CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

124 matches found

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2009-4425

Malware in sbrugna...

4.3CVSS6.4AI score0.02149EPSS

Exploits3References8

Cvelist•added 2024/10/04 12:0 a.m.•7 views

CVE-2024-41516

A Reflected cross-site scripting XSS vulnerability in "ccHandler.aspx" CADClick = 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "bomid" parameter...

0.00329EPSS

Exploits1References3

Cvelist•added 2024/03/21 12:0 a.m.•14 views

CVE-2023-48903

Stored Cross-Site Scripting XSS vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php...

5.5AI score0.00186EPSS

Exploits3References1

NVD•added 2023/11/01 12:15 a.m.•12 views

CVE-2023-47094

A Stored Cross-Site Scripting XSS vulnerability in the Account Plans tab of System Settings in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Plan name field while editing Account plan details...

5.4CVSS5.2AI score0.00128EPSS

Exploits1References1

Github Security Blog•added 2022/05/17 4:46 a.m.•11 views

Review Board Cross-site scripting (XSS) vulnerability in the reviews dropdown

Cross-site scripting XSS vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name...

4.3CVSS5.6AI score0.00407EPSS

Exploits1References9Affected Software1

NVD•added 2021/10/01 4:15 p.m.•8 views

CVE-2021-41465

Cross-site scripting XSS vulnerability in concrete/elements/collectiontheme.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter...

6.1CVSS0.00283EPSS

Exploits1References2

UbuntuCve•added 2021/10/01 4:15 p.m.•14 views

CVE-2021-40972

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter...

6.1CVSS6.4AI score0.01286EPSS

Exploits1References3

NVD•added 2021/07/01 3:15 p.m.•17 views

CVE-2021-28424

A stored cross-site scripting XSS vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php...

5.4CVSS0.00557EPSS

Exploits1References4

GitLab Advisory Database•added 2021/06/29 12:0 a.m.•23 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting XSS vulnerability in models/issue.go in Gogs aka Go Git Service 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown...

4.3CVSS5.5AI score0.00305EPSS

Exploits3References4Affected Software1

Prion•added 2020/11/18 10:15 p.m.•10 views

Cross site scripting

SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting XSS in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML...

3.5CVSS5AI score0.0015EPSS

Exploits0References1Affected Software1

Prion•added 2020/08/14 2:15 p.m.•18 views

Cross site scripting

There is stored cross site scripting XSS in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $pagetitle in /lib/Galileo/files/templates/page/show.html.ep aka the PAGE TITLE Field...

4.3CVSS5.9AI score0.00528EPSS

Exploits0References4Affected Software1

OSV•added 2020/05/27 4:15 p.m.•17 views

CVE-2020-10946

Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5,...

6.1CVSS6AI score0.00088EPSS

Exploits1References1

NVD•added 2020/01/28 8:15 p.m.•12 views

CVE-2013-2714

Cross-site Scripting XSS in WordPress podPress Plugin 8.8.10.13 could allow remote attackers to inject arbitrary web script or html via the 'playerID' parameter...

6.1CVSS6AI score0.0049EPSS

Exploits1References1

Cvelist•added 2020/01/02 6:5 p.m.•13 views

CVE-2013-6242

Cross-site scripting XSS vulnerability in the frontend in Open-Xchange OX AppSuite 6.22.3 before 6.22.3-rev5 and 6.22.4 before 6.22.4-rev12 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. NOTE: the vulnerabilities related to the body of the email and th...

6.3AI score0.00748EPSS

Exploits0References5

Prion•added 2019/11/20 7:15 p.m.•13 views

Cross site scripting

Multiple cross-site scripting vulnerabilities in Tiki 7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to 1 tiki-adminsystem.php, 2 tiki-pagehistory.php, 3 tiki-removepage.php, or 4 tiki-renamepage.php...

4.3CVSS6.5AI score0.00313EPSS

Exploits2References1Affected Software1

Cvelist•added 2019/05/08 5:36 p.m.•19 views

CVE-2019-11398

Multiple cross-site scripting XSS vulnerabilities in UliCMS 2019.2 and 2019.1 allow remote attackers to inject arbitrary web script or HTML via the go parameter to admin/index.php, the go parameter to /admin/index.php?register=register, or the error parameter to admin/index.php?action=favicon...

6.1AI score0.02047EPSS

Exploits9References3

Cvelist•added 2019/03/12 9:0 p.m.•11 views

CVE-2019-5925

Cross-site scripting vulnerability in Dradis Community Edition Dradis Community Edition v3.11 and earlier and Dradis Professional Edition v3.1.1 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors...

5.1AI score0.00195EPSS

Exploits0References2

NVD•added 2019/01/03 7:29 p.m.•7 views

CVE-2018-19995

A stored cross-site scripting XSS vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" POST or "town" POST parameter to user/card.php...

5.4CVSS5AI score0.00132EPSS

Exploits0References2

NVD•added 2018/06/11 1:29 p.m.•9 views

CVE-2018-12111

Cross-site scripting XSS vulnerability in the Canon PrintMe EFI webinterface allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the /wt3/mydocs.php URI...

6.1CVSS6.1AI score0.00349EPSS

Exploits5References2

Cvelist•added 2018/05/10 3:0 a.m.•11 views

CVE-2018-10314

Cross-site scripting XSS vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover - Audit Scripts - List Scripts - Download section...

5.3AI score0.00194EPSS

Exploits5References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by