CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2025/10/28 3:16 p.m.•3 views

CVE-2025-34316

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the txtmailuser and txtmailpass parameters when updating the mail server settings. When a user updates the mail...

5.4CVSS5.9AI score0.00024EPSS

Exploits0References3

Vulnrichment•added 2025/10/28 2:36 p.m.•3 views

CVE-2025-34308 IPFire < v2.29 Stored XSS via Default Time Sync

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the UPDATEVALUE parameter when updating the default time synchronization settings. When the default values...

5.1CVSS5.6AI score0.00024EPSS

Exploits0References3

CNNVD•added 2025/10/28 12:0 a.m.•2 views

IPFire 安全漏洞

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from not properly cleaning or coding the UPDATEVALUE parameter, which can be exploited by an attacker to inject...

CNNVD•added 2025/10/28 12:0 a.m.•3 views

IPFire 安全漏洞

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by mail server settings. An attacker can exploit this...

5.4CVSS6.1AI score0.00024EPSS

CNNVD•added 2025/10/28 12:0 a.m.•2 views

IPFire 安全漏洞

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from not properly cleaning or coding the IGNOREENTRYREMARK parameter, which can be exploited by an attacker to...

CNNVD•added 2025/10/28 12:0 a.m.•1 views

IPFire 安全漏洞

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from the pienumber parameter not being properly cleaned and encoded, which can be exploited by an attacker to inje...

CNNVD•added 2025/10/28 12:0 a.m.•5 views

IPFire 安全漏洞

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire has a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the QUOTAUSERS parameter of the...

EUVD•added 2025/10/27 9:30 p.m.•2 views

EUVD-2025-36326

IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

6.4CVSS5.8AI score0.0002EPSS

Cvelist•added 2025/10/24 12:0 a.m.•4 views

CVE-2025-60936

Emoncms 11.7.3 is vulnerable to Cross Site in the input handling mechanism. This vulnerability allows authenticated attackers with API access to inject malicious JavaScript code that executes when administrators view the application logs...

0.00034EPSS

Exploits1References1

RedhatCVE•added 2025/10/23 7:16 p.m.•2 views

CVE-2025-62248

A reflected cross-site scripting XSS vulnerability, resulting from a regression, has been identified in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through...

4.8CVSS6AI score0.00028EPSS

CNNVD•added 2025/10/23 12:0 a.m.•3 views

Open Solution QuickCMS 跨站脚本漏洞

Open Solution QuickCMS is an Open Solution open source content management system. A cross-site scripting vulnerability exists in Open Solution QuickCMS version 6.8, which stems from multiple stored cross-site scripting vulnerabilities in the slider editor feature, which could lead to the injectio...

4.8CVSS6.3AI score0.00022EPSS

Github Security Blog•added 2025/10/21 9:33 p.m.•5 views

Liferay Portal reflected cross-site scripting (XSS) vulnerability in the google_gaget

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q3.0 through 2025.Q3.2, 2025.Q2.0 through 2025.Q2.12, 2025.Q1.0 through 2025.Q1.17, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13,...

6.9CVSS5.9AI score0.00025EPSS

Exploits0References6Affected Software1

RedhatCVE•added 2025/10/21 8:29 p.m.•3 views

CVE-2025-62528

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0...

5.4CVSS6.7AI score0.00022EPSS

NVD•added 2025/10/21 7:21 p.m.•1 views

CVE-2025-61255

Bank Locker Management System by PHPGurukul is affected by a Cross-Site Scripting XSS vulnerability via the /search parameter, where unsanitized input allows arbitrary HTML and JavaScript injection, potentially resulting in information disclosure and user redirection...

6.1CVSS0.00024EPSS

Cvelist•added 2025/10/21 6:12 p.m.•5 views

CVE-2025-62249

6.9CVSS0.00025EPSS

Vulnrichment•added 2025/10/21 6:12 p.m.•1 views

CVE-2025-62249

6.9CVSS5.5AI score0.00025EPSS

Vulnrichment•added 2025/10/21 12:0 a.m.•2 views

CVE-2025-61255

5.1AI score0.00024EPSS