CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3301 matches found

TP-Link Archer A20 v3 Router - Cross-site Scripting

The TP-Link Archer A20 v3 router is vulnerable to Cross-site Scripting XSS due to improper handling of directory listing paths in the web interface. When a specially crafted URL is visited, the router's web page renders the directory listing and executes arbitrary JavaScript embedded in the URL...

4.8CVSS7.4AI score0.00865EPSS

Exploits0References2

Nuclei•added 12 hours ago•41 views

WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting

WordPress amty-thumb-recent-post plugin 8.1.3 contains a cross-site scripting vulnerability via the query string to amtyThumbPostsAdminPg.php. id: CVE-2017-17059 info: name: WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress...

6.1CVSS6.2AI score0.03419EPSS

Exploits1References4

Nuclei•added 12 hours ago•21 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/account-owner.php Owner name field. id: CVE-2018-19749 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 contains a cross-site scripting...

4.8CVSS5.9AI score0.03331EPSS

Exploits6References5

Nuclei•added 12 hours ago•25 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /admin/ssl-fields/add.php Display Name, Description & Notes field parameters. id: CVE-2018-19751 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 contains...

4.8CVSS5.9AI score0.03316EPSS

Exploits6References4

Nuclei•added 12 hours ago•75 views

Grafana <= 6.7.1 - Cross-Site Scripting

Grafana through 6.7.1 contains an unauthenticated stored cross-site scripting vulnerability due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot...

5.4CVSS6.6AI score0.09619EPSS

Exploits0References5

Nuclei•added 12 hours ago•41 views

osTicket < 1.12.1 - Cross-Site Scripting

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the...

6.1CVSS6.7AI score0.11687EPSS

Exploits4References5

Nuclei•added 12 hours ago•26 views

ZZcms - Cross-Site Scripting

ZZcms 2019 contains a cross-site scripting vulnerability in the user login page. An attacker can inject arbitrary JavaScript code in the referer header via user/login.php, which can allow theft of cookie-based credentials and launch of subsequent attacks. id: CVE-2020-20285 info: name: ZZcms -...

5.4CVSS6.1AI score0.01552EPSS

Exploits1References3

Nuclei•added 12 hours ago•15 views

123Solar 1.8.4.5 - Cross-Site Scripting

123Solar 1.8.4.5 is vulnerable to reflected cross-site scripting XSS via the date1 parameter in detailed.php. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution. id: CVE-2024-9007 info: name: 123Solar 1.8.4.5 - Cross-Site Scripting author: ritikchaddha...

5.4CVSS5.7AI score0.00931EPSS

Exploits1References2

Nuclei•added 12 hours ago•27 views

Spotweb <= 1.5.1 - Cross Site Scripting

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter. id: CVE-2021-40970 info: name: Spotweb = 1.5.1 - Cross Site Scripting author: theamanrawat severity:...

6.1CVSS6.6AI score0.02204EPSS

Exploits1References4

Nuclei•added 12 hours ago•36 views

EPrints 3.4.2 - Cross-Site Scripting

EPrints 3.4.2 contains a reflected cross-site scripting vulnerability in the dataset parameter to the cgi/dataset dictionary URI. id: CVE-2021-26702 info: name: EPrints 3.4.2 - Cross-Site Scripting author: ritikchaddha severity: medium description: EPrints 3.4.2 contains a reflected cross-site...

6.1CVSS6.7AI score0.02663EPSS

Exploits1References5

Nuclei•added 12 hours ago•30 views

ClinicCases 7.3.3 Cross-Site Scripting

ClinicCases 7.3.3 is susceptible to multiple reflected cross-site scripting vulnerabilities that could allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL. This can result in account takeover via session token theft. id: CVE-2021-38704 info: name:...

6.1CVSS6.3AI score0.03466EPSS

Exploits1References5

Nuclei•added 12 hours ago•37 views

FineCMS <=5.0.10 - Cross-Site Scripting

FineCMS through 5.0.10 contains a cross-site scripting vulnerability in controllers/api.php via the function parameter in a c=api&m=data2 request. id: CVE-2017-11629 info: name: FineCMS =5.0.11 which includes a fix for this vulnerability. reference: -...

6.1CVSS6.2AI score0.01937EPSS

Exploits1References4

ATTACKERKB•added yesterday•4 views

CVE-2026-55413

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, any authenticated user with builder role free tier can overwrite a globally-shared marketplace plugin with arbitrary JavaScript that executes...

9.4CVSS6.1AI score

Exploits0References2Affected Software1

NVD•added 2 days ago•5 views

CVE-2026-11998

A flaw in AngularJS' Strict Contextual Escaping SCE logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session. SCE's purpose is to ensure that only trusted or safe values are used in certain...

7.6CVSS0.00192EPSS

Exploits0References3

Cvelist•added 2 days ago•15 views

CVE-2026-11998 AngularJS XSS via SCE resource URL sanitization bypass

7.6CVSS0.00192EPSS

Exploits0References2

CVE•added 2 days ago•7 views

CVE-2026-11998

CVE-2026-11998 affects AngularJS SCE (Strict Contextual Escaping) resource URLs. The flaw stems from the URL-matching logic using regular expressions, which can yield partial matches and bypass SCE policies, allowing unsafe values as resource URLs and potentially arbitrary JavaScript execution wi...

7.6CVSS6.1AI score0.00192EPSS

Exploits0References3

CVE•added 2 days ago•6 views

CVE-2026-49220

CVE-2026-49220 affects Jellyfin up to version 10.11.8, where a vulnerability in the AuthenticateByName flow allows a non-privileged user to inject HTML/JavaScript in the Client header that executes in an Administrative user session when accessing a user’s detail from the dashboard. This is a user...

5.7CVSS6.1AI score0.00194EPSS

Exploits0References1

NVD•added 3 days ago•7 views

CVE-2026-11772

DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is in End Of Life phase and will not receive any updates. However, deleting info.php fi...

5.1CVSS0.00378EPSS

Exploits0References2

Cvelist•added 3 days ago•35 views

CVE-2026-11772 Reflected XSS in DRIMO CMS

5.1CVSS0.00378EPSS

Exploits0References2

CVE•added 3 days ago•8 views

CVE-2026-11772

DRIMO CMS is affected by a Reflected XSS in the searching functionality, triggered via the q parameter. The vulnerability allows arbitrary JavaScript execution in the victim’s browser when a crafted URL is opened. The affected software is at end-of-life and no security updates are planned. Mitiga...

5.1CVSS6.1AI score0.00378EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by