CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

43 matches found

NVD•added 2026/06/08 2:16 a.m.•11 views

CVE-2021-47983

WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the AcceptStripePayments-settingscurrencycode parameter. Attackers can submit POST requests to /wp-admin/options.php with script...

6.4CVSS0.00187EPSS

Exploits0References3

Vulnrichment•added 2026/06/08 1:55 a.m.•8 views

CVE-2021-47983 WordPress Plugin Stripe Payments 2.0.39 Stored XSS via currency_code

6.4CVSS5.6AI score0.00187EPSS

Exploits0References3

NVD•added 2026/05/13 1:16 p.m.•7 views

CVE-2026-42948

Stored cross-site scripting vulnerability exists in ELECOM wireless LAN access point devices. If one of the administrators input malicious data, an arbitrary script may be executed in another administrative user's web browser...

4.8CVSS0.00161EPSS

Exploits0References2

Vulnrichment•added 2026/05/13 12:2 p.m.•7 views

CVE-2026-42948

4.8CVSS5.7AI score0.00161EPSS

Exploits0References2

Exploit DB•added 2026/04/29 12:0 a.m.•75 views

FacturaScripts 2025.43 - XSS

Exploit Title: FacturaScripts 2025.43 - XSS Date: 30-12-2025 Exploit Author: VETTRIVEL U Author Profile: https://www.linkedin.com/in/vettrivel2006 Vendor Homepage: https://facturascripts.com/ Software Link: https://github.com/NeoRazorX/facturascripts Affected Versions: = 2025.4, = 2025.11, =...

5.4CVSS5.2AI score0.00981EPSS

Exploits2

EUVD•added 2026/03/30 12:31 a.m.•5 views

EUVD-2026-17046

A non-administrative user can upload malicious files. When an administrator or the product accesses that file, an arbitrary script may be executed on the administrator's browser. Note that Movable Type 7 series and 8.4 series, which are End-of-Life EOL, are affected by the vulnerability as well...

8.8CVSS6.6AI score0.00392EPSS

Exploits0References7

ATTACKERKB•added 2026/02/19 12:2 p.m.•5 views

CVE-2019-25425

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the VIRUSADMIN parameter. Attackers can send POST requests to the smtpconfig endpoint with script payloads to execute arbitrary...

6.1CVSS5.6AI score0.00344EPSS

Exploits1References4Affected Software1

Cvelist•added 2026/02/19 12:2 p.m.•24 views

CVE-2019-25411 Comodo Dome Firewall 2.7.0 Cross-Site Scripting via DHCP

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the GATEWAYGREEN parameter. Attackers can send POST requests to the DHCP configuration endpoint with script payloads to execute arbitrary JavaScript...

6.1CVSS0.00344EPSS

Exploits1References4

Vulnrichment•added 2026/02/18 8:59 p.m.•3 views

CVE-2019-25398 IPFire 2.21 Core Update 127 Cross-Site Scripting via ovpnmain.cgi

IPFire 2.21 Core Update 127 contains multiple cross-site scripting vulnerabilities in the ovpnmain.cgi script that allow attackers to inject malicious scripts through VPN configuration parameters. Attackers can submit POST requests with script payloads in parameters like VPNIP, DMTU, ccdname,...

6.1CVSS5.6AI score0.00242EPSS

Exploits1References4

RedhatCVE•added 2026/02/05 7:26 a.m.•3 views

CVE-2026-23704

6.5CVSS6.6AI score0.00202EPSS

Exploits0References1

EUVD•added 2026/02/04 7:3 a.m.•4 views

EUVD-2026-5489

6.5CVSS5.5AI score0.00202EPSS

Exploits0References3

ATTACKERKB•added 2026/02/04 7:3 a.m.•6 views

CVE-2026-23704

6.5CVSS6.7AI score0.00202EPSS

Exploits0References4Affected Software2

Positive Technologies•added 2026/02/04 12:0 a.m.•5 views

PT-2026-6182

Name of the Vulnerable Software and Affected Versions Movable Type versions 7.x and 8.4.x Description A non-administrative user can upload malicious files. When an administrator or the product accesses these files, an arbitrary script may be executed on the administrator's browser. Recommendation...

6.5CVSS5.6AI score0.00202EPSS

Exploits0References5

CVE•added 2026/02/03 6:10 p.m.•16 views

CVE-2026-25522

Craft Commerce (for Craft CMS) has a stored XSS in the Shipping Zone (Name & Description) fields, affecting versions 4.0.0-RC1–4.10.0 and 5.0.0–5.5.1. The root cause is improper sanitization when rendering these fields in the admin panel, enabling attacker-controlled JavaScript execution in an ad...

6.1CVSS5.4AI score0.00261EPSS

Exploits1References4Affected Software1

Snyk•added 2026/01/27 7:47 p.m.•2 views

Cross-site Scripting (XSS)

Overview froxlor/froxlor is a server administration software. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the customer registration input fields. An attacker can execute arbitrary scripts in the context of an administrator's browser by injecting malicious...

6.4CVSS6AI score0.00305EPSS

Exploits0References2

NVD•added 2026/01/20 9:16 p.m.•5 views

CVE-2026-21642

HackerOne community member Patrick Lang 7yr has reported a reflected XSS vulnerability in the banner-acl.php and channel-acl.php scripts of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is...

6.1CVSS0.00163EPSS

Exploits0References1

ATTACKERKB•added 2026/01/09 4:19 p.m.•6 views

CVE-2026-22198

GestSup versions prior to 3.2.60 contain a pre-authentication stored cross-site scripting XSS vulnerability in the API error logging functionality. By sending an API request with a crafted X-API-KEY header value for example, to /api/v1/ticket.php, an unauthenticated attacker can cause...

6.1CVSS5.6AI score0.00258EPSS

Exploits0References3

CNNVD•added 2026/01/05 12:0 a.m.•3 views

Coolify 安全漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. A security vulnerability exists in Coolify v4.0.0-beta.420.6 and prior versions, which stems from the presence of stored cross-site scripting in the project creation process that could lead to t...

9.4CVSS6.5AI score0.00474EPSS

Exploits1References2

CNVD•added 2025/12/25 12:0 a.m.•2 views

Kentico Xperience Cross-Site Scripting Vulnerability (CNVD-2026-05120)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute malicious script in an administrator user's browser...

6.1CVSS5.9AI score0.00155EPSS

Exploits0References1

Snyk•added 2025/07/31 6:32 p.m.•3 views

Cross-site Scripting (XSS)

Overview microweber/microweber is a new generation CMS with drag and drop. Affected versions of this package are vulnerable to Cross-site Scripting XSS. , An attacker can execute arbitrary JavaScript code in the context of an administrator's browser by injecting malicious scripts into user profil...

7.6CVSS5.6AI score0.00448EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by