CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

Cvelist•added 2025/11/07 12:0 a.m.•5 views

CVE-2025-63638

Sourcecodester AI-Powered To-Do List App v1.0 is vulnerable to Cross-Site Scripting XSS in the "Task Title" and "Description Optional" fields when creating a Task, allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in the victim's browser upon clicki...

0.00041EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-5548

Malware in sbrugna...

6.1CVSS6.3AI score0.00301EPSS

Exploits1References4

Tenable Nessus•added 2025/08/30 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2017-16907

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action. CVE-2017-16907 Note that Nessus relies on the presence of t...

5.4CVSS5.5AI score0.00227EPSS

Exploits1References2

OSV•added 2025/08/12 3:57 p.m.•3 views

CVE-2025-55011 Kanboard Path Traversal in File Write via Task File Upload Api

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, the createTaskFile method in the API does not validate whether the taskid parameter is a valid task id, nor does it check for path traversal. As a result, a malicious actor could write a file...

6.4CVSS6.6AI score0.00117EPSS

Exploits1References5

OSV•added 2024/11/20 12:15 p.m.•0 views

CVE-2024-10520

The WP Project Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'check' method of the 'CreateMilestone', 'CreateTaskList', 'CreateTask', and 'DeleteTask' classes in version 2.6.14. This makes it possible for unauthenticated...

5.3CVSS7.3AI score0.00296EPSS

Exploits0References2

CNNVD•added 2024/11/20 12:0 a.m.•2 views

WordPress plugin WP Project Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS8.1AI score0.00296EPSS

Exploits0References2

Veracode•added 2020/12/06 3:37 a.m.•20 views

Cross-Site Scripting (XSS)

php-horde is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user' s browser via the Color field in a Create Task List action...

5.4CVSS4.5AI score0.00227EPSS

Exploits1References5Affected Software1

Tenable Nessus•added 2020/08/31 12:0 a.m.•29 views

Debian DLA-2348-1 : php-horde-core security update

In Horde Groupware, there has been an XSS vulnerability in two components via the Color field in a Create Task List action. For Debian 9 stretch, this problem has been fixed in version 2.27.6+debian1-2+deb9u1. We recommend that you upgrade your php-horde-core packages. For the detailed security...

5.4CVSS5.4AI score0.00227EPSS

Exploits1References4

OSV•added 2019/07/28 2:15 p.m.•11 views

CVE-2019-14329

An issue was discovered in EspoCRM before 5.6.6. There is stored XSS due to lack of filtration of user-supplied data in Create Task. A malicious attacker can modify the parameter name to contain JavaScript code...

6.1CVSS5.8AI score

Exploits0References3

NVD•added 2019/07/28 2:15 p.m.•12 views

CVE-2019-14329

6.1CVSS5.9AI score0.00301EPSS

Exploits1References3

Prion•added 2019/07/28 2:15 p.m.•13 views

Cross site scripting

4.3CVSS5.8AI score0.00301EPSS

Exploits1References3Affected Software1

Cvelist•added 2019/07/28 1:46 p.m.•13 views

CVE-2019-14329

5.9AI score0.00301EPSS

Exploits1References3

CNVD•added 2017/11/21 12:0 a.m.•2 views

Horde Groupware Cross-Site Scripting Vulnerability (CNVD-2017-37743)

Horde Groupware is a free, enterprise-grade, browser-based collaboration suite. A cross-site scripting vulnerability exists in Horde Groupware 5.2.19. A cross-site scripting attack can be performed via the Color field in the "Create Task List" action, which can lead to remote code execution...

5.4CVSS7.3AI score0.00227EPSS

Exploits1References1

Prion•added 2017/11/20 8:29 p.m.•12 views

Cross site scripting

In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action...

3.5CVSS5.1AI score0.00227EPSS

Exploits1References4Affected Software1