CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4 matches found

CVE-2026-45011

ApostropheCMS is an open-source Node.js content management system. Version 4.29.0 has a stored cross-site scripting vulnerability in the image widget functionality. A user with the Editor role can configure an image widget link to use a javascript: URL payload. Because editors have permission to...

7.3CVSS0.00031EPSS

Exploits0References2

RedhatCVE•added 2026/05/12 2:21 p.m.•5 views

CVE-2026-42643

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in StellarWP Image Widget image-widget allows Stored XSS.This issue affects Image Widget: from n/a through = 4.4.11...

5.9CVSS5.8AI score0.00036EPSS

Exploits0References1

Positive Technologies•added 2026/04/29 12:0 a.m.•1 views

PT-2026-35902

5.9CVSS5.2AI score0.00036EPSS

Exploits0References1

Patchstack•added 2024/04/10 12:7 p.m.•3 views

WordPress Ultimate Bootstrap Elements for Elementor plugin <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Image Widget vulnerability discovered by Francesco Carlucci in WordPress Plugin Ultimate Bootstrap Elements for Elementor versions = 1.4.0...

6.4CVSS5.8AI score0.00082EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by