0.9.2 - Cross-Site Scripting

The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2024-3822 info: name: Base64 Encoder/Decode...

4.8CVSS6.1AI score0.00741EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday38 views

Woo Bulk Price Update <2.2.2 - Cross-Site Scripting

The Woo Bulk Price Update WordPress plugin, in versions 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'page' parameter to the technogetproducts action, which can only be triggered by an authenticated user. id: CVE-2023-28665 info: name: Woo Bulk Price Update 2.2.2 -...

5.4CVSS6.1AI score0.00887EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday70 views

Ninja Forms < 3.6.26 - Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin id: CVE-2023-37979 info: name: Ninja Forms 3.6.26 - Cross-Site Scripting author: r3Y3r53 severity:...

7.1CVSS6.8AI score0.0601EPSS
Exploits6References5
Nuclei
Nuclei
added yesterday56 views

mooDating 1.2 - Cross-site scripting

A vulnerability, which was classified as problematic, was found in mooSocial mooDating 1.2. Affected is an unknown function of the file /find-a-match of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. id: CVE-2023-3849 info:...

6.1CVSS4.6AI score0.03678EPSS
Exploits4References5
Rows per page
Query Builder