CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/03/31 1:51 p.m.•1 views

CVE-2026-20915 Stored cross-site scripting in Pending Changes sidebar

Stored cross-site scripting XSS in Checkmk version 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create pending changes to inject malicious JavaScript into the Pending Changes sidebar, which will execute in the browsers of other users viewing the sidebar...

8.5CVSS5.9AI score0.00032EPSS

NVD•added 2026/03/23 10:16 p.m.•1 views

CVE-2025-60948

Census CSWeb 8.0.1 allows stored cross-site scripting in user supplied fields. A remote, authenticated attacker could store malicious javascript that executes in a victim's browser. Fixed in 8.1.0 alpha...

5.4CVSS0.00056EPSS

Exploits0References4

CVE•added 2026/03/23 9:0 p.m.•4 views

CVE-2025-60948

CVE-2025-60948 affects Census CSWeb 8.0.1, which allows stored cross-site scripting in user-supplied fields. A remote, authenticated attacker could store malicious JavaScript that executes in a victim’s browser. The issue is fixed in version 8.1.0 alpha. If you use CSWeb, upgrade to 8.1.0 alpha o...

5.4CVSS5.6AI score0.00056EPSS

Exploits0References4Affected Software1

CNNVD•added 2026/03/19 12:0 a.m.•2 views

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout 1.8.208 and earlier contain security vulnerabilities. These vulnerabilities stem from issues with the attachment handling logic and the SVG...

8.5CVSS5.8AI score0.0004EPSS

Exploits1References3

Positive Technologies•added 2026/03/18 12:0 a.m.•2 views

PT-2026-26204

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.14 and 6.7.0, a stored XSS vulnerability in SVG asset reuploads allows authenticated users with asset upload permissions to bypass SVG sanitization and inject malicious JavaScript that executes when the...

8.7CVSS5.7AI score0.00014EPSS

Exploits0References7

CNVD•added 2026/03/16 12:0 a.m.•0 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-13974)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS5.7AI score0.00041EPSS

CNVD•added 2026/03/16 12:0 a.m.•0 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-13975)

EUVD•added 2026/03/13 9:31 p.m.•0 views

EUVD-2026-11751

wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through unescaped attachment URLs in HTML output by exploiting the WpdiscuzHelperUpload class. Attackers can craft malicious attachment records or filter hooks to inject arbitrary...

4.4CVSS5.9AI score0.00052EPSS

Exploits0References4

Snyk•added 2026/03/11 10:40 p.m.•0 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the upload of .prologue.html file when a crafted URL is accessed. An attacker can execute arbitrary JavaScript in the context of another user's session by uploading a malicious .prologue.html file and tricki...

4.4CVSS5.7AI score0.0001EPSS

EUVD•added 2026/03/11 3:31 a.m.•0 views

EUVD-2026-11014

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

EUVD•added 2026/03/11 3:31 a.m.•2 views

EUVD-2026-10962

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

ATTACKERKB•added 2026/03/11 12:23 a.m.•3 views

CVE-2026-27223

CVE•added 2026/03/11 12:23 a.m.•2 views

CVE-2026-27256

CVE-2026-27256 affects Adobe Experience Manager 6.5.23 and earlier. It is a stored XSS in form fields, allowing a low-privileged attacker to inject JavaScript executed in victims’ browsers. Remediation: update to 6.5.24 or later (vendor advisories indicate fixes were released).

Exploits0References1Affected Software1

OSV•added 2026/03/03 2:15 p.m.•0 views

CVE-2026-3343

A reflected cross-site scripting XSS vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link. This vulnerability affects Fireware OS 12.7 up to and including 12.11.7...

6.1CVSS5.8AI score

Cvelist•added 2026/03/03 5:0 a.m.•22 views

CVE-2026-3455

Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting XSS via the textToHtml function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedded...

6.1CVSS0.00056EPSS

Exploits1References4

Positive Technologies•added 2026/03/03 12:0 a.m.•3 views

PT-2026-22733

5.1CVSS5.9AI score0.00045EPSS