CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8200 matches found

Github Security Blog•added 2024/02/01 8:51 p.m.•23 views

Statmic CMS vulnerable to account takeover via XSS and password reset link

Impact HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects: - front-end forms with asset fields without any mime type validation - asset fields in the control panel - asset browser in the control panel Additionally, if the XSS is crafted in a specific...

8.2CVSS6.8AI score0.00734EPSS

Exploits1References5Affected Software1

Cvelist•added 2024/02/01 4:42 p.m.•28 views

CVE-2024-24570 Statamic account takeover via XSS and password reset link

Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the control panel...

8.2CVSS8.4AI score0.00734EPSS

Exploits1References3

OSV•added 2024/02/01 12:15 p.m.•4 views

CVE-2023-51509

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metagauss RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Reflected XSS.This issue affects RegistrationMagic – Custom Registration Forms, User...

6.1CVSS5.8AI score0.00351EPSS

Exploits0References1

Prion•added 2024/02/01 12:15 p.m.•18 views

Cross site scripting

5.8CVSS7.2AI score0.00351EPSS

Exploits0References1Affected Software1

NVD•added 2024/02/01 11:15 a.m.•15 views

CVE-2023-51695

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPEverest Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease! allows Stored XSS.This issue affects Everest Forms – Build Contact Forms, Surveys, Polls,...

5.9CVSS5.7AI score0.00336EPSS

Exploits0References1

OSV•added 2024/02/01 11:15 a.m.•20 views

CVE-2023-51695

4.8CVSS6.7AI score

Exploits0References1

OSV•added 2024/02/01 11:15 a.m.•4 views

CVE-2023-51536

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CRM Perks CRM Perks Forms – WordPress Form Builder allows Stored XSS.This issue affects CRM Perks Forms – WordPress Form Builder: from n/a through 1.1.2...

4.8CVSS7.3AI score0.00336EPSS

Exploits0References1

NVD•added 2024/02/01 11:15 a.m.•12 views

CVE-2023-51536

5.9CVSS5.7AI score0.00336EPSS

Exploits0References1

Prion•added 2024/02/01 11:15 a.m.•14 views

Cross site scripting

4.3CVSS7AI score0.00336EPSS

Exploits0References1Affected Software1

Cvelist•added 2024/02/01 11:7 a.m.•17 views

CVE-2023-51695 WordPress Everest Forms Plugin <= 2.0.4.1 is vulnerable to Cross Site Scripting (XSS)

5.9CVSS5.9AI score0.00336EPSS

Exploits0References1

CVE•added 2024/02/01 11:7 a.m.•40 views

CVE-2023-51695

The CVE-2023-51695 entry concerns the WordPress plugin Everest Forms (Build Contact Forms, Surveys, Polls, Application Forms, and related functionality). A stored Cross-Site Scripting (XSS) vulnerability exists due to improper neutralization of input during web page generation, affecting Everest ...

5.9CVSS6.5AI score0.00336EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2024/02/01 11:7 a.m.•15 views

CVE-2023-51695 WordPress Everest Forms Plugin <= 2.0.4.1 is vulnerable to Cross Site Scripting (XSS)

5.9CVSS6.7AI score0.00336EPSS

Exploits0References1

Cvelist•added 2024/02/01 10:25 a.m.•23 views

CVE-2023-51536 WordPress CRM Perks Forms Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)

5.9CVSS5.9AI score0.00336EPSS

Exploits0References1

Vulnrichment•added 2024/02/01 10:25 a.m.•15 views

CVE-2023-51536 WordPress CRM Perks Forms Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)

5.9CVSS6.7AI score0.00336EPSS

Exploits0References1

NVD•added 2024/02/01 10:15 a.m.•29 views

CVE-2023-52192

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Keap Keap Official Opt-in Forms allows Stored XSS.This issue affects Keap Official Opt-in Forms: from n/a through 1.0.11...

6.5CVSS6.4AI score0.00322EPSS

Exploits0References1

OSV•added 2024/02/01 10:15 a.m.•4 views

CVE-2023-52192

5.4CVSS7.3AI score0.00322EPSS

Exploits0References1

Prion•added 2024/02/01 10:15 a.m.•18 views

Cross site scripting

4.9CVSS6.9AI score0.00322EPSS

Exploits0References1Affected Software1

Cvelist•added 2024/02/01 9:52 a.m.•37 views

CVE-2023-52192 WordPress Keap Official Opt-in Forms Plugin <= 1.0.11 is vulnerable to Cross Site Scripting (XSS)

6.5CVSS6.6AI score0.00322EPSS

Exploits0References1

CVE•added 2024/02/01 9:52 a.m.•44 views

CVE-2023-52192

CVE-2023-52192: Keap Official Opt-in Forms for WordPress is vulnerable to Stored Cross-Site Scripting due to improper input neutralization. Affected are Keap Official Opt-in Forms up to version 1.0.11 (and related notes indicate the issue may persist in older builds). The vulnerability stems from...

6.5CVSS6.7AI score0.00322EPSS

Exploits0References1Affected Software1

Cvelist•added 2024/02/01 4:31 a.m.•23 views

CVE-2024-1130 NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.5.6 - Missing Authorization via set_read()

The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the setread function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with...

5.3CVSS5.3AI score0.00598EPSS

Exploits0References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by