CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1341 matches found

RedhatCVE•added 2025/05/23 8:6 a.m.•9 views

CVE-2024-45429

Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5 and earlier and Advanced Custom Fields Pro versions 6.3.5 and earlier. If an attacker with the 'capability' setting privilege which is set in the product settings stores an arbitrary script in the field label, the...

6.1CVSS6.6AI score0.00538EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 7:49 a.m.•7 views

CVE-2024-20539

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input...

4.8CVSS6.3AI score0.00169EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 7:46 a.m.•6 views

CVE-2024-28034

Cross-site scripting vulnerability exists in Mini Thread Version 3.33βi. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using Mini Thread Version 3.33βi...

5.4CVSS6.6AI score0.00176EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:41 a.m.•2 views

CVE-2023-0446

The My YouTube Channel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 3.0.12.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.5CVSS4AI score0.00303EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 3:37 a.m.•7 views

CVE-2023-28651

Cross-site scripting vulnerability exists in CONPROSYS HMI System CHS versions prior to 3.5.3. If a user who can access the affected product with an administrative privilege configures specially crafted settings, an arbitrary script may be executed on the web browser of the other user who is...

4.8CVSS6.5AI score0.03589EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 11:0 p.m.•4 views

CVE-2022-33151

Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified vectors...

6.1CVSS6.7AI score0.00189EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:41 p.m.•4 views

CVE-2022-28715

Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors...

6.1CVSS6.6AI score0.00189EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 7:8 p.m.•8 views

CVE-2021-20771

Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors...

6.1CVSS6.6AI score0.00347EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 7:7 p.m.•5 views

CVE-2021-20685

Cross-site scripting vulnerability in Kagemai 0.8.8 allows remote attackers to inject an arbitrary script via unspecified vectors...

6.1CVSS6.7AI score0.00205EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 6:17 p.m.•5 views

CVE-2021-20689

Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbitrary script via unspecified vectors...

6.1CVSS6.7AI score0.00205EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 3:39 p.m.•4 views

CVE-2020-5625

Cross-site scripting vulnerability in XooNIps 3.48 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors...

6.1CVSS6.7AI score0.00435EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 3:39 p.m.•6 views

CVE-2020-5586

Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors...

4.8CVSS6.5AI score0.00352EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 12:50 p.m.•4 views

CVE-2018-1999021

Gleezcms Gleez Cms version 1.3.0 contains a Cross Site Scripting XSS vulnerability in Profile page that can result in Inject arbitrary web script or HTML via the profile page editor. This attack appear to be exploitable via The victim must navigate to the attacker's profile page...

5.4CVSS5.7AI score0.00206EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 5:42 a.m.•1 views

CVE-2010-4405

Cross-site scripting XSS vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.00285EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 5:21 a.m.•3 views

CVE-2019-5940

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Scheduler'...

6.1CVSS6.4AI score0.0026EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 4:21 a.m.•4 views

CVE-2012-2065

Cross-site scripting XSS vulnerability in the Language Icons module 6.x-2.x before 6.x-2.1 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with administer languages permissions to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.6AI score0.00335EPSS

Exploits0References1

RedhatCVE•added 2025/05/21 9:18 p.m.•5 views

CVE-2006-5195

Multiple cross-site scripting XSS vulnerabilities in Wheatblog 1.0 and 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information...

6.8CVSS5.8AI score0.00867EPSS

Exploits0References1

RedhatCVE•added 2025/05/21 9:1 p.m.•8 views

CVE-2005-2326

Cross-site scripting XSS vulnerability in Clever Copy 2.0 and 2.0a allows remote attackers to inject arbitrary web script or HTML via the yr parameter to calendar.php...

4.3CVSS5.9AI score0.00337EPSS

Exploits1References1

Cvelist•added 2025/05/14 12:0 a.m.•10 views

CVE-2025-29688

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /daymanager/daymanageabilitycontroller.java...

0.00181EPSS

Exploits1References1

Vulnrichment•added 2025/05/14 12:0 a.m.•6 views

CVE-2025-29686

5.6AI score0.00181EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by