CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3 matches found

Vulnrichment•added 2026/03/04 1:55 a.m.•1 views

CVE-2026-3244 Concrete CMS below version 9.4.8 is vulnerable to Stored XSS in Search Results via Page Names

In Concrete CMS below version 9.4.8, A stored cross-site scripting XSS vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search results. This allows authenticated, rogue administrators to inject malicious JavaScript through page nam...

4.8CVSS5.8AI score0.00011EPSS

Exploits1References2

RedhatCVE•added 2025/12/24 7:36 p.m.•2 views

CVE-2021-47733

CMSimple 5.4 contains a cross-site scripting vulnerability that allows attackers to bypass input filtering by using HTML to Unicode encoding. Attackers can inject malicious scripts by encoding payloads like '-alert1// and execute arbitrary JavaScript when victims interact with delete buttons...

6.1CVSS6.4AI score0.00025EPSS

Exploits1References1

CNNVD•added 2023/12/08 12:0 a.m.•1 views

Qualys Web Application Cross-Site Scripting Vulnerability

Qualys Web Application is a web application from Qualys, Inc. A cross-site scripting vulnerability exists in Qualys Web Application versions prior to 10.24.0.0, which arises from a lack of HTML coding when presenting logging information to a user, allowing a user with login access to the...

5.7CVSS5.1AI score0.0055EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by