CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2025/04/15 12:0 a.m.•5 views

PT-2025-16496

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description The issue is due to a lack of server-side input validation, allowing attackers to inject malicious JavaScript code into users' personal spaces of the web portal. Recommendations At the moment,...

9.8CVSS6.6AI score0.00978EPSS

Exploits0References8

RedhatCVE•added 2025/04/11 2:58 p.m.•6 views

CVE-2023-33844

IBM Security Verify Governance 10.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.4CVSS6.3AI score0.00196EPSS

Positive Technologies•added 2025/04/11 12:0 a.m.•3 views

PT-2025-16183 · Ibm · Ibm Aspera Faspex

Name of the Vulnerable Software and Affected Versions: IBM Aspera Faspex versions 5.0.0 through 5.0.11 Description: The issue allows an authenticated user to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within...

5.5CVSS6.1AI score0.00214EPSS

Exploits0References9

Tenable Nessus•added 2025/04/11 12:0 a.m.•9 views

SAP NetWeaver AS ABAP XSS (3559307)

The remote SAP NetWeaver ABAP server may be affected by an information disclosure vulnerability. SAP NetWeaver Application Server ABAP does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting XSS vulnerability. This enables an attacker, without requiring any...

4.7CVSS5.5AI score0.00217EPSS

Snyk•added 2025/04/10 6:49 p.m.•3 views

Cross-site Scripting (XSS)

Overview mediawiki/core is a Free software wiki application developed by the Wikimedia Foundation and others. Note: This package is not maintained on Packagist anymore, but newer releases exist. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper handling ...

6.1CVSS5.2AI score0.00307EPSS

Vulnrichment•added 2025/04/10 6:30 p.m.•10 views

CVE-2025-32699 Potential javascript injection attack enabled by Unicode normalization in Action API

Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2...

2.1CVSS6.6AI score0.00307EPSS

CVE•added 2025/04/10 6:30 p.m.•75 views

CVE-2025-32699

CVE-2025-32699 affects Wikimedia Foundation MediaWiki and Parsoid. Affected: MediaWiki before 1.39.12, 1.42.6, 1.43.1; Parsoid before 0.16.5, 0.19.2, 0.20.2. Root cause: Unicode normalization enabling a potential JavaScript injection via Action API (i.e., abuse of the API to inject JS). Impacts: ...

2.1CVSS6.6AI score0.00307EPSS

Cvelist•added 2025/04/10 6:30 p.m.•22 views

CVE-2025-32699 Potential javascript injection attack enabled by Unicode normalization in Action API

Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid.This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1; Parsoid: before 0.16.5, 0.19.2, 0.20.2...

2.1CVSS0.00307EPSS

NVD•added 2025/04/10 1:15 p.m.•8 views

CVE-2025-30148

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. Prior to 5.3.23, bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The...

5.4CVSS0.00224EPSS

OSV•added 2025/04/10 1:2 p.m.•7 views

CVE-2025-30148 Silverstripe Framework has a XSS vulnerability in HTML editor

5.4CVSS6.4AI score0.00224EPSS

Exploits0References5

Cvelist•added 2025/04/10 1:2 p.m.•13 views

CVE-2025-30148 Silverstripe Framework has a XSS vulnerability in HTML editor

5.4CVSS0.00224EPSS

RedhatCVE•added 2025/04/10 7:46 a.m.•7 views

CVE-2025-26653

SAP NetWeaver Application Server ABAP does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting XSS vulnerability. This enables an attacker, without requiring any privileges, to inject malicious JavaScript into a website. When a user visits the compromised page,...

4.7CVSS5.8AI score0.00217EPSS

Exploit DB•added 2025/04/10 12:0 a.m.•256 views

CodeAstro Online Railway Reservation System 1.0 - Cross Site Scripting (XSS)

Exploit Title: CodeAstro Online Railway Reservation System 1.0 - Cross Site Scripting XSS Date: 2024-08-15 Exploit Author: Raj Nandi Vendor Homepage: https://codeastro.com/ Software Link: https://codeastro.com/online-railway-reservation-system-in-php-with-source-code/ Version: 1.0 Tested on: Any ...

5.1CVSS5.2AI score0.00622EPSS

Exploits3

Positive Technologies•added 2025/04/10 12:0 a.m.•3 views

PT-2025-15981 · Silverstripe · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: Silverstripe Framework versions prior to 5.3.23 Description: A bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front e...

5.4CVSS6.1AI score0.00224EPSS

Exploits0References12

Vulnrichment•added 2025/04/08 7:10 a.m.•5 views

CVE-2025-26653 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)

4.7CVSS5.9AI score0.00217EPSS

CVE•added 2025/04/08 7:10 a.m.•48 views

CVE-2025-26653

SAP NetWeaver Application Server ABAP is affected by a Stored XSS due to insufficient encoding of user-controlled inputs. Affected component: SAP NetWeaver AS ABAP (applications based on SAP GUI for HTML). Impact: attacker can inject and execute malicious JavaScript in a victim’s browser, comprom...

4.7CVSS5.9AI score0.00217EPSS

Cvelist•added 2025/04/08 7:10 a.m.•13 views

CVE-2025-26653 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)

4.7CVSS0.00217EPSS