CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1492 matches found

CNNVD•added 2024/09/10 12:0 a.m.•4 views

moziloCMS 安全漏洞

moziloCMS is a content management system CMS in the moziloCMS open source. A security vulnerability exists in moziloCMS version 3.0, which stems from the presence of a Reflective Cross-Site Scripting XSS vulnerability that could allow an attacker to execute arbitrary code in the context of a user...

6.1CVSS6.1AI score0.00419EPSS

Exploits1References3

CNNVD•added 2024/08/29 12:0 a.m.•2 views

B&R Industrial Automation APROL 跨站脚本漏洞

B&R Industrial Automation APROL is a production process management system from B&R Industrial Automation, Austria. A cross-site scripting vulnerability exists in B&R Industrial Automation APROL R version 4.4-00P3 and prior versions, which stems from a cross-site scripting vulnerability contained ...

6.1CVSS6.5AI score0.00239EPSS

Exploits0References2

Github Security Blog•added 2024/08/23 9:30 p.m.•25 views

Automad Cross-site Scripting vulnerability

A persistent stored cross-site scripting XSS vulnerability has been identified in Automad 2.0.0-alpha.4. This vulnerability enables an attacker to inject malicious JavaScript code into the template body. The injected code is stored within the flat file CMS and is executed in the browser of any us...

4.8CVSS5.5AI score0.00769EPSS

Exploits2References4Affected Software1

NVD•added 2024/08/23 5:15 p.m.•14 views

CVE-2024-41844

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

5.4CVSS0.00296EPSS

Exploits0References1

Vulnrichment•added 2024/08/23 4:53 p.m.•12 views

CVE-2024-41844 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

5.4CVSS5.3AI score0.00296EPSS

Exploits0References1

Cvelist•added 2024/08/23 12:0 a.m.•17 views

CVE-2024-40111

0.00769EPSS

Exploits2References2

CVE•added 2024/08/23 12:0 a.m.•69 views

CVE-2024-40111

CVE-2024-40111 describes a stored XSS in Automad 2.0.0-alpha.4. The vulnerability lets an attacker inject JavaScript into the template body which is saved by the flat-file CMS and executed in the browser of any user visiting the page (e.g., forum). Practical impact stated across sources includes ...

4.8CVSS5.3AI score0.00769EPSS

Exploits2References2Affected Software1

Vulnrichment•added 2024/08/23 12:0 a.m.•16 views

CVE-2024-40111

5.5AI score0.00769EPSS

Exploits2References2

CNNVD•added 2024/08/16 12:0 a.m.•1 views

ZZCMS 安全漏洞

ZZCMS is a content management system CMS by the ZZCMS team in China. A security vulnerability exists in ZZCMS version v2023, which stems from vulnerability to reflective cross-site scripting attacks, where an attacker can execute arbitrary code in a user's browser environment by injecting a...

4.7CVSS6.7AI score0.00323EPSS

Exploits0References3

CNNVD•added 2024/08/14 12:0 a.m.•2 views

Adobe Commerce 跨站脚本漏洞

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. A cross-site scripting vulnerability exists in Adobe Commerce that can be exploited by an attacker to execute malicious JavaScript in a browser...

7.6CVSS6.2AI score0.0049EPSS

Exploits0References3

CNNVD•added 2024/08/05 12:0 a.m.•4 views

mailcow 安全漏洞

mailcow is a mail server suite from mailcow open source. A security vulnerability exists in versions prior to mailcow 2024-07 that stems from the ability of an unauthenticated attacker to inject a JavaScript payload into API logs, which could allow an attacker to run malicious scripts in the...

7.6CVSS6.4AI score0.00332EPSS

Exploits0References3

OSV•added 2024/07/25 8:15 a.m.•3 views

CVE-2024-41705

A stored XSS issue was discovered in Archer Platform 6.8 before 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the...

5.4CVSS5.9AI score

Exploits0References2

OSV•added 2024/07/25 8:15 a.m.•6 views

CVE-2024-41706

A stored XSS issue was discovered in Archer Platform 6 before version 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers...

5.4CVSS5.9AI score0.00308EPSS

Exploits0References2

CVE•added 2024/07/08 7:29 a.m.•298 views

CVE-2024-37389

The CVE-2024-37389 entry affects Apache NiFi versions 1.10.0–1.26.0 and 2.0.0-M1–2.0.0-M3, where the Parameter Context description field is vulnerable to cross-site scripting. An authenticated user with Parameter Context configuration rights can input arbitrary JavaScript code that the browser ex...

5.4CVSS4.8AI score0.24031EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2024/06/27 6:46 p.m.•14 views

CVE-2024-5933 Cross-site Scripting (XSS) in parisneo/lollms-webui

A Cross-site Scripting XSS vulnerability exists in the chat functionality of parisneo/lollms-webui in the latest version. This vulnerability allows an attacker to inject malicious scripts via chat messages, which are then executed in the context of the user's browser...

6.1CVSS6AI score0.00351EPSS

Exploits1References1

NVD•added 2024/06/13 8:16 a.m.•27 views

CVE-2024-36232

5.4CVSS0.00313EPSS

Exploits0References1

NVD•added 2024/06/13 8:16 a.m.•28 views

CVE-2024-36221

5.4CVSS0.00313EPSS

Exploits0References1

NVD•added 2024/06/13 8:16 a.m.•24 views

CVE-2024-36215