CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3249 matches found

Positive Technologies•added 2025/04/01 12:0 a.m.•3 views

PT-2025-14183 · Maksym Marko · Mx Time Zone Clocks

Name of the Vulnerable Software and Affected Versions: Maksym Marko MX Time Zone Clocks versions n/a through 5.1.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an...

6.5CVSS6.8AI score0.00283EPSS

Exploits0References3

Github Security Blog•added 2025/03/28 3:31 p.m.•10 views

Duplicate Advisory: HAL Cross Site Scripting (XSS) vulnerability of user input when storing it in a data store

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f7jh-m6wp-jm7f. This link is maintained to preserve external references. Original Description A flaw was found in the JBoss EAP Management Console, where a stored Cross-site scripting vulnerability occurs when a...

6.5AI score

Exploits0References4Affected Software1

OSV•added 2025/03/28 3:31 p.m.•1 views

GHSA-HP88-HFJW-2HG4 Duplicate Advisory: HAL Cross Site Scripting (XSS) vulnerability of user input when storing it in a data store

4.6CVSS4.7AI score

Exploits0References4

Positive Technologies•added 2025/03/28 12:0 a.m.•1 views

PT-2025-13530 · Red Hat · Jboss Eap Management Console

Name of the Vulnerable Software and Affected Versions: JBoss EAP Management Console affected versions not specified Description: A stored Cross-site scripting issue occurs when the application fails to properly sanitize user input before storing it, allowing malicious scripts to execute in the...

4.6CVSS4.6AI score

Exploits0References12

CNVD•added 2025/03/26 12:0 a.m.•1 views

Moodle Cross-Site Scripting Vulnerability

Moodle is an open source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A cross-site scripting vulnerability exists in Moodle. The vulnerability stems from insufficient cleanup and leads to a cross-site scripting...

8.3CVSS6.5AI score0.00333EPSS

Exploits0References1

CNVD•added 2025/03/26 12:0 a.m.•2 views

Moodle Cross-Site Scripting Vulnerability (CNVD-2025-09240)

6.1CVSS5.9AI score0.00267EPSS

Exploits0References1

Veracode•added 2025/03/24 3:44 a.m.•4 views

Cross-Site Scripting (XSS)

clickstorm/cs-seo is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper encoding of user input in the TYPO3 backend user interface, allowing a logged-in backend user to inject malicious scripts...

6.4AI score0.00558EPSS

Exploits0References4Affected Software1

RedhatCVE•added 2025/03/22 1:32 p.m.•15 views

CVE-2024-10721

A stored cross-site scripting XSS vulnerability was discovered in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the application, which can be executed in the context of other users who view the affected page. The issue occurs in the circuits...

5.4CVSS5.8AI score0.00293EPSS

Exploits1References1

RedhatCVE•added 2025/03/22 11:40 a.m.•16 views

CVE-2024-11045

A Cross-Site WebSocket Hijacking CSWSH vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows an attacker to clone a malicious server extension from a GitHub repository. The vulnerability arises from the lack of proper validation on WebSocket connections at...

9.6CVSS6.8AI score0.00362EPSS

Exploits1References1

OSV•added 2025/03/20 12:32 p.m.•4 views

GHSA-W6HH-W36C-VXMW LocalAI Cross-Site Scripting (XSS) vulnerability in its search functionality

mudler/localai version v2.21.1 contains a Cross-Site Scripting XSS vulnerability in its search functionality. The vulnerability arises due to improper sanitization of user input, allowing the injection and execution of arbitrary JavaScript code. This can lead to the execution of malicious scripts...

5.4CVSS6.3AI score0.00457EPSS

Exploits1References4

Snyk•added 2025/03/20 12:32 p.m.•5 views

Cross-site Scripting (XSS)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS via the chat file upload functionality. An attacker can inject malicious scripts or content into a file, which, when accessed by a victim through a URL or shared chat, executes...

8.9CVSS6.2AI score0.00444EPSS

Exploits1References2

NVD•added 2025/03/20 10:15 a.m.•15 views

CVE-2025-0183

A stored cross-site scripting XSS vulnerability exists in the Latex Proof-Reading Module of binary-husky/gptacademic version 3.9.0. This vulnerability allows an attacker to inject malicious scripts into the debuglog.html file generated by the module. When an admin visits this debug report, the...

5.4CVSS0.00338EPSS

Exploits1References1

NVD•added 2025/03/20 10:15 a.m.•4 views

CVE-2024-9107

A stored cross-site scripting XSS vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, affecting version git 20b2e02. The vulnerability arises from improper sanitization of HTML tags in chat history uploads. Specifically, the sanitization logic fails to handle HTML tags within code...

6.8CVSS0.0047EPSS

Exploits1References1

NVD•added 2025/03/20 10:15 a.m.•16 views

CVE-2024-11045

9.6CVSS0.00362EPSS

Exploits1References1

Cvelist•added 2025/03/20 10:11 a.m.•6 views

CVE-2024-10721 Store XSS in phpipam/phpipam

3.5CVSS0.00293EPSS

Exploits1References2

Cvelist•added 2025/03/20 10:10 a.m.•11 views

CVE-2025-0192 Stored Cross-site Scripting (XSS) in wandb/openui

A stored Cross-site Scripting XSS vulnerability exists in the latest version of wandb/openui. The vulnerability is present in the edit HTML functionality, where an attacker can inject malicious scripts. When the modified HTML is shared with another user, the XSS payload executes, potentially...

5.4CVSS0.0026EPSS

Exploits0References1

CVE•added 2025/03/20 10:10 a.m.•45 views

CVE-2024-11045

The CVE-2024-11045 CSWSH issue affects automatic1111/stable-diffusion-webui 1.10.0, where lack of validation for WebSocket connections at ws://127.0.0.1:7860/queue/join enables unauthorized actions such as cloning server extensions, running malicious scripts, data exfiltration, and potential DoS....

9.6CVSS9AI score0.00362EPSS

Exploits1References1Affected Software1

CVE•added 2025/03/20 10:10 a.m.•38 views

CVE-2024-9107

CVE-2024-9107 describes a stored XSS in the gaizhenbiao/chuanhuchatgpt repository (version git 20b2e02) caused by improper sanitization of HTML tags in chat history uploads. The sanitization fails to handle HTML within code blocks, enabling injection of malicious JavaScript into the user’s browse...

6.8CVSS6.1AI score0.0047EPSS

Exploits1References1Affected Software1

Cvelist•added 2025/03/20 10:10 a.m.•9 views

CVE-2024-10719 Stored Cross-site Scripting (XSS) in phpipam/phpipam

A stored cross-site scripting XSS vulnerability exists in phpipam version 1.5.2, specifically in the circuits options functionality. This vulnerability allows an attacker to inject malicious scripts via the 'option' parameter in the POST request to...

2.4CVSS0.00291EPSS

Exploits1References2

Cvelist•added 2025/03/20 10:9 a.m.•32 views

CVE-2024-9900 Cross-Site Scripting (XSS) in mudler/localai

5.4CVSS0.00457EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by