CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

CVE•added 2026/01/28 6:43 a.m.•17 views

CVE-2025-14039

CVE-2025-14039 – Simple Folio (WordPress) Stored XSS : WordPress plugin Simple Folio is vulnerable to stored XSS via the meta fields _simple_folio_item_client_name and _simple_folio_item_link in all versions up to 1.1.1. Exploitation requires authenticated access at Contributor level or higher, e...

6.4CVSS6AI score0.00019EPSS

Exploits0References6

RedhatCVE•added 2026/01/14 11:19 p.m.•2 views

CVE-2022-50937

Ametys CMS v4.4.1 contains a persistent cross-site scripting vulnerability in the link directory's input fields for external links. Attackers can inject malicious script code in link text and descriptions to execute persistent attacks that compromise user sessions and manipulate application modul...

6.1CVSS6.5AI score0.00056EPSS

Exploits1References1

OSV•added 2026/01/13 11:15 p.m.•0 views

CVE-2022-50937

6.1CVSS5.8AI score

Exploits0References4

OSV•added 2025/03/19 6:52 p.m.•2 views

DRUPAL-CONTRIB-2025-024

This module adds a formatter for link fields that displays the current entity with another view mode inside the link. Drupal core does not sufficiently sanitize link element attributes, which can lead to a Cross Site Scripting vulnerability XSS. A separate fix for Drupal core has been released bu...

6.1CVSS6.3AI score0.00525EPSS

Exploits0References1

OSV•added 2024/05/30 9:25 p.m.•8 views

GHSA-75MX-CHCF-2Q32 Duplicate Advisory: TYPO3 Cross-Site Scripting vulnerability in typolinks

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j5v7-9xr5-m7gx. This link is maintained to preserve external references. Original Description All link fields within the TYPO3 installation are vulnerable to Cross-Site Scripting as authorized editors can insert...

6.1CVSS5.4AI score

Exploits0References6

Positive Technologies•added 2024/05/30 12:0 a.m.•3 views

PT-2024-40146 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 affected versions not specified Description: The issue concerns Cross-Site Scripting where authorized editors can insert javascript commands by using the url scheme javascript: in all link fields within the TYPO3 installation...

6.1CVSS6.7AI score

Exploits0References7

CNVD•added 2024/03/14 12:0 a.m.•21 views

Kirby CMS Cross-Site Scripting Vulnerability

Kirby is a document-based content management system CMS. A cross-site scripting vulnerability exists in Kirby CMS version v4.1.0, which stems from a lack of effective filtering and escaping of user-supplied data in link fields, and can be exploited by an attacker to execute arbitrary web script o...

6.1CVSS6AI score0.0009EPSS

Exploits1References1

CNNVD•added 2024/02/22 12:0 a.m.•1 views

Kirby 安全漏洞

6.1CVSS6AI score0.0009EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by