CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

36 matches found

ATTACKERKB•added 2026/04/27 12:0 a.m.•1 views

CVE-2026-29971

A reflected cross-site scripting XSS vulnerability exists in WebFileSys version before 2.32.0 and fixed in v.2.32.0. User-controlled input is reflected into HTML and JavaScript contexts without proper output encoding, allowing arbitrary JavaScript execution in the victim's browser via the ftpBack...

6.1CVSS5.3AI score0.00025EPSS

Exploits3References3

GithubExploit•added 2026/03/16 6:38 a.m.•102 views

Lab-Reflected-XSS-into-HTML-context-with-nothing-encoded

Lab: Reflected XSS in HTML context without encoding Dif...

6.1AI score

Exploits0

Cvelist•added 2025/07/16 1:42 p.m.•100 views

CVE-2025-53892 Intlify Vue I18n's escapeParameterHtml does not prevent DOM-based XSS via tag attributes like onerror

Vue I18n is the internationalization plugin for Vue.js. The escapeParameterHtml: true option in Vue I18n is designed to protect against HTML/script injection by escaping interpolated parameters. However, starting in version 9.0.0 and prior to versions 9.14.5, 10.0.8, and 11.1.0, this setting fail...

5.3CVSS0.00537EPSS

Exploits0References8

OSV•added 2025/02/05 8:56 p.m.•4 views

GHSA-CXQQ-W3X5-7PH3 MobSF Stored Cross-Site Scripting (XSS)

Product: MobSF Version: CFBundleIdentifier value. In the dynamicanalysis.html file you do not sanitize...

8.6CVSS4.6AI score0.00514EPSS

Exploits1References6

OSV•added 2022/06/17 9:46 p.m.•24 views

GHSA-GVXV-P9RV-GMCG brotkrueml/typo3-matomo-integration vulnerable to Cross-Site Scripting

The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability...

6.1CVSS6.1AI score0.00526EPSS

Exploits0References4

Github Security Blog•added 2022/06/17 9:46 p.m.•30 views

brotkrueml/typo3-matomo-integration vulnerable to Cross-Site Scripting

The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability...

6.1CVSS6.1AI score0.00526EPSS

Exploits0References4Affected Software1

Github Security Blog•added 2021/11/15 5:39 p.m.•19 views

Cross-site Scripting in pegasus/google-for-jobs

An XSS issue was discovered in the googleforjobs aka Google for Jobs extension before 1.5.1 and 2.x before 2.1.1 for TYPO3. The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability...

5.4CVSS1AI score0.00206EPSS

Exploits0References3Affected Software1

OSV•added 2021/11/10 3:15 p.m.•12 views

CVE-2021-43561

5.4CVSS5.8AI score

Exploits0References1

NVD•added 2021/11/10 3:15 p.m.•10 views

CVE-2021-43561

5.4CVSS0.00206EPSS

Exploits0References1

Prion•added 2021/11/10 3:15 p.m.•15 views

Cross site scripting

3.5CVSS5.1AI score0.00206EPSS

Exploits0References1Affected Software1

Cvelist•added 2021/11/10 2:59 p.m.•10 views

CVE-2021-43561

5.3AI score0.00206EPSS

Exploits0References1

Typo3•added 2021/11/10 12:0 a.m.•22 views

Cross-Site Scripting in extension "Google for Jobs" (google_for_jobs)

The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability...

3.5CVSS5.5AI score0.00206EPSS

Exploits0Affected Software1

Github Security Blog•added 2021/09/01 6:36 p.m.•21 views

Cross-site Scripting in the yoast_seo TYPO3 extension

The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability...

5.4CVSS5.5AI score0.00308EPSS

Exploits0References4Affected Software1

OSV•added 2021/09/01 6:36 p.m.•17 views

GHSA-28W5-J8XJ-2XWC Cross-site Scripting in the yoast_seo TYPO3 extension

The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability...

5.4CVSS5.3AI score0.00308EPSS

Exploits0References4

Typo3•added 2021/08/10 12:0 a.m.•44 views

Cross Site Scripting in Extension "Yoast SEO for TYPO3" (yoast_seo)

The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability...

3.5CVSS0.9AI score0.00308EPSS

Exploits0Affected Software1

Typo3•added 2021/08/10 12:0 a.m.•45 views

Multiple vulnerabilities in Extension "Dated News" (dated_news)

The extension fails to properly encode user input for output in HTML context CVE-2021-36790 and contains a blind SQL injection vulnerability CVE-2021-36789. It is also possible to confirm various applications CVE-2021-36792 and thereby obtain all application registration data CVE-2021-36791...

7.5CVSS7.1AI score0.00384EPSS

Exploits0Affected Software1

Typo3•added 2021/04/27 12:0 a.m.•46 views

Cross-Site Scripting in extension "Bootstrap Package" (bootstrap_package)

The extension fails to properly encode user input for output in HTML context. The following templates are affected by the vulnerability:...

3.5CVSS1.1AI score0.00342EPSS

Exploits1Affected Software1

Typo3•added 2021/04/27 12:0 a.m.•39 views

Cross-Site Scripting in extension "2 Clicks for External Media" (media2click)

The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability...

3.5CVSS1.3AI score0.00206EPSS

Exploits0Affected Software1

Typo3•added 2020/07/07 12:0 a.m.•23 views

Multiple vulnerabilities in extension "mm_forum" (mm_forum)

The extension fails to properly encode user input for output in HTML context. Also the extension fails to implement a CSRF protection for update profile plugin...

5.8CVSS5.6AI score0.00113EPSS

Exploits0Affected Software1

Typo3•added 2020/07/07 12:0 a.m.•27 views

Cross-Site Scripting in extension "Faceted Search" (ke_search)

The extension fails to properly encode user input for output in HTML context. The issue is only exploitable by backend users with access to indexer- and filter-configurations...

3.5CVSS2AI score0.00206EPSS

Exploits0Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by