CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/02/01 12:15 p.m.•32 views

CVE-2021-47885 Payment Terminal Multiple Versions Non-Persistent Cross-Site Scripting

6.4CVSS0.00251EPSS

Vulnrichment•added 2026/02/01 12:15 p.m.•2 views

CVE-2021-47885 Payment Terminal Multiple Versions Non-Persistent Cross-Site Scripting

6.4CVSS5.2AI score0.00251EPSS

Positive Technologies•added 2026/02/01 12:0 a.m.•6 views

PT-2026-5556

Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabilities in the index module's input fields. Attackers can inject malicious scripts through fullname, username, and email parameters to execute client-side attacks and manipulate browser requests...

5.4CVSS5.9AI score0.00171EPSS

CNNVD•added 2026/02/01 12:0 a.m.•6 views

CriticalGears多款产品跨站脚本漏洞

CriticalGears Stripe Payment Terminal, among others, are payment software products developed by the American company CriticalGears. Multiple products of CriticalGears have cross-site scripting vulnerabilities. These vulnerabilities stem from non-persistent cross-site scripts in fields for enterin...

6.4CVSS5.7AI score0.00251EPSS

CNNVD•added 2026/02/01 12:0 a.m.•6 views

Affiliate Pro 跨站脚本漏洞

Affiliate Pro is an alliance management system developed by JD Web Designer individuals. Version 1.7 of Affiliate Pro contains a cross-site scripting vulnerability. This vulnerability stems from multiple reflective cross-site scripting vulnerabilities in the input fields of the indexing module,...

5.4CVSS5.6AI score0.00171EPSS

Positive Technologies•added 2026/02/01 12:0 a.m.•7 views

PT-2026-5568

BootCommerce 3.2.1 contains persistent input validation vulnerabilities that allow remote attackers to inject malicious script code through guest order checkout input fields. Attackers can exploit unvalidated input parameters to execute arbitrary scripts, potentially leading to session hijacking,...

6.4CVSS6.2AI score0.00301EPSS

Positive Technologies•added 2026/02/01 12:0 a.m.•5 views

PT-2026-5553

6.4CVSS5.9AI score0.00251EPSS

Exploits0References6

Positive Technologies•added 2026/02/01 12:0 a.m.•7 views

PT-2026-5566

Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site scripting vulnerability allowing remote attackers to inject malicious scripts in button label fields. Attackers can exploit input parameters to execute arbitrary scripts, potentially leading to session hijacking and...

6.4CVSS6.1AI score0.00391EPSS

NVD•added 2026/01/30 5:16 p.m.•6 views

CVE-2020-36998

Forma.lms The E-Learning Suite 2.3.0.2 contains a persistent cross-site scripting vulnerability in multiple course and profile parameters. Attackers can inject malicious scripts in course code, name, description fields, and email parameter to execute arbitrary JavaScript without proper input...

6.4CVSS0.00252EPSS

EUVD•added 2026/01/30 4:16 p.m.•4 views

EUVD-2020-30961

Sellacious eCommerce 4.6 contains a persistent cross-site scripting vulnerability in the Manage Your Addresses module that allows attackers to inject malicious scripts. Attackers can exploit multiple address input fields like full name, company, and address to execute persistent script code that...

Cvelist•added 2026/01/30 4:16 p.m.•29 views

CVE-2020-37003 Sellacious eCommerce 4.6 - Persistent Cross-Site Scripting

6.4CVSS0.00252EPSS

ATTACKERKB•added 2026/01/30 4:16 p.m.•6 views

CVE-2020-37003

Cvelist•added 2026/01/30 4:16 p.m.•32 views

CVE-2020-36998 forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site Scripting

6.4CVSS0.00252EPSS

EUVD•added 2026/01/30 4:16 p.m.•5 views

EUVD-2020-30962

Patchstack•added 2026/01/30 5:6 a.m.•7 views

WordPress Paid Memberships Pro plugin < 2.12.9 - Contributor+ Arbitrary User Custom Field Disclosure vulnerability

Contributor+ Arbitrary User Custom Field Disclosure vulnerability discovered by Scott Kingsley Clark in WordPress Plugin Paid Memberships Pro versions 2.12.9...

4.3CVSS5.9AI score0.00548EPSS

Exploits2References1Affected Software1

Positive Technologies•added 2026/01/30 12:0 a.m.•8 views

PT-2026-5413

CNNVD•added 2026/01/30 12:0 a.m.•4 views

NetPCLinker security vulnerabilities

NetPCLinker is a network communication and remote connection tool developed by Sukrut V.N. A security vulnerability exists in the NetPCLinker 1.0.0.0 version, which stems from a buffer overflow in the DNS/IP fields of the Clients Control Panel. This vulnerability could allow arbitrary shellcode t...

9.8CVSS6.2AI score0.00439EPSS

Exploits0References3

CNNVD•added 2026/01/30 12:0 a.m.•4 views

forma.lms cross-site scripting vulnerability

forma.lms is an open-source, web-based online learning platform developed by individual developers. Version 2.3.0.2 of forma.lms contains a cross-site scripting vulnerability. This vulnerability arises from improper cleaning of inputs for course code, name, description fields, and email parameter...

6.4CVSS5.6AI score0.00252EPSS

Positive Technologies•added 2026/01/30 12:0 a.m.•4 views

PT-2026-5414