CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

28 matches found

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-50512

Malicious code in bioql PyPI...

6.1CVSS5.6AI score0.00129EPSS

Exploits0References3

RedhatCVE•added 2025/05/23 4:34 a.m.•3 views

CVE-2023-46287

XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php...

6.1CVSS5.9AI score0.00129EPSS

Exploits0

RedhatCVE•added 2025/05/22 4:9 p.m.•6 views

CVE-2020-24136

Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php...

8.6CVSS6.8AI score0.01276EPSS

Exploits1

Veracode•added 2025/01/10 2:53 a.m.•6 views

Cross-Site Scripting (XSS)

phpoffice/phpspreadsheet is vulnerable to cross-site scripting XSS. The vulnerability is due to the lack of sanitization of the hyperlink base in the HTML page header within the file Html.php, allows an attacker to inject malicious scripts into the generated HTML pages...

5.4CVSS5.8AI score0.00905EPSS

Exploits1References4Affected Software2

Veracode•added 2024/05/20 2:38 a.m.•16 views

Cross-Site Scripting

Cacti is vulnerable to Cross-site scripting. The vulnerability is due to insufficient data validation in the formsave function in dataqueries.php, which is used to concatenate the HTML statement in the growrightpanetree function from html.php...

5.7CVSS6.6AI score0.00493EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2024/05/13 3:3 p.m.•28 views

CVE-2024-31444 Cacti XSS vulnerability in lib/html.php by reading dirty data stored in database

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in automationtreerulesformsave function in automationtreerules.php is not thoroughly checked and is used to concatenate the HTML statement in formconfirm function from...

4.6CVSS6.1AI score0.09401EPSS

Exploits1References2

Cvelist•added 2024/05/13 3:3 p.m.•21 views

CVE-2024-31444 Cacti XSS vulnerability in lib/html.php by reading dirty data stored in database

4.6CVSS5.1AI score0.09401EPSS

Exploits1References2

Vulnrichment•added 2024/05/13 3:1 p.m.•20 views

CVE-2024-31443 Cacti XSS vulnerability in lib/html_tree.php by reading dirty data stored in database

Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in formsave function in dataqueries.php is not thoroughly checked and is used to concatenate the HTML statement in growrightpanetree function from lib/html.php , finally resulting in...

5.7CVSS6AI score0.00493EPSS

Exploits1References3

NVD•added 2023/10/20 2:15 p.m.•12 views

CVE-2023-46287

XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php...

6.1CVSS6AI score0.00129EPSS

Exploits0References4

OSV•added 2023/10/20 2:15 p.m.•1 views

DEBIAN-CVE-2023-46287

XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php...

6.1CVSS5.5AI score0.00129EPSS

Exploits0References1

UbuntuCve•added 2023/10/20 12:0 a.m.•14 views

CVE-2023-46287

XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php...

6.1CVSS6.2AI score0.00129EPSS

Exploits0References4

Cvelist•added 2023/10/20 12:0 a.m.•14 views

CVE-2023-46287

XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php...

6.1AI score0.00129EPSS

Exploits0References3

CVE•added 2023/10/20 12:0 a.m.•55 views

CVE-2023-46287

CVE-2023-46287 describes a Cross-Site Scripting (XSS) vulnerability in NagVis, occurring in versions before 1.9.38 due to the select function in share/server/core/functions/html.php. The issue affects NagVis installations where user-supplied input reaches that function, enabling XSS. Documented i...

6.1CVSS5.9AI score0.00129EPSS

Exploits0References4Affected Software1

OSV•added 2021/04/07 4:15 p.m.•8 views

CVE-2020-24140

Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and execute command on local services...

8.3CVSS7AI score0.00245EPSS

Exploits1References2

Prion•added 2021/04/07 3:15 p.m.•14 views

Directory traversal

Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php...

7.8CVSS8.4AI score0.01276EPSS

Exploits1References2Affected Software1

Cvelist•added 2021/04/07 2:57 p.m.•12 views

CVE-2020-24138

Cross Site Scripting XSS vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php...

6AI score0.00283EPSS

Exploits1References2

CVE•added 2021/04/07 2:57 p.m.•39 views

CVE-2020-24138

CVE-2020-24138 is a Cross Site Scripting (XSS) vulnerability in WCMS 0.3.2. The issue allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php. Connected sources (Red Hat, CNVD, NVD, OSV) all describe the same flaw in WCMS 0.3.2. No concrete explo...

6.1CVSS5.9AI score0.00283EPSS

Exploits1References2Affected Software1

NVD•added 2020/03/12 2:15 p.m.•10 views

CVE-2020-10413

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/import-html.php by adding a question mark ? followed by the payload...

4.8CVSS5AI score0.00321EPSS

Exploits1References2

Prion•added 2020/03/12 2:15 p.m.•13 views

Cross site scripting

3.5CVSS4.9AI score0.00321EPSS

Exploits1References2Affected Software1

Cvelist•added 2020/03/12 1:4 p.m.•17 views

CVE-2020-10413

5AI score0.00321EPSS

Exploits1References2

Rows per page