CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

42 matches found

CNNVD•added 2025/12/24 12:0 a.m.•2 views

ONLYOFFICE Docs 跨站脚本漏洞

ONLYOFFICE Docs is an online office software from ONLYOFFICE, Inc. A cross-site scripting vulnerability exists in ONLYOFFICE Docs versions prior to 9.2.1, which stems from cross-site scripting in the textarea of the comment edit form...

6.4CVSS6AI score0.00032EPSS

Exploits0References2

RedhatCVE•added 2025/12/12 10:17 p.m.•1 views

CVE-2024-58304

SPA-CART CMS 1.9.0.3 contains a stored cross-site scripting vulnerability in the product description parameter that allows authenticated administrators to inject malicious scripts. Attackers can submit JavaScript payloads through the 'descr' parameter in the product edit form to execute arbitrary...

7.5CVSS6.6AI score0.00017EPSS

Exploits0References1

EUVD•added 2025/12/12 12:30 a.m.•1 views

EUVD-2024-55328

7.5CVSS6.1AI score0.00017EPSS

Exploits0References4

NVD•added 2025/12/11 10:15 p.m.•2 views

CVE-2024-58304

7.5CVSS0.00017EPSS

Exploits0References2

Positive Technologies•added 2025/12/11 12:0 a.m.•2 views

PT-2025-50757

Name of the Vulnerable Software and Affected Versions SPA-CART CMS version 1.9.0.3 Description The software contains a stored cross-site scripting issue in the product description parameter. Authenticated administrators can inject malicious scripts. Attackers can submit JavaScript payloads throug...

5.3CVSS6.8AI score0.00017EPSS

Exploits0References5

Cvelist•added 2025/10/13 12:2 a.m.•4 views

CVE-2025-11652 UTT 进取 518G formTaskEdit_ap buffer overflow

A vulnerability was found in UTT 进取 518G up to V3v3.2.7-210919-161313. This issue affects some unknown processing of the file /goform/formTaskEditap. The manipulation of the argument txtMin2 results in buffer overflow. The attack may be performed from remote. The exploit has been made public and...

9CVSS0.00337EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2019-8023

Malware in sbrugna...

5.4CVSS5.6AI score0.00573EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2009-1070

Malware in sbrugna...

4.3CVSS6.3AI score0.00404EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2014-8215

Malware in sbrugna...

3.5CVSS6.4AI score0.00232EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2013-2198

Malware in sbrugna...

7.5CVSS6.4AI score0.00443EPSS

Exploits0References5

Tenable Nessus•added 2025/09/10 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2024-48706

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Collabtive 3.1 is vulnerable to Cross-site scripting XSS via the title parameter with action=add or action=editform within the a managemessage.php file and b...

5.4CVSS5.4AI score0.00219EPSS

Exploits1References2

Snyk•added 2025/08/19 6:31 p.m.•1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the propertyDisplayType parameter in edit-form-body. An authenticated attacker can execute arbitrary JavaScript code in the context of the user's browser by crafting a malicious request and tricking a user...

5.4CVSS5.3AI score0.00044EPSS

Exploits0References2

Vulnrichment•added 2024/10/30 12:0 a.m.•12 views

CVE-2024-48569

Proactive Risk Manager version 9.1.1.0 is affected by multiple Cross-Site Scripting XSS vulnerabilities in the add/edit form fields, at the urls starting with the subpaths: /ar/config/configuation/ and /ar/config/risk-strategy-control/...

6.3AI score0.03098EPSS

Exploits0References2

OSV•added 2024/10/22 5:15 p.m.•2 views

CVE-2024-48706

Collabtive 3.1 is vulnerable to Cross-site scripting XSS via the title parameter with action=add or action=editform within the a managemessage.php file and b managetask.php file respectively...

5.4CVSS5.8AI score0.00219EPSS

Exploits1References1

Snyk•added 2024/09/18 10:5 p.m.•1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the edit form HTML field. An attacker can inject malicious scripts that could be executed in the context of the user's session. Details Cross-site scripting or XSS is a code vulnerability that occurs when an...

6.1CVSS5.3AI score0.00186EPSS

Exploits0References2

Snyk•added 2024/09/18 10:5 p.m.•1 views

Cross-site Scripting (XSS)

6.1CVSS5.3AI score0.00186EPSS

Exploits0References2

OSV•added 2024/05/27 10:28 p.m.•9 views

GHSA-XPFF-C35G-J3CR silverstripe/framework Privilege Escalation Risk in Member Edit form

A member with the permission EDITPERMISSIONS and access to the "Security" section is able to re-assign themselves or another member to ADMIN level. CMS Fields for the member are constructed using DirectGroups instead of Groups relation which results in bypassing security logic preventing privileg...

6.5CVSS7.2AI score

Exploits0References5

RedHat Linux•added 2023/09/18 6:16 p.m.•40 views

Moderate: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.4 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.5CVSS6.8AI score0.00406EPSS

Exploits0References2

ATTACKERKB•added 2023/06/25 10:15 p.m.•0 views

CVE-2023-36666

INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page-header-preamble.foil.php, edit-form.foil.php, page-header-preamble.foil.php, overview.foil.php, cust.foil.php, and view.foil.php may be affected...

6.1CVSS6.3AI score0.00149EPSS

Exploits0References3