CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

45 matches found

GithubExploit•added 2026/02/06 8:43 a.m.•127 views

XSS-Lab-Handson-3-TI-WEB2

Nama : Ronald Saut Manurung NIM : 2481022 Prodi : Tekni...

5.2AI score

Exploits0

NVD•added 2025/12/15 9:15 p.m.•2 views

CVE-2023-53887

Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser...

5.4CVSS0.00024EPSS

Exploits1References3

Cvelist•added 2025/12/15 8:28 p.m.•22 views

CVE-2023-53887 Zomplog 3.9 Cross-Site Scripting Vulnerability via Page Creation

5.1CVSS0.00024EPSS

Exploits1References3

Vulnrichment•added 2025/12/15 8:28 p.m.•3 views

CVE-2023-53887 Zomplog 3.9 Cross-Site Scripting Vulnerability via Page Creation

5.1CVSS6.1AI score0.00024EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2019-19147

Malware in sbrugna...

7.8CVSS7.7AI score0.01462EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-10262

Malware in sbrugna...

6.1CVSS6.3AI score0.0024EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-4529

Malware in sbrugna...

5.4CVSS5.6AI score0.02887EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-5215

Malware in sbrugna...

5.4CVSS5.5AI score0.00206EPSS

Exploits1References3

Tenable Nessus•added 2025/08/27 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2025-30349

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail...

7.2CVSS5.3AI score0.40309EPSS

Exploits0References3

CVE•added 2025/07/25 12:0 a.m.•20 views

CVE-2025-46198

CVE-2025-46198 affects Grav CMS versions 1.7.46–1.7.48. The vulnerability is a Cross-Site Scripting flaw that allows an attacker to execute arbitrary code through the onerror attribute of the img element. Root cause is an unvalidated onerror attribute, enabling script execution in contexts honori...

8.8CVSS7AI score0.00684EPSS

Exploits1References2Affected Software1

RedhatCVE•added 2025/05/22 8:27 a.m.•3 views

CVE-2019-13948

SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element...

5.4CVSS5.8AI score0.00206EPSS

Exploits1References1

SUSE CVE•added 2025/04/11 9:54 a.m.•1 views

SUSE CVE-2013-1086

Cross-site scripting XSS vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute...

4.3CVSS6AI score0.00677EPSS

Exploits0References4

OSV•added 2025/03/21 5:15 p.m.•1 views

DEBIAN-CVE-2025-30349

Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute that may use base64-encoded JavaScript code, as exploited in the wild in March 2025...

7.2CVSS5.1AI score0.40309EPSS

Exploits0References1

SUSE CVE•added 2023/02/15 4:26 a.m.•2 views

SUSE CVE-2018-13065

ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured...

6.1CVSS6.2AI score0.00284EPSS

Exploits3References3

NVD•added 2022/12/26 2:15 a.m.•9 views

CVE-2022-37307

OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature...

6.1CVSS0.01122EPSS

Exploits2References2

CNNVD•added 2022/10/12 12:0 a.m.•1 views

Zimbra Collaboration Suite 跨站脚本漏洞

Synacor Zimbra Collaboration Suite ZCS is an open source collaboration suite from Synacor, USA. The product includes WebMail, Calendar, Address Book and more. A cross-site scripting vulnerability exists in Zimbra Collaboration Suite version 9.0.0, which stems from the lack of effective filtering...

6.1CVSS6AI score0.01073EPSS

Exploits0References3

Github Security Blog•added 2022/06/12 12:0 a.m.•27 views

Cross site scripting in intelliants/subrion

An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting XSS vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute...

5.4CVSS0.8AI score0.00206EPSS

Exploits1References3Affected Software1

Prion•added 2022/06/11 2:15 p.m.•6 views

Cross site scripting

3.5CVSS5.3AI score0.00206EPSS

Exploits1References1Affected Software1

CNNVD•added 2022/06/11 12:0 a.m.•1 views

Subrion CMS 跨站脚本漏洞

Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into websites and supports a variety of extensions plugins and more. A security vulnerability exists in Subrion CMS version v4.2.1 that stems from the presence of a stored cross-site...

5.4CVSS5.7AI score0.00206EPSS

Exploits1References2

CNNVD•added 2021/05/25 12:0 a.m.•1 views

postbird 跨站脚本漏洞

postbird is a software application. for a cross-platform PostgreSQL GUI client written in JavaScript that runs with Electron. A cross-site scripting vulnerability exists in Postbird version 0.8.4, which stems from allowing XSS to be stored via the onerror attribute of the IMG element of any...

5.4CVSS5.3AI score0.00689EPSS

Exploits4References12

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by