CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2025/05/12 4:12 p.m.•12 views

CVE-2025-46749 Improper Neutralization of Input

An authenticated user could submit scripting to fields that lack proper input and output sanitization leading to subsequent client-side script execution...

4.3CVSS0.00271EPSS

Vulnrichment•added 2025/05/12 4:12 p.m.•6 views

CVE-2025-46749 Improper Neutralization of Input

An authenticated user could submit scripting to fields that lack proper input and output sanitization leading to subsequent client-side script execution...

4.3CVSS6.5AI score0.00271EPSS

CVE•added 2024/05/06 6:36 a.m.•104 views

CVE-2024-23186

Summary: CVE-2024-23186 affects Open-Xchange Open-Xchange App Suite (see connected sources). An email contains malicious display-name information that can trigger client-side script execution on specific mobile devices, enabling attackers to perform malicious API requests or extract data from use...

6.5CVSS6.7AI score0.00447EPSS

Exploits0References3Affected Software1

Cvelist•added 2024/05/06 6:36 a.m.•14 views

CVE-2024-23186

6.5CVSS6.7AI score0.00447EPSS

Exploits0References3

Prion•added 2023/12/04 11:15 p.m.•12 views

Design/Logic Flaw

The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted...

4.9CVSS7.1AI score0.00004EPSS

Exploits0References1Affected Software1

CVE•added 2023/12/04 10:50 p.m.•27 views

CVE-2023-40460

CVE-2023-40460 affects the ACEManager component of ALEOS 4.16 and earlier . The vulnerability arises because ACEManager does not validate uploaded file names and types, which could allow an authenticated user to execute client-side scripts within ACEManager and alter device functionality until a ...

7.1CVSS6.3AI score0.00004EPSS

Exploits0References1Affected Software1

Cvelist•added 2023/12/04 10:50 p.m.•10 views

CVE-2023-40460 Improper input leads to DoS

7.1CVSS7.1AI score0.00004EPSS

Exploit DB•added 2019/01/09 12:0 a.m.•88 views

ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting

Exploit Title: Reflected Cross-Site Scripting on ZTE MF65 Date: 01/09/2019 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009483 Version: BDHDV6MF65V1.0.0B05 Tested on: Windows 10 x64 CVE:...

6.1CVSS6.5AI score0.00957EPSS

Exploits4

seebug.org•added 2014/07/01 12:0 a.m.•12 views

Spyce 2.1.3 spyce/examples/automaton.spy Direct Request Error Message Information Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may leverage these issues to execute arbitrary script code in the...

seebug.org•added 2014/07/01 12:0 a.m.•10 views

Spyce 2.1.3 spyce/examples/getpost.spy Name Parameter XSS

seebug.org•added 2014/07/01 12:0 a.m.•7 views

Spyce 2.1.3 docs/examples/handlervalidate.spy x Parameter XSS

seebug.org•added 2014/07/01 12:0 a.m.•10 views

Spyce 2.1.3 docs/examples/redirect.spy Multiple Parameter XSS

Exploit DB•added 2007/02/19 12:0 a.m.•25 views

Spyce 2.1.3 - spyce/examples/automaton.spy Direct Request Error Message Information Disclosure

source: https://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user i...

7.4AI score