CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

Cvelist•added 2025/10/24 5:17 a.m.•4 views

CVE-2025-61931

Pleasanter contains a stored cross-site scripting vulnerability in Body, Description and Comments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser...

5.4CVSS0.00026EPSS

Exploits0References2

EUVD•added 2025/10/24 5:17 a.m.•3 views

EUVD-2025-35798

Pleasanter contains a stored cross-site scripting vulnerability in Body, Description and Comments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser...

5.4CVSS5.3AI score0.00026EPSS

Exploits0References3

Positive Technologies•added 2025/10/24 12:0 a.m.•2 views

PT-2025-43580

Name of the Vulnerable Software and Affected Versions Pleasanter affected versions not specified Description Pleasanter contains a stored cross-site scripting issue in the Body, Description, and Comments fields. This allows an attacker to execute an arbitrary script within the web browser of a...

5.4CVSS6AI score0.00026EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-11578

Malware in sbrugna...

6.1CVSS6.3AI score0.0024EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-13317

Malware in sbrugna...

5.4CVSS5.5AI score0.00206EPSS

Exploits1References2

Snyk•added 2025/09/10 6:30 p.m.•3 views

Cross-site Scripting (XSS)

Overview decap-cms is an An extensible, open source, Git-based, React CMS for static sites. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper sanitization of input fields such as body, tags, title, and description in the content preview pane. An attacker...

6.1CVSS5.4AI score0.0002EPSS

Exploits2References2

Snyk•added 2025/03/30 11:41 p.m.•3 views

Cross-site Scripting (XSS)

Overview concrete5/concrete5 is a concrete5 open source CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the manipulation of the Title/Body source fields. An attacker can inject malicious scripts by crafting malicious input to these fields. Details...

5.1CVSS5.4AI score

Exploits0References2

Positive Technologies•added 2024/04/30 12:0 a.m.•2 views

PT-2024-25502 · Yapi · Yapi

Name of the Vulnerable Software and Affected Versions: yapi version 1.10.2 Description: A stored cross-site scripting XSS vulnerability in the Advanced Expectation - Response module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the body field...

7.4CVSS5.3AI score0.00207EPSS

Exploits0References5

Cvelist•added 2019/02/11 2:0 a.m.•18 views

CVE-2018-20774

Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field...

5.3AI score0.00206EPSS

Exploits1References1

OSV•added 2019/01/09 5:29 p.m.•2 views

CVE-2018-20680

Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field...

4.8CVSS5.8AI score

Exploits0References1

Cvelist•added 2019/01/09 5:0 p.m.•18 views

CVE-2018-20680

Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field...

5AI score0.00219EPSS

Exploits1References1

CVE•added 2018/12/31 3:0 p.m.•37 views

CVE-2018-19904

CVE-2018-19904 corresponds to a Persistent XSS in XSLT CMS, exploitable via the create/?action=items.edit&type=Page endpoint in the body field. The vulnerability is documented across multiple sources (NVD entry and related advisories) and is described as XSS affecting the body field, with PoC ind...

6.1CVSS5.9AI score0.0024EPSS

Exploits1References1Affected Software1