CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2025/02/11 5:37 p.m.•90 views

CVE-2025-24412

CVE-2025-24412 affects Adobe Commerce and Magento Open Source, with stored XSS in vulnerable form fields across multiple 2.4.x releases (e.g., 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier). The underlying issue is a stored XSS that an attacker with low privileges can abuse to...

8.7CVSS7.5AI score0.00656EPSS

Vulnrichment•added 2025/02/11 5:37 p.m.•8 views

CVE-2025-24428 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed...

5.4CVSS5.3AI score0.0038EPSS

CVE•added 2025/02/11 5:37 p.m.•71 views

CVE-2025-24428

CVE-2025-24428 concerns a stored Cross-Site Scripting (XSS) vulnerability in Adobe Commerce. Affected are Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The flaw allows a low-privileged attacker to inject malicious scripts into vulnerable form fields, w...

5.4CVSS5.3AI score0.0038EPSS

Vulnrichment•added 2025/02/11 5:37 p.m.•11 views

CVE-2025-24410 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

8.7CVSS5.2AI score0.00656EPSS

CVE•added 2025/02/11 5:37 p.m.•107 views

CVE-2025-24410

Adobe Commerce (Magento) stores XSS in forms across versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier. The underlying issue allows low-privilege attackers to inject malicious scripts, potentially leading to session takeover and compromising confidentiality and integrity. ...

8.7CVSS7.5AI score0.00656EPSS

Cvelist•added 2025/02/11 5:37 p.m.•13 views

CVE-2025-24410 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

8.7CVSS0.00656EPSS

CNNVD•added 2025/02/11 12:0 a.m.•3 views

Adobe Commerce 跨站脚本漏洞

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. A cross-site scripting vulnerability exists in Adobe Commerce, which can be exploited by an attacker to inject malicious script into vulnerable form...

8.7CVSS6.1AI score0.00656EPSS

CNNVD•added 2025/02/11 12:0 a.m.•2 views

Adobe Commerce 跨站脚本漏洞

5.4CVSS6.1AI score0.0038EPSS

CNNVD•added 2025/02/11 12:0 a.m.•2 views

Adobe Commerce 跨站脚本漏洞

Adobe Commerce is the United States of America Odobie Adobe company of a kind for merchants and brands of the world's leading digital commerce solutions. A cross-site scripting vulnerability exists in Adobe Commerce, which can be exploited by an attacker to inject malicious script into vulnerable...

8.7CVSS6AI score0.00656EPSS

CNNVD•added 2025/02/11 12:0 a.m.•3 views

Adobe Commerce 跨站脚本漏洞

8.7CVSS6.1AI score0.00656EPSS

Vulnrichment•added 2025/02/06 12:0 a.m.•8 views

CVE-2024-57427

PHPJabbers Cinema Booking System v2.0 is vulnerable to reflected cross-site scripting XSS. Multiple endpoints improperly handle user input, allowing malicious scripts to execute in a victim’s browser. Attackers can craft malicious links to steal session cookies or conduct phishing attacks...

6.1AI score0.00411EPSS

Exploits4References2

RedhatCVE•added 2025/02/05 11:4 p.m.•6 views

CVE-2022-1912

The Button Widget Smartsoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation on the smartsoftbuttonsettings page. This makes it possible for unauthenticated attackers to update the plugins settings an...

8.8CVSS6.3AI score0.00493EPSS

RedhatCVE•added 2025/02/05 6:14 p.m.•7 views

CVE-2019-25214

The ShopWP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST API routes in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to call the endpoints and perform unauthorized actions such as updating...

7.2CVSS6.8AI score0.00325EPSS

NVD•added 2025/02/05 12:15 a.m.•12 views

CVE-2024-53962

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

NVD•added 2025/02/05 12:15 a.m.•12 views

CVE-2024-53964

Cvelist•added 2025/02/04 11:40 p.m.•11 views

CVE-2024-53966 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

CVE•added 2025/02/04 11:40 p.m.•54 views

CVE-2024-53966

CVE-2024-53966 concerns Adobe Experience Manager (AEM) versions 6.5.21 and earlier, affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields. A low-privileged attacker could inject malicious scripts, which execute in a victim’s browser when they access the affected ...

5.4CVSS5.4AI score0.00368EPSS

Cvelist•added 2025/02/04 11:40 p.m.•10 views

CVE-2024-53964 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

CNNVD•added 2025/02/04 12:0 a.m.•4 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6.5AI score0.00368EPSS