CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

CVE•added 2026/02/15 1:58 p.m.•10 views

CVE-2019-25370

OPNsense 19.1 is affected by a reflected XSS in interfaces_vlan_edit.php. The vulnerability arises from accepting crafted input in multiple parameters (tag, descr, vlanif) via POST, enabling attackers to inject and execute arbitrary JavaScript in users’ browsers. The CVE entry confirms the affect...

6.1CVSS5.5AI score0.00048EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2026/02/15 12:0 a.m.•5 views

PT-2026-8242

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POST requests to interfaces vlan edit.php with script payloads in the tag, descr, or vlanif parameter...

6.1CVSS5.5AI score0.00048EPSS

Exploits1References5

CVE•added 2025/12/11 9:40 p.m.•8 views

CVE-2024-58304

CVE-2024-58304 – SPA-CART CMS 1.9.0.3 is affected by a stored cross-site scripting vulnerability in the product description parameter. The issue allows authenticated administrators to inject JavaScript via the descr field in the product edit form, causing arbitrary code execution in the web brows...

7.5CVSS6.2AI score0.00017EPSS

Exploits0References2

Snyk•added 2025/01/16 5:32 p.m.•3 views

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the generateoverlibcontent function, which is accessible through the descr parameter at t...

5.4CVSS5.3AI score0.00249EPSS

Exploits1References2

Snyk•added 2024/11/15 3:43 p.m.•1 views

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the descr parameter in EditPortsController.php. A user with permission to edit port...

5.4CVSS5.3AI score0.00861EPSS

Exploits1References2

Exploit DB•added 2024/03/25 12:0 a.m.•298 views

SPA-CART CMS - Stored XSS

Exploit Title: SPA-CART CMS - Stored XSS Date: 2024-01-03 Exploit Author: Eren Sen Vendor: SPA-Cart Vendor Homepage: https://spa-cart.com/ Software Link: https://demo.spa-cart.com/ Version: 1.9.0.3 CVE-ID: N/A Tested on: Kali Linux / Windows 10 Vulnerabilities Discovered Date : 2024/01/03...

7.4AI score

Exploits0

CNNVD•added 2021/12/16 12:0 a.m.•1 views

Delta Electronics DIAEnergie 跨站脚本漏洞

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.A cross-site...

6.5CVSS5.6AI score0.00389EPSS

Exploits0References3