CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

34 matches found

CNNVD•added 2025/12/17 12:0 a.m.•3 views

ChurchCRM 跨站脚本漏洞

ChurchCRM is an open source church management system. ChurchCRM suffers from a cross-site scripting vulnerability that originates from a low-privileged user being able to inject persistent JavaScript into group role names, which can be exploited by an attacker to cause an account takeover...

9.3CVSS5.6AI score0.00165EPSS

Exploits2References2

EUVD•added 2025/10/13 12:31 p.m.•3 views

EUVD-2025-34062

QGIS QWC2 Cross-Site Scripting vulnerability...

6.9CVSS5.8AI score0.00401EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2006-2366

Malware in sbrugna...

5.8CVSS6.4AI score0.01547EPSS

Exploits1References3

Positive Technologies•added 2025/08/21 12:0 a.m.•4 views

PT-2025-34283 · Esri · Esri Portal For Arcgis Enterprise Sites

Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 through 11.4 Description: A stored Cross-site Scripting issue exists in Esri Portal for ArcGIS Enterprise Sites that may allow a remote, authenticated attacker to inject a malicious file...

4.8CVSS5.5AI score0.00209EPSS

Exploits0References5

Vulnrichment•added 2025/08/19 8:24 a.m.•4 views

CVE-2025-8567 Nexter Blocks <= 4.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets

The Nexter Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 4.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.4CVSS6AI score0.00222EPSS

Exploits0References3

RedhatCVE•added 2025/08/17 8:29 a.m.•11 views

CVE-2025-7688

The Add User Meta plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the 'add-user-meta' page. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS6.7AI score0.00141EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 9:25 a.m.•3 views

CVE-2024-3246

The LiteSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0.1. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the token setting and inject malicious JavaScrip...

6.1CVSS5.3AI score0.00167EPSS

Exploits0References1

CNVD•added 2024/09/09 12:0 a.m.•6 views

ZZCMS caina.php Cross-Site Scripting Vulnerability

ZZCMS is a content management system by the ZZCMS team in China. A cross-site scripting vulnerability exists in ZZCMS caina.php handling HTTPReferer, which can be exploited by a remote attacker to inject malicious script or HTML code, which can be used to obtain sensitive information or hijack us...

5.4CVSS5.7AI score0.00376EPSS

Exploits1References1

CNNVD•added 2024/01/23 12:0 a.m.•3 views

Trend Micro Apex Central 安全漏洞

Trend Micro Apex Central is a Web-based product console from Trend Micro. A cross-site scripting vulnerability exists in Trend Micro Apex Central, which can be exploited by an attacker to inject malicious script or HTML code...

6.1CVSS5.9AI score0.02454EPSS

Exploits0References3

OSV•added 2023/06/03 5:15 a.m.•3 views

CVE-2023-2303

The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.4. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin...

6.1CVSS6.7AI score0.00293EPSS

Exploits1References3

Vulnrichment•added 2023/06/01 12:0 a.m.•6 views

CVE-2023-30758

Cross-site scripting vulnerability in Pleasanter 1.3.38.1 and earlier allows a remote authenticated attacker to inject an arbitrary script...

5.2AI score0.00671EPSS

Exploits1References3

Github Security Blog•added 2022/04/29 1:25 a.m.•31 views

Mailman Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the 1 email or 2 language parameters...

4.3CVSS6AI score0.04721EPSS

Exploits0References9Affected Software1

CNNVD•added 2021/08/03 12:0 a.m.•4 views

HTMLy 跨站脚本漏洞

HTMLy is a PHP-based open source blogging platform. A cross-site scripting vulnerability exists in htmly version 2.8.1, which can be exploited by remote attackers to send an authenticated post request to admin/config and inject arbitrary web script or HTML...

6.1CVSS5.8AI score0.00931EPSS

Exploits1References1

CNVD•added 2019/02/12 12:0 a.m.•1 views

Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability (CNVD-2019-04920)

Cisco TelePresence Management Suite is a Cisco video server management program. A cross-site scripting vulnerability exists in Cisco TelePresence Management Suite, which can be exploited by remote attackers to inject malicious script or HTML code...

6.1CVSS6.1AI score0.01211EPSS

Exploits0References1

CNVD•added 2019/01/09 12:0 a.m.•4 views

Bootstrap Cross-Site Scripting Vulnerability (CNVD-2019-23270)

Bootstrap is an open source web front-end framework developed using HTML, CSS and JavaScript . A cross-site scripting vulnerability exists in affix in Bootstrap versions prior to 3.4.0, which can be exploited by remote attackers to inject arbitrary web script or HTML...

6.1CVSS6.3AI score0.03984EPSS

Exploits1References1

CNVD•added 2017/12/22 12:0 a.m.•2 views

Bus Booking Script Cross-Site Scripting Vulnerability

Bus Booking Script is an online bus booking management system based on PHP and MySQL. A cross-site scripting vulnerability exists in Bus Booking Script. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

4.8CVSS6.4AI score0.00542EPSS

Exploits1References1

CNVD•added 2017/09/21 12:0 a.m.•1 views

WordPress Visual Editor Cross-Site Scripting Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress visual editor. A remote attacker can exploit this vulnerability ...

6.1AI score

Exploits0References1

exploitpack•added 2017/05/30 12:0 a.m.•40 views

KEMP LoadMaster 7.135.0.13245 - Persistent Cross-Site Scripting Remote Code Execution

KEMP LoadMaster 7.135.0.13245 - Persistent Cross-Site Scripting Remote Code Execution Vulnerability Summary KEMP’s main product, the LoadMaster, is a load balancer built on its own proprietary software platform called LMOS, that enables it to run on almost any platform: As a KEMP LoadMaster...

0.3AI score

Exploits0

OSV•added 2016/12/01 11:59 a.m.•2 views

CVE-2016-2994

Cross-site scripting XSS vulnerability in IBM UrbanCode Deploy 6.2.x before 6.2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

5.4CVSS5.9AI score0.00642EPSS

Exploits0References2

OSV•added 2016/11/25 3:59 a.m.•3 views

CVE-2016-2986

Cross-site scripting XSS vulnerability in IBM Rational Collaborative Lifecycle Management 6.x before 6.0.1 iFix6, Rational Quality Manager 6.x before 6.0.1 iFix6, Rational Team Concert 6.x before 6.0.1 iFix6, Rational DOORS Next Generation 6.x before 6.0.1 iFix6, Rational Engineering Lifecycle...

5.4CVSS5.9AI score0.00615EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by