CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Improper Preservation of Permissions vulnerability in Salesforce OmniStudio FlexCards allows exposure of Custom Settings data. This impacts OmniStudio: before version 254...

7.5CVSS7.7AI score0.0041EPSS

Exploits0References1

NVD•added 2025/06/10 12:15 p.m.•7 views

CVE-2025-43701

Improper Preservation of Permissions vulnerability in Salesforce OmniStudio FlexCards allows exposure of Custom Settings data. This impacts OmniStudio: before version 254...

7.5CVSS0.0041EPSS

Exploits0References1

Cvelist•added 2025/06/10 11:21 a.m.•15 views

CVE-2025-43701

Improper Preservation of Permissions vulnerability in Salesforce OmniStudio FlexCards allows exposure of Custom Settings data. This impacts OmniStudio: before version 254...

0.0041EPSS

Exploits0References1

Vulnrichment•added 2025/06/10 11:21 a.m.•4 views

CVE-2025-43701

Improper Preservation of Permissions vulnerability in Salesforce OmniStudio FlexCards allows exposure of Custom Settings data. This impacts OmniStudio: before version 254...

7.5AI score0.0041EPSS

Exploits0References1

CVE•added 2025/06/10 11:21 a.m.•49 views

CVE-2025-43701

CVE-2025-43701 affects Salesforce OmniStudio (FlexCards). Root cause: improper preservation of permissions allowing exposure of Custom Settings data. Impact: OmniStudio versions before 254. CVSS 3.1 base 7.5 ( HIGH ); attack vector/complexity: network/low, no user interaction required. Remediatio...

7.5CVSS7.2AI score0.0041EPSS

Exploits0References1

Positive Technologies•added 2025/05/20 12:0 a.m.•3 views

PT-2025-22121 · Salesforce · Omnis Studio

Name of the Vulnerable Software and Affected Versions: Salesforce OmniStudio versions prior to 254 Description: The issue is related to an Improper Preservation of Permissions vulnerability in Salesforce OmniStudio FlexCards, which allows exposure of Custom Settings data. Recommendations: For...

7.5CVSS9.2AI score0.0041EPSS

Exploits0References8

Prion•added 2023/09/06 1:15 p.m.•19 views

Design/Logic Flaw

Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask i.e., replace with asterisks usernames of credentials specified in custom Maven settings in Pipeline build logs if "Treat username as secret" is checked...

5CVSS5.2AI score0.00544EPSS

Exploits0References2Affected Software1

AlpineLinux•added 2023/09/06 12:8 p.m.•27 views

CVE-2023-41934

5.3CVSS7AI score0.00544EPSS

Exploits0References2

CNVD•added 2023/07/10 12:0 a.m.•12 views

BageCMS Cross-Site Scripting Vulnerability

BageCMS is a cross-platform content management system CMS based on PHP and MySQL by the BageCMS team in China. A cross-site scripting vulnerability exists in BageCMS v3.1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the custom settings module, and can ...

5.4CVSS6.4AI score0.00297EPSS

Exploits1References1

ATTACKERKB•added 2023/07/06 3:15 p.m.•2 views

CVE-2023-37122

A stored cross-site scripting XSS vulnerability in Bagecms v3.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Settings module...

5.4CVSS6.2AI score0.00297EPSS

Exploits1References2

OSV•added 2023/07/06 3:15 p.m.•2 views

CVE-2023-37122

A stored cross-site scripting XSS vulnerability in Bagecms v3.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Settings module...

5.4CVSS5.9AI score0.00297EPSS

Exploits1References1

NVD•added 2023/07/06 3:15 p.m.•8 views

CVE-2023-37122

A stored cross-site scripting XSS vulnerability in Bagecms v3.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Settings module...

5.4CVSS5.3AI score0.00297EPSS

Exploits1References1

Prion•added 2023/07/06 3:15 p.m.•10 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in Bagecms v3.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Settings module...

4.9CVSS5.2AI score0.00297EPSS

Exploits1References1Affected Software1

Cvelist•added 2023/07/06 12:0 a.m.•17 views

CVE-2023-37122

A stored cross-site scripting XSS vulnerability in Bagecms v3.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Settings module...

5.4AI score0.00297EPSS

Exploits1References1

CNNVD•added 2023/07/06 12:0 a.m.•3 views

Bagecms 跨站脚本漏洞

5.4CVSS6.2AI score0.00297EPSS

Exploits1References2

Positive Technologies•added 2023/07/06 12:0 a.m.•3 views

PT-2023-25789 · Bagecms · Bagecms

Name of the Vulnerable Software and Affected Versions: Bagecms version 3.1.0 Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Settings module. This enables attackers to potentially...

5.4CVSS5.6AI score0.00297EPSS

Exploits1References3

Vulnrichment•added 2023/07/06 12:0 a.m.•15 views

CVE-2023-37122

A stored cross-site scripting XSS vulnerability in Bagecms v3.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Settings module...

5.7AI score0.00297EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by