CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1017 matches found

WordPress Stop User Enumeration <=1.3.7 - Cross-Site Scripting

WordPress Stop User Enumeration 1.3.7 and earlier are vulnerable to unauthenticated reflected cross-site scripting. id: CVE-2017-18536 info: name: WordPress Stop User Enumeration =1.3.7 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress Stop User Enumeration 1.3.7 an...

6.1CVSS5.8AI score0.0203EPSS

Exploits1References4

NVD•added 2026/05/06 5:16 p.m.•15 views

CVE-2026-20172

A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email ECE could allow an authenticated, remote attacker to conduct browser-based attacks. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Agent. This...

4.3CVSS0.00125EPSS

Exploits0References1

RedhatCVE•added 2026/03/27 2:25 p.m.•5 views

CVE-2021-27465

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications do not validate webpage input, which could allow an attacker to inject arbitrary HTML code into a webpage. This would allow an attacker to modify the page and display incorre...

6.1CVSS6.9AI score0.00642EPSS

Exploits0References1

CVE•added 2026/02/22 1:2 p.m.•13 views

CVE-2026-2946

CVE-2026-2946 affects rymcu forest up to version 0.0.5. The vulnerability is in the function XssUtils.replaceHtmlCode (src/main/java/com/rymcu/forest/util/XssUtils.java) of the Article Content/Comments/Portfolio component, enabling cross-site scripting. The issue enables remote exploitation and t...

5.4CVSS3.5AI score0.00217EPSS

Exploits1References4Affected Software1

NVD•added 2026/02/19 4:27 p.m.•26 views

CVE-2025-71240

SPIP before 4.2.15 allows Cross-Site Scripting XSS via crafted content in HTML code tags. The application does not properly verify JavaScript within code tags, allowing an attacker to inject malicious scripts that execute in a victim's browser...

5.4CVSS0.00183EPSS

Exploits0References3

UbuntuCve•added 2026/02/19 4:27 p.m.•4 views

CVE-2025-71240

5.4CVSS6AI score0.00183EPSS

Exploits0References4

Cvelist•added 2026/02/19 2:58 p.m.•23 views

CVE-2025-71240 SPIP < 4.2.15 Cross-Site Scripting via Code Tags

5.4CVSS0.00183EPSS

Exploits0References3

Vulnrichment•added 2026/02/19 2:58 p.m.•5 views

CVE-2025-71240 SPIP < 4.2.15 Cross-Site Scripting via Code Tags

5.4CVSS5.6AI score0.00183EPSS

Exploits0References3

RedhatCVE•added 2026/01/09 12:35 p.m.•8 views

CVE-2023-45540

An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page...

6.5CVSS7.5AI score0.00515EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 8:54 a.m.•20 views

CVE-2021-41252

Kirby is an open source file structured CMS Impact Kirby's writer field stores its formatted content as HTML code. Unlike with other field types, it is not possible to escape HTML special characters against cross-site scripting XSS attacks, otherwise the formatting would be lost. If the user is...

7.3CVSS5.5AI score0.00898EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:37 a.m.•7 views

CVE-2019-7349

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitorV4LCapturesPerFrame' parameter value in the view monitor monitor.php because proper filtration is omitted...

6.1CVSS6AI score0.00873EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:35 a.m.•8 views

CVE-2019-7173

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4...

4.8CVSS6.1AI score0.0061EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:34 a.m.•6 views

CVE-2019-7340

POST - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filterQueryterms0val' parameter value in the view filter filter.php because proper filtration is omitted...

6.1CVSS6AI score0.00873EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:33 a.m.•10 views

CVE-2019-7342

POST - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filterAutoExecuteCmd' parameter value in the view filter filter.php because proper filtration is omitted...

6.1CVSS6AI score0.00989EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:33 a.m.•19 views

CVE-2019-7171

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8...

4.8CVSS6.1AI score0.0061EPSS

Exploits1References1

RedhatCVE•added 2025/12/24 12:48 a.m.•11 views

CVE-2025-68614

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.12.0, the Alert Rule API is vulnerable to stored cross-site scripting. Alert rules can be created or updated via LibreNMS API. The alert rule name is not properly sanitized, and can be used to inject...

5.4CVSS6.3AI score0.03417EPSS

Exploits1References1