CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5810 matches found

OSV•added 2025/10/03 2:15 p.m.•2 views

CVE-2025-60454

A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the image management module, specifically in the app\system\img\admin\imgadmin.class.php component. The vulnerability allows attackers to upload malicious SVG files containi...

6.1CVSS5.8AI score0.0001EPSS

Exploits1References1

OSV•added 2025/10/03 2:15 p.m.•2 views

CVE-2025-60452

A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the download management module, specifically in the app\system\download\admin\downloadadmin.class.php component. The vulnerability allows attackers to upload malicious SVG...

6.1CVSS5.8AI score0.00034EPSS

Exploits1References1

NVD•added 2025/10/03 2:15 p.m.•2 views

CVE-2025-60452

6.1CVSS0.00034EPSS

Exploits1References1

NVD•added 2025/10/03 2:15 p.m.•2 views

CVE-2025-60453

A stored Cross-Site Scripting XSS vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the column management module, specifically in the app\system\column\admin\index.class.php component. The vulnerability allows attackers to upload malicious SVG files...

6.1CVSS0.0001EPSS

Exploits1References1

Cvelist•added 2025/10/03 12:0 a.m.•6 views

CVE-2025-60452

0.00034EPSS

Exploits1References1

Vulnrichment•added 2025/10/03 12:0 a.m.•4 views

CVE-2025-60452

5.8AI score0.00034EPSS

Exploits1References1

Positive Technologies•added 2025/10/03 12:0 a.m.•3 views

PT-2025-40523

Name of the Vulnerable Software and Affected Versions MetInfo CMS version 8.0 Description A stored Cross-Site Scripting XSS issue exists in the image management module of the software. The vulnerability is located in the appsystemimgadminimg admin.class.php component. Attackers can upload malicio...

6.1CVSS5.8AI score0.0001EPSS

Exploits1References3

Cvelist•added 2025/10/03 12:0 a.m.•5 views

CVE-2025-60448

A stored Cross-Site Scripting XSS vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists due to insufficient validation of SVG file uploads in the /admin/media.php component, allowing attackers to upload malicious SVG files containing JavaScript code that executes when th...

0.00034EPSS

Exploits1References1

Cvelist•added 2025/10/03 12:0 a.m.•5 views

CVE-2025-60453

0.0001EPSS

Exploits1References1

CVE•added 2025/10/03 12:0 a.m.•5 views

CVE-2025-60453

MetInfo CMS 8.0 is affected in the column management module (app\system\column\admin\index.class.php). The issue is a stored XSS vulnerability that allows attackers to upload SVG files containing JavaScript, which executes when the uploaded file is viewed or accessed by users. This aligns with mu...

6.1CVSS5.7AI score0.0001EPSS

Exploits1References1Affected Software1

Positive Technologies•added 2025/10/03 12:0 a.m.•3 views

PT-2025-40518

Name of the Vulnerable Software and Affected Versions XunRuiCMS version 4.7.1 Description A stored Cross-Site Scripting XSS issue exists because of inadequate validation of SVG file uploads within the dayrui/Fcms/Library/Upload.php component. This allows attackers to inject malicious JavaScript...

6.1CVSS5.7AI score0.00034EPSS

Exploits1References3

Vulnrichment•added 2025/10/03 12:0 a.m.•2 views

CVE-2025-60453

5.7AI score0.0001EPSS

Exploits1References1

Vulnrichment•added 2025/10/03 12:0 a.m.•2 views

CVE-2025-60448

5.7AI score0.00034EPSS

Exploits1References1

CVE•added 2025/10/03 12:0 a.m.•6 views

CVE-2025-60450

MetInfo CMS 8.0 is affected by a stored XSS in file upload handling. The vulnerability arises from insufficient validation and sanitization of SVG uploads in app\system\include\module\editor\Uploader.class.php, allowing an attacker to upload SVG files containing JavaScript that executes when view...

6.1CVSS5.7AI score0.0004EPSS

Exploits1References1Affected Software1

CVE•added 2025/10/03 12:0 a.m.•7 views

CVE-2025-60447

CVE-2025-60447 describes a stored XSS in Emlog Pro 2.5.19, in the email template configuration page (/admin/setting.php?action=mail). User input HTML is not sanitized, allowing persistent JavaScript execution. Connected advisories (Red Hat, CVE listings, PT Security) corroborate the issue and sug...

5.9CVSS5.7AI score0.00066EPSS

Exploits1References1Affected Software1

Cvelist•added 2025/10/03 12:0 a.m.•4 views

CVE-2025-60454

0.0001EPSS

Exploits1References1

Positive Technologies•added 2025/10/03 12:0 a.m.•3 views

PT-2025-40521

Name of the Vulnerable Software and Affected Versions MetInfo CMS version 8.0 Description A stored Cross-Site Scripting XSS issue exists in the download management module of the software. The vulnerability is located in the appsystemdownloadadmindownload admin.class.php component. Attackers can...

6.1CVSS6AI score0.00034EPSS

Exploits1References3

Vulnrichment•added 2025/10/03 12:0 a.m.•2 views

CVE-2025-60447

A stored Cross-Site Scripting XSS vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists in the email template configuration component located at /admin/setting.php?action=mail, which allows administrators to input HTML code that is not properly sanitized, leading to...

5.7AI score0.00066EPSS

Exploits1References1

Vulnrichment•added 2025/10/03 12:0 a.m.•2 views

CVE-2025-60454

5.7AI score0.0001EPSS

Exploits1References1

RedhatCVE•added 2025/10/02 11:27 p.m.•7 views

CVE-2025-60991

A reflected cross-site scripted XSS vulnerability in Codazon Magento Themes v1.1.0.0 to v2.4.7 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload injected into the cat parameter...

8.8CVSS6.6AI score0.0004EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by