Lucene search
K

595 matches found

Nuclei
Nuclei
added yesterday52 views

WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting

Multiple cross-site scripting vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 notify or 2 blog parameter. id: CVE-2013-2287 info: name: WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting...

4.3CVSS6.2AI score0.09239EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday88 views

Cherokee HTTPD <=0.5 - Cross-Site Scripting

Cherokee HTTPD 0.5 and earlier contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated. id: CVE-2006-1681 info:...

4.3CVSS6.2AI score0.06643EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday64 views

AppServ Open Project <=2.5.10 - Cross-Site Scripting

AppServ Open Project 2.5.10 and earlier contains a cross-site scripting vulnerability in index.php which allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter. id: CVE-2008-2398 info: name: AppServ Open Project =2.5.11 or apply the necessary security patches...

4.3CVSS6.2AI score0.06232EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday132 views

Simple URLs < 115 - Cross Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2023-0099 info: name: Simple URLs 115 - Cross Site Scripting author: r3Y3r53 severit...

6.1CVSS6.4AI score0.01726EPSS
Exploits6References5
Nuclei
Nuclei
added yesterday153 views

phpIPAM - 1.6 - Cross-Site Scripting

phpIPAM 1.6 contains a cross-site scripting vulnerability via the closeClass parameter at /subnet-masks/popup.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

6.1CVSS6.5AI score0.03904EPSS
Exploits3References2
Nuclei
Nuclei
added yesterday89 views

Academy LMS 6.0 - Cross-Site Scripting

Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting XSS vulnerability through query parameter. id: CVE-2023-38964 info: name: Academy LMS 6.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Creative Item Academy LMS 6.0 was discovered to...

6.1CVSS6.4AI score0.01056EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday42 views

Agentejo Cockpit 0.10.2 - Cross-Site Scripting

Agentejo Cockpit 0.10.2 contains a reflected cross-site scripting vulnerability due to insufficient sanitization of the to parameter in the /auth/login route, which allows for injection of arbitrary JavaScript code into a web page's content. id: CVE-2020-14408 info: name: Agentejo Cockpit 0.10.2 ...

6.1CVSS6.5AI score0.03003EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday103 views

Wing FTP 6.4.4 - Cross-Site Scripting

Wing FTP 6.4.4 is vulnerable to cross-site scripting via its web interface because an arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of sandboxed arbitrary HTML and JavaScript in the user's browser. id: CVE-2020-27735 info: name: Wing FTP...

6.1CVSS6.5AI score0.05626EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday78 views

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

5.4CVSS6.1AI score0.01331EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday55 views

Rukovoditel <= 2.7.2 - Cross-Site Scripting

A stored cross site scripting XSS vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. id: CVE-2020-35987 info: name: Rukovoditel = 2.7.2 - Cross-Site...

5.4CVSS6.1AI score0.01109EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday34 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/account-owner.php Owner name field. id: CVE-2018-19749 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 contains a cross-site scripting...

4.8CVSS6.3AI score0.03316EPSS
Exploits6References5
Nuclei
Nuclei
added yesterday73 views

BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting

BIBLIOsoft BIBLIOpac 2008 contains a cross-site scripting vulnerability via the db or action parameter to bin/wxis.exe/bibliopac/, which allows a remote attacker to inject arbitrary web script or HTML. id: CVE-2018-16139 info: name: BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting author:...

6.1CVSS6.5AI score0.02285EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday103 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/dns.php Profile Name or notes field. id: CVE-2018-19914 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 contains a cross-site scripting...

4.8CVSS6.3AI score0.03316EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday52 views

FineCMS <=5.0.10 - Cross-Site Scripting

FineCMS through 5.0.10 contains a cross-site scripting vulnerability in controllers/api.php via the function parameter in a c=api&m=data2 request. id: CVE-2017-11629 info: name: FineCMS =5.0.11 which includes a fix for this vulnerability. reference: -...

6.1CVSS6.4AI score0.01937EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday70 views

Reprise License Manager 14.2 - Cross-Site Scripting

Reprise License Manager 14.2 contains a cross-site scripting vulnerability in the /goform/activateprocess "count" parameter via GET. id: CVE-2021-45422 info: name: Reprise License Manager 14.2 - Cross-Site Scripting author: edoardottt severity: medium description: | Reprise License Manager 14.2...

6.1CVSS6.4AI score0.03241EPSS
Exploits3References5
NVD
NVD
added yesterday8 views

CVE-2026-44767

setThemeRoot failed to enforce the sap-allowed-theme-origins allowlist. An attacker-controlled absolute cross-origin URL could be stored and used directly to construct a element, even when no tag was present in the document. The same bypass was reachable via the ?sap-themeRoot URL...

6.1CVSS0.00181EPSS
Exploits0References2
Nuclei
Nuclei
added 2 days ago40 views

Dolibarr <7.0.2 - Cross-Site Scripting

Dolibarr before 7.0.2 is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php. id: CVE-2018-10095 info: name: Dolibarr 7.0.2 - Cross-Site Scripting author: pikpikcu severity: medium...

6.1CVSS6.8AI score0.86988EPSS
Exploits1References5
Nuclei
Nuclei
added 2026/07/07 4:50 p.m.37 views

Zoho manageengine - Cross-Site Scripting

Zoho manageengine is vulnerable to reflected cross-site scripting. This impacts Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 via the...

6.1CVSS6.1AI score0.98463EPSS
Exploits3References4
RedhatCVE
RedhatCVE
added 2026/07/03 7:7 a.m.9 views

CVE-2026-58038

A flaw was found in the Wikimedia Foundation Timeline component. This cross-site scripting XSS vulnerability allows a remote attacker to inject malicious scripts into web pages. Successful exploitation could lead to significant impacts such as information disclosure, session hijacking, or...

6.1CVSS5.7AI score0.00169EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/07/01 3:46 p.m.8 views

CVE-2026-58031

A flaw was found in Wikimedia Foundation MediaWiki. This vulnerability, categorized as an Improper Neutralization of Input During Web Page Generation Cross-site Scripting or XSS, allows a remote attacker to inject malicious scripts into web pages. When a user views an affected page, the attacker'...

5.4CVSS5.7AI score0.00133EPSS
Exploits0References4
Rows per page
Query Builder