CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

158 matches found

Tenable Nessus•added 2026/05/11 12:0 a.m.•5 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : CiviCRM vulnerability (USN-8242-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8242-1 advisory. Takuya Aramaki discovered that Smarty, vendored in CiviCRM, did not properly escape JavaScript code. An attacker could possibl...

7.1CVSS6.8AI score0.01189EPSS

Exploits0References2

OSV•added 2026/05/07 8:0 a.m.•2 views

USN-8242-2 postfixadmin vulnerability

USN-8242-1 fixed a vulnerability in CiviCRM. This update provides the corresponding fix for PostfixAdmin. Original advisory details: Takuya Aramaki discovered that Smarty, vendored in CiviCRM, did not properly escape JavaScript code. An attacker could possibly use this issue to conduct a cross-si...

7.1CVSS6.8AI score0.01189EPSS

Exploits0References2

Ubuntu•added 2026/05/07 8:0 a.m.•6 views

USN-8242-2: PostfixAdmin vulnerability

7.1CVSS6.8AI score0.01189EPSS

Exploits0

OSV•added 2026/05/07 7:47 a.m.•3 views

USN-8242-1 civicrm vulnerability

Takuya Aramaki discovered that Smarty, vendored in CiviCRM, did not properly escape JavaScript code. An attacker could possibly use this issue to conduct a cross-site scripting attack...

7.1CVSS6.8AI score0.01189EPSS

Exploits0References2

Ubuntu•added 2026/05/07 7:47 a.m.•5 views

USN-8242-1: CiviCRM vulnerability

Takuya Aramaki discovered that Smarty, vendored in CiviCRM, did not properly escape JavaScript code. An attacker could possibly use this issue to conduct a cross-site scripting attack...

7.1CVSS6.8AI score0.01189EPSS

Exploits0

RedhatCVE•added 2026/01/09 12:41 p.m.•4 views

CVE-2023-25440

Stored Cross Site Scripting XSS vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field...

5.4CVSS6.1AI score0.00798EPSS

Exploits4References1

RedhatCVE•added 2025/12/03 12:26 a.m.•4 views

CVE-2025-65187

A Stored Cross Site Scripting vulnerability exists in CiviCRM before v6.7 in the Accounting Batches field. An authenticated user can inject malicious JavaScript into this field and it executes whenever the page is viewed...

6.1CVSS6AI score0.00033EPSS

Exploits1References1

Tenable Nessus•added 2025/12/03 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2025-65187

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Stored Cross Site Scripting vulnerability exists in CiviCRM before v6.7 in the Accounting Batches field. An authenticated user can inject malicious JavaScript...

6.1CVSS6AI score0.00033EPSS

Exploits1References3

EUVD•added 2025/12/02 6:30 p.m.•3 views

EUVD-2025-200269

6.1CVSS5.5AI score0.00033EPSS

Exploits1References3

NVD•added 2025/12/02 4:15 p.m.•3 views

CVE-2025-65187

6.1CVSS0.00033EPSS

Exploits1References2

OSV•added 2025/12/02 4:15 p.m.•2 views

CVE-2025-65187

6.1CVSS5.7AI score0.00033EPSS

Exploits1References2

OSV•added 2025/12/02 4:15 p.m.•1 views

UBUNTU-CVE-2025-65187

6.1CVSS5.8AI score0.00033EPSS

Exploits1References4

Vulnrichment•added 2025/12/02 12:0 a.m.•3 views

CVE-2025-65187

5.7AI score0.00033EPSS

Exploits1References2

CVE•added 2025/12/02 12:0 a.m.•9 views

CVE-2025-65187

CVE-2025-65187 describes a Stored XSS in CiviCRM prior to v6.7, specifically in the Accounting Batches field. An authenticated user can inject JavaScript into that field, which executes when the page is viewed. The vulnerability is documented across multiple feeds (NVD/Red Hat/Nessus/EUVD/OSV/Ubu...

6.1CVSS5.7AI score0.00033EPSS

Exploits1References2Affected Software1

CNNVD•added 2025/12/02 12:0 a.m.•3 views

CiviCRM 安全漏洞

CiviCRM is an open source, cloud-based member relationship management CRM system developed specifically to meet the needs of nonprofit and association-based organizations. A security vulnerability exists in CiviCRM versions prior to 6.7 that stems from the Accounting Batches field being vulnerabl...

6.1CVSS5.8AI score0.00033EPSS

Exploits1References3