CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3242 matches found

Positive Technologies•added 2025/12/18 12:0 a.m.•2 views

PT-2025-52305

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A stored cross-site scripting issue exists in Kentico Xperience. This allows attackers to inject malicious scripts through the form redirect URL configuration. Successful exploitati...

5.4CVSS5.8AI score0.00024EPSS

Exploits0References5

CNNVD•added 2025/12/18 12:0 a.m.•1 views

Kentico Xperience 跨站脚本漏洞

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute malicious script in an administrator user's browser...

6.1CVSS5.7AI score0.00024EPSS

Exploits0References2

Positive Technologies•added 2025/12/18 12:0 a.m.•4 views

PT-2025-52302

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A stored cross-site scripting issue exists in Kentico Xperience. Administration users can inject malicious scripts through email marketing templates. Exploitation allows attackers t...

5.1CVSS5.8AI score0.00022EPSS

Exploits0References5

CNNVD•added 2025/12/18 12:0 a.m.•2 views

Kentico Xperience 跨站脚本漏洞

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...

5.4CVSS5.9AI score0.00024EPSS

Exploits0References2

CNNVD•added 2025/12/18 12:0 a.m.•2 views

Kentico Xperience 跨站脚本漏洞

Kentico Xperience is a digital experience platform from Kentico. A cross-site scripting vulnerability exists in the Kentico Xperience email marketing templates, which can be exploited by attackers to execute malicious scripts that can compromise a user's browser and steal sensitive information...

5.1CVSS5.7AI score0.00022EPSS

Exploits0References2

CNNVD•added 2025/12/18 12:0 a.m.•2 views

Kentico Xperience 跨站脚本漏洞

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...

5.4CVSS5.9AI score0.00024EPSS

Exploits0References2

Cvelist•added 2025/12/17 10:44 p.m.•17 views

CVE-2023-53915 Zenphoto 1.6 Stored Cross-Site Scripting via Album Description

Zenphoto 1.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting HTML content into album descriptions. Attackers can create albums with malicious iframe or script tags in the description field that execute when users vi...

5.1CVSS0.00024EPSS

Exploits1References3

Positive Technologies•added 2025/12/17 12:0 a.m.•7 views

PT-2025-51969

Name of the Vulnerable Software and Affected Versions Revive Adserver version 5.4.1 Description Revive Adserver 5.4.1 has a cross-site scripting issue in the banner advanced configuration page. This allows attackers to inject malicious scripts. An attacker can create a malicious link to the...

6.1CVSS5.8AI score0.00024EPSS

Exploits1References7

Positive Technologies•added 2025/12/17 12:0 a.m.•3 views

PT-2025-51970

Name of the Vulnerable Software and Affected Versions Serendipity version 2.4.0 Description An authenticated user can inject malicious scripts through blog entry creation. An attacker can create blog entries with JavaScript payloads that execute when other users view the compromised post. This is...

5.4CVSS5.8AI score0.00024EPSS

Exploits1References9

RedhatCVE•added 2025/12/16 8:44 p.m.•2 views

CVE-2023-53890

Perch CMS 3.2 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags that execute when the file is viewed, potentially stealing user session information or performi...

5.4CVSS6.1AI score0.00025EPSS

Exploits1References1

CVE•added 2025/12/15 8:28 p.m.•7 views

CVE-2023-53891

Blackcat CMS 1.4 contains a stored cross-site scripting vulnerability exploitable by authenticated users via the page modification interface. Malicious JavaScript payloads inserted into page content can execute when other users view the affected page. Root cause and impact are as described in con...

5.4CVSS5.6AI score0.00024EPSS

Exploits1References3Affected Software1

CNNVD•added 2025/12/15 12:0 a.m.•3 views

Coppermine Photo Gallery 安全漏洞

Coppermine Photo Gallery CPG is a web-based photo album management system written in PHP by Coppermine team. The system provides user management, album password access restrictions and automatic generation of thumbnails and other features. A security vulnerability exists in Coppermine Photo Galle...

8.8CVSS8.2AI score0.00505EPSS

Exploits1References5

Veracode•added 2025/12/13 6:56 a.m.•4 views

Cross-site Scripting (XSS)

Magento versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a...

8.4CVSS8.5AI score0.00709EPSS

Exploits0References2Affected Software1

Veracode•added 2025/12/13 6:16 a.m.•5 views

Cross Site Scripting (XSS)

code16/sharp is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation and output encoding in src/Form/Fields/SharpFormUploadField.php, which allows an attacker to inject and execute arbitrary malicious scripts in a victim’s browser...

6.1CVSS6.8AI score0.0003EPSS

Exploits0References7Affected Software1

Veracode•added 2025/12/13 6:8 a.m.•10 views

Stored Cross-Site Scripting (XSS)

getgrav/grav is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization in the dataheadertemplate parameter at the /admin/pages/page endpoint, which allows an attacker to inject and store malicious scripts that execute when the content is rendere...

6.2CVSS6AI score0.00024EPSS

Exploits1References2Affected Software1

EUVD•added 2025/12/12 7:23 a.m.•1 views

EUVD-2025-203048

Frappe Learning Management System LMS is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated users to add malicious HTML and JavaScript through description fields in the Job, Course and Batch forms. This issue is fixed in version 2.42.0...

5.1CVSS5.9AI score0.00025EPSS

Exploits0References2

RedhatCVE•added 2025/12/11 7:1 p.m.•4 views

CVE-2025-64840

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.6AI score0.00025EPSS

Exploits0References1

RedhatCVE•added 2025/12/11 7:1 p.m.•3 views

CVE-2025-64619

5.4CVSS5.5AI score0.00025EPSS

Exploits0References1

RedhatCVE•added 2025/12/11 7:1 p.m.•2 views

CVE-2025-64572

5.4CVSS5.5AI score0.00025EPSS

Exploits0References1

RedhatCVE•added 2025/12/11 7:1 p.m.•4 views

CVE-2025-64541