CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3249 matches found

OSV•added 2025/12/18 8:15 p.m.•3 views

CVE-2024-58321

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form validation rule configuration. Attackers can exploit this vulnerability to execute malicious scripts that will run in users' browsers...

5.4CVSS5.8AI score0.00138EPSS

Exploits0References2

NVD•added 2025/12/18 8:15 p.m.•3 views

CVE-2024-58318

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the rich text editor component for page and form builders. Attackers can exploit this vulnerability by entering malicious URIs, potentially allowing malicious scripts to execute in...

6.1CVSS0.00139EPSS

Exploits0References2

OSV•added 2025/12/18 8:15 p.m.•3 views

CVE-2020-36891

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to upload files with spoofed Content-Type that do not match file extensions. Attackers can exploit this vulnerability by uploading malicious files with manipulated MIME types, allowing malicious scripts to execute i...

5.4CVSS5.8AI score0.00179EPSS

Exploits0References2

OSV•added 2025/12/18 8:15 p.m.•3 views

CVE-2022-50680

A stored cross-site scripting vulnerability in Kentico Xperience allows administration users to inject malicious scripts via email marketing templates. Attackers can exploit this vulnerability to execute malicious scripts that could compromise user browsers and steal sensitive information...

4.8CVSS5.8AI score

Exploits0References2

NVD•added 2025/12/18 8:15 p.m.•4 views

CVE-2022-50680

5.1CVSS0.0017EPSS

Exploits0References2

Vulnrichment•added 2025/12/18 7:53 p.m.•4 views

CVE-2022-50683 Kentico Xperience <= 13.0.74 Form Configuration Stored XSS

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form redirect URL configuration. This allows malicious scripts to execute in users' browsers through unvalidated form configuration settings...

5.4CVSS5.9AI score0.00138EPSS

Exploits0References2

Vulnrichment•added 2025/12/18 7:53 p.m.•2 views

CVE-2020-36889 Kentico Xperience <= 12.0.90 Administration Interface Stored XSS

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via error messages containing specially crafted object names. This allows malicious scripts to execute in users' browsers when administrators view error messages in the administration...

5.4CVSS5.8AI score0.00179EPSS

Exploits0References2

Positive Technologies•added 2025/12/18 12:0 a.m.•4 views

PT-2025-52302

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A stored cross-site scripting issue exists in Kentico Xperience. Administration users can inject malicious scripts through email marketing templates. Exploitation allows attackers t...

5.1CVSS5.8AI score0.0017EPSS

Exploits0References5

CNNVD•added 2025/12/18 12:0 a.m.•3 views

Kentico Xperience 跨站脚本漏洞

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...

5.4CVSS5.9AI score0.00138EPSS

Exploits0References2

CNNVD•added 2025/12/18 12:0 a.m.•2 views

Kentico Xperience 跨站脚本漏洞

5.4CVSS5.9AI score0.00138EPSS

Exploits0References2

CNNVD•added 2025/12/18 12:0 a.m.•3 views

Kentico Xperience 跨站脚本漏洞

Kentico Xperience is a digital experience platform from Kentico. A cross-site scripting vulnerability exists in the Kentico Xperience email marketing templates, which can be exploited by attackers to execute malicious scripts that can compromise a user's browser and steal sensitive information...

5.1CVSS5.7AI score0.0017EPSS

Exploits0References2

CNNVD•added 2025/12/18 12:0 a.m.•3 views

Kentico Xperience 跨站脚本漏洞

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute malicious script in an administrator user's browser...

6.1CVSS5.7AI score0.00155EPSS

Exploits0References2

Positive Technologies•added 2025/12/18 12:0 a.m.•2 views

PT-2025-52305

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A stored cross-site scripting issue exists in Kentico Xperience. This allows attackers to inject malicious scripts through the form redirect URL configuration. Successful exploitati...

5.4CVSS5.8AI score0.00138EPSS

Exploits0References5

Cvelist•added 2025/12/17 10:44 p.m.•17 views

CVE-2023-53915 Zenphoto 1.6 Stored Cross-Site Scripting via Album Description

Zenphoto 1.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting HTML content into album descriptions. Attackers can create albums with malicious iframe or script tags in the description field that execute when users vi...

5.1CVSS0.00255EPSS

Exploits1References3

Positive Technologies•added 2025/12/17 12:0 a.m.•3 views

PT-2025-51970

Name of the Vulnerable Software and Affected Versions Serendipity version 2.4.0 Description An authenticated user can inject malicious scripts through blog entry creation. An attacker can create blog entries with JavaScript payloads that execute when other users view the compromised post. This is...

5.4CVSS5.8AI score0.00205EPSS

Exploits1References9

Positive Technologies•added 2025/12/17 12:0 a.m.•12 views

PT-2025-51969

Name of the Vulnerable Software and Affected Versions Revive Adserver version 5.4.1 Description Revive Adserver 5.4.1 has a cross-site scripting issue in the banner advanced configuration page. This allows attackers to inject malicious scripts. An attacker can create a malicious link to the...

6.1CVSS5.8AI score0.02256EPSS

Exploits1References7

RedhatCVE•added 2025/12/16 8:44 p.m.•3 views

CVE-2023-53890

Perch CMS 3.2 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags that execute when the file is viewed, potentially stealing user session information or performi...

5.4CVSS6.1AI score0.00198EPSS

Exploits1References1

CVE•added 2025/12/15 8:28 p.m.•7 views

CVE-2023-53891

Blackcat CMS 1.4 contains a stored cross-site scripting vulnerability exploitable by authenticated users via the page modification interface. Malicious JavaScript payloads inserted into page content can execute when other users view the affected page. Root cause and impact are as described in con...

5.4CVSS5.6AI score0.00205EPSS

Exploits1References3Affected Software1

CNNVD•added 2025/12/15 12:0 a.m.•4 views

Coppermine Photo Gallery 安全漏洞

Coppermine Photo Gallery CPG is a web-based photo album management system written in PHP by Coppermine team. The system provides user management, album password access restrictions and automatic generation of thumbnails and other features. A security vulnerability exists in Coppermine Photo Galle...

8.8CVSS8.2AI score0.00731EPSS

Exploits1References5

Veracode•added 2025/12/13 6:56 a.m.•7 views

Cross-site Scripting (XSS)

Magento versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a...

8.4CVSS8.5AI score0.007EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by