CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

176 matches found

Packet Storm News•added 2026/02/02 12:0 a.m.•2 views

The Bug Genie 3.2.7.1 Cross Site Scripting

A cross site scripting vulnerability exists in The Bug Genie version 3.2.7.1. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

5.2AI score

Exploits0

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2011-2915

Malware in sbrugna...

4.3CVSS6.1AI score0.00296EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2006-7131

Malware in sbrugna...

4.3CVSS6.4AI score0.00547EPSS

Exploits1References6

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2009-4425

Malware in sbrugna...

4.3CVSS6.4AI score0.02149EPSS

Exploits3References8

Vulnrichment•added 2024/10/04 12:0 a.m.•8 views

CVE-2024-41513

A reflected cross-site scripting XSS vulnerability in "Artikel.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "searchindex" parameter...

5.7AI score0.00329EPSS

Exploits1References3

Cvelist•added 2024/10/04 12:0 a.m.•7 views

CVE-2024-41516

A Reflected cross-site scripting XSS vulnerability in "ccHandler.aspx" CADClick = 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "bomid" parameter...

0.00329EPSS

Exploits1References3

NVD•added 2024/08/13 5:15 p.m.•9 views

CVE-2024-41613

A Cross Site Scripting XSS vulnerability in Symphony CMS 2.7.10 allows remote attackers to inject arbitrary web script or HTML by editing note...

6.1CVSS0.00067EPSS

Exploits1References1

Cvelist•added 2024/03/21 12:0 a.m.•13 views

CVE-2023-48903

Stored Cross-Site Scripting XSS vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php...

5.5AI score0.00186EPSS

Exploits3References1

NVD•added 2023/11/01 12:15 a.m.•12 views

CVE-2023-47094

A Stored Cross-Site Scripting XSS vulnerability in the Account Plans tab of System Settings in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Plan name field while editing Account plan details...

5.4CVSS5.2AI score0.00128EPSS

Exploits1References1

NVD•added 2023/04/27 11:15 p.m.•9 views

CVE-2023-29150

mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands...

8.8CVSS8.7AI score0.00438EPSS

Exploits0References1

Fortinet•added 2023/02/16 12:0 a.m.•59 views

Protect

An improper neutralization of CRLF sequences in HTTP headers 'HTTP Response Splitting' vulnerability CWE-113 in FortiOS and FortiProxy may allow an authenticated and remote attacker to inject arbitrary headers...

5.5CVSS5.6AI score0.00226EPSS

Exploits0Affected Software2

CNVD•added 2022/06/13 12:0 a.m.•16 views

Prison Management System Cross-Site Scripting Vulnerability

Prison Management System is a prison management system from Carlo Montero's personal developer. version 1.0 of Prison Management System contains a cross-site scripting vulnerability that could be exploited to inject arbitrary html and script code into a website...

4.8CVSS1.1AI score0.00235EPSS

Exploits0References1

Github Security Blog•added 2022/05/17 4:46 a.m.•11 views

Review Board Cross-site scripting (XSS) vulnerability in the reviews dropdown

Cross-site scripting XSS vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name...

4.3CVSS5.6AI score0.00407EPSS

Exploits1References9Affected Software1

ATTACKERKB•added 2022/04/18 12:0 a.m.•43 views

CVE-2022-28810

Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with...

7.1CVSS3.7AI score0.90376EPSS

In wildExploits4References6

NVD•added 2021/11/30 2:15 p.m.•8 views

CVE-2021-25987

Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body” and “tags” don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code...

5CVSS0.00091EPSS

Exploits0References2

NVD•added 2021/10/01 4:15 p.m.•8 views

CVE-2021-41465

Cross-site scripting XSS vulnerability in concrete/elements/collectiontheme.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter...

6.1CVSS0.00283EPSS

Exploits1References2

UbuntuCve•added 2021/10/01 4:15 p.m.•14 views

CVE-2021-40972

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter...

6.1CVSS6.4AI score0.01286EPSS

Exploits1References3

NVD•added 2021/07/01 3:15 p.m.•17 views

CVE-2021-28424

A stored cross-site scripting XSS vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php...

5.4CVSS0.00557EPSS

Exploits1References4

GitLab Advisory Database•added 2021/06/29 12:0 a.m.•23 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting XSS vulnerability in models/issue.go in Gogs aka Go Git Service 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown...

4.3CVSS5.5AI score0.00305EPSS

Exploits3References4Affected Software1

Prion•added 2020/11/18 10:15 p.m.•10 views

Cross site scripting

SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting XSS in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML...

3.5CVSS5AI score0.0015EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by