CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

39 matches found

RedhatCVE•added 2026/06/07 8:59 a.m.•15 views

CVE-2026-7795

The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the chat shortcode 'num' parameter in all versions up to, and including, 4.38. This is due to insufficient escaping when embedding user-supplied shortcode attribute values inside JavaScript string...

6.4CVSS5.8AI score0.00288EPSS

Exploits0References1

NVD•added 2026/06/06 4:17 a.m.•15 views

CVE-2026-7795

6.4CVSS0.00288EPSS

Exploits0References11

CVE•added 2026/06/06 2:28 a.m.•23 views

CVE-2026-7795

The CVE covers the WordPress plugin Click to Chat – WA Widget. Affected component: the [chat] shortcode, parameter num. Root cause: insufficient escaping of user-supplied shortcode attributes inside a JavaScript string that ends up in an HTML onclick attribute; esc_attr() converts quotes to ', wh...

6.4CVSS5.8AI score0.00288EPSS

Exploits0References11

Cvelist•added 2026/06/06 2:28 a.m.•41 views

CVE-2026-7795 Click to Chat <= 4.39 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'num' Shortcode Parameter

6.4CVSS0.00288EPSS

Exploits0References11

ATTACKERKB•added 2026/06/06 2:28 a.m.•5 views

CVE-2026-7795

6.4CVSS5.8AI score0.00288EPSS

Exploits0References12

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2002-0944

Malware in sbrugna...

7.5CVSS6AI score0.0855EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2012-2721

Malware in sbrugna...

4.3CVSS6.2AI score0.02863EPSS

Exploits1References9

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2011-4834

Malware in sbrugna...

4.3CVSS6.1AI score0.02108EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2017-3197

Malware in sbrugna...

9.8CVSS9.5AI score0.01454EPSS

Exploits1References2

RedhatCVE•added 2025/05/23 9:1 a.m.•3 views

CVE-2024-37622

Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting XSS vulnerability via the num parameter at /flow/flow.php...

6.1CVSS5.8AI score0.0027EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 3:21 a.m.•5 views

CVE-2012-2741

Cross-site scripting XSS vulnerability in publichtml/lists/admin/ in phpList before 2.10.18 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a reconcileusers action...

4.3CVSS5.8AI score0.02863EPSS

Exploits1References1

NVD•added 2024/06/17 2:15 p.m.•13 views

CVE-2024-37622

Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting XSS vulnerability via the num parameter at /flow/flow.php...

6.1CVSS0.0027EPSS

Exploits1References1

OSV•added 2024/06/17 2:15 p.m.•3 views

CVE-2024-37622

Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting XSS vulnerability via the num parameter at /flow/flow.php...

6.1CVSS5.7AI score0.0027EPSS

Exploits1References1

Vulnrichment•added 2024/06/17 12:0 a.m.•14 views

CVE-2024-37622

Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting XSS vulnerability via the num parameter at /flow/flow.php...

6.3AI score0.0027EPSS

Exploits1References1

Positive Technologies•added 2024/06/17 12:0 a.m.•3 views

PT-2024-27679 · Unknown · Xinhu Rockoa

Name of the Vulnerable Software and Affected Versions: Xinhu RockOA version 2.6.3 Description: A reflected cross-site scripting XSS issue was found in Xinhu RockOA via the num parameter at the "/flow/flow.php" endpoint. Recommendations: For version 2.6.3, avoid using the num parameter in the...

6.1CVSS5.6AI score0.0027EPSS

Exploits1References3

CNNVD•added 2024/06/17 12:0 a.m.•3 views

RockOA Cross-Site Scripting Vulnerability

RockOA Xinhu is an open source office OA system. A cross-site scripting vulnerability exists in Xinhu RockOA v2.6.3, which originates from a cross-site scripting vulnerability in the num parameter on /flow/flow.php...

6.1CVSS6.2AI score0.0027EPSS

Exploits1References2

Cvelist•added 2024/06/17 12:0 a.m.•23 views

CVE-2024-37622

Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting XSS vulnerability via the num parameter at /flow/flow.php...

0.0027EPSS

Exploits1References1

CVE•added 2024/06/17 12:0 a.m.•48 views

CVE-2024-37622

Xinhu RockOA v2.6.3 has a reflected XSS vulnerability in the num parameter of /flow/flow.php. The issue is confirmed across multiple sources: Xinhu RockOA v2.6.3, with potential impact to users via an attacker-supplied input reflected in the page. Remediation guidance found in PT-2024-27679 recom...

6.1CVSS6.2AI score0.0027EPSS

Exploits1References1Affected Software1

OSV•added 2024/02/01 11:15 p.m.•2 views

CVE-2024-23032

Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL...

6.1CVSS6AI score0.00458EPSS

Exploits1References1

Positive Technologies•added 2024/02/01 12:0 a.m.•4 views

PT-2024-19640 · Eyoucms · Eyoucms

Name of the Vulnerable Software and Affected Versions: eyoucms version 1.6.5 Description: The issue is related to a Cross Site Scripting vulnerability in the num parameter, allowing a remote attacker to run arbitrary code via a crafted URL. Recommendations: For eyoucms version 1.6.5, consider...

6.1CVSS6.2AI score0.00458EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by