CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

RedhatCVE•added 2026/01/09 12:29 p.m.•6 views

CVE-2023-40869

Cross Site Scripting vulnerability in mooSocial mooSocial Software 3.1.6 and 3.1.7 allows a remote attacker to execute arbitrary code via a crafted script to the editmenu, copuon, and groupcategorias functions...

6.1CVSS7.3AI score0.01008EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-8176

Malware in sbrugna...

9CVSS9.1AI score0.03233EPSS

Exploits2References5

EUVD•added 2025/10/03 8:7 p.m.•10 views

EUVD-2022-32908

Malicious code in bioql PyPI...

9CVSS9AI score0.01144EPSS

Exploits0References1

Exploit DB•added 2025/07/16 12:0 a.m.•362 views

PivotX 3.0.0 RC3 - Remote Code Execution (RCE)

Exploit Title: PivotX v3.0.0 RC3 - Stored XSS to Remote Code Execution RCE Date: July 2025 Exploit Author: HayToN Vendor Homepage: https://github.com/pivotx Software Link: https://github.com/pivotx/PivotX Version: 3.0.0 RC3 Tested on: Debian 11, PHP 7.4 CVE : CVE-2025-52367 Vulnerability Type:...

5.4CVSS7.4AI score0.04316EPSS

Exploits6

RedhatCVE•added 2025/05/23 11:41 a.m.•4 views

CVE-2025-22917

A reflected cross-site scripting XSS vulnerability in Audemium ERP =0.9.0 allows remote attackers to execute an arbitrary JavaScript payload in the web browser of a user by including a malicious payload into the 'type' parameter of list.php...

5.4CVSS6AI score0.0024EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 9:58 a.m.•6 views

CVE-2024-27703

Cross Site Scripting vulnerability in Leantime 3.0.6 allows a remote attacker to execute arbitrary code via the to-do title parameter...

5.4CVSS7.3AI score0.00542EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 9:29 a.m.•4 views

CVE-2024-37672

Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the idactivity parameter...

5.4CVSS7.4AI score0.00602EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 7:31 a.m.•5 views

CVE-2024-48410

Cross Site Scripting vulnerability in Camtrace v.9.16.2.1 allows a remote attacker to execute arbitrary code via the login.php...

6.1CVSS7.3AI score0.00393EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:40 p.m.•5 views

CVE-2022-28464

Apifox through 2.1.6 is vulnerable to Cross Site Scripting XSS which can lead to remote code execution...

9CVSS6.6AI score0.01144EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 5:5 p.m.•6 views

CVE-2020-20521

Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the comment parameter...

6.1CVSS7.3AI score0.00565EPSS

Exploits1

Packet Storm•added 2025/04/21 12:0 a.m.•223 views

📄 WonderCMS 3.4.2 Cross Site Scripting / Code Execution

WonderCMS version 3.4.2 proof of concept cross site scripting to code execution exploit. Exploit Title: WonderCMS v3.4.2 XSS to RCE Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H:...

6.1CVSS6.3AI score0.54305EPSS

Exploits16

RedhatCVE•added 2025/02/05 2:52 p.m.•4 views

CVE-2020-15183

SoyCMS 3.0.2 and earlier is affected by Reflected Cross-Site Scripting XSS which leads to Remote Code Execution RCE from a known vulnerability. This allows remote attackers to force the administrator to edit files once the adminsitrator loads a specially crafted webpage...

8.4CVSS6.3AI score0.01747EPSS

Exploits1

OpenVAS•added 2024/12/02 12:0 a.m.•11 views

LimeSurvey < 6.5.12 XSS Vulnerability

LimeSurvey is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.1CVSS6.3AI score0.00535EPSS

Exploits0References1

Cvelist•added 2024/05/13 7:56 p.m.•18 views

CVE-2024-33433

Cross Site Scripting vulnerability in TOTOLINK X2000R before v1.0.0-B20231213.1013 allows a remote attacker to execute arbitrary code via the Guest Access Control parameter in the Wireless Page...

7.2AI score0.00633EPSS

Exploits1References1

Positive Technologies•added 2024/02/26 12:0 a.m.•2 views

PT-2024-20794 · 71Cms · 71Cms

Name of the Vulnerable Software and Affected Versions: 71CMS version 1.0.0 Description: The issue allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file. This is a Cross Site Scripting vulnerability. Recommendations: For 71CMS version...

6.1CVSS6.9AI score0.00549EPSS

Exploits0References5

Vulnrichment•added 2024/02/05 12:0 a.m.•4 views

CVE-2024-24397

Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field...

5.7AI score0.00967EPSS

Exploits1References3

NVD•added 2023/10/09 9:15 p.m.•12 views

CVE-2023-44812

Cross Site Scripting XSS vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the adminredirecturl parameter of the user login function...

6.1CVSS6AI score0.01913EPSS

Exploits2References1

Vulnrichment•added 2023/05/10 7:25 p.m.•8 views

CVE-2023-31164 Improper Neutralization of Input During Web Page Generation

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL...

4.3CVSS7.2AI score0.00439EPSS

Exploits0References2

Prion•added 2021/03/15 6:15 p.m.•17 views

Cross site scripting

myDBR 5.8.3/4262 is affected by: Cross Site Scripting XSS. The impact is: execute arbitrary code remote. The component is: CSRF Token. The attack vector is: CSRF token injection to XSS...

6.8CVSS9.3AI score0.01861EPSS

Exploits1References1Affected Software1

NVD•added 2020/08/28 10:15 p.m.•11 views

CVE-2020-15159

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting XSS and Remote Code Execution RCE. This may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file.The affected components are ThemeFilesController.php and...

7.6CVSS7.4AI score0.02152EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by