CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

OSV•added 2025/10/27 6:15 a.m.•0 views

CVE-2025-12229

A security flaw has been discovered in projectworlds Expense Management System 1.0. This affects an unknown function of the file /public/admin/roles/create of the component Roles Page. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit has been...

4.8CVSS4AI score0.00034EPSS

Exploits1References4

CVE•added 2025/10/27 5:32 a.m.•5 views

CVE-2025-12229

Projectworlds Expense Management System 1.0 is reportedly vulnerable to cross-site scripting via the /public/admin/roles/create function in the Roles Page. Affected component is the Roles Page, with the root cause described as manipulation of an unknown function in that file. The vulnerability en...

4.8CVSS2.9AI score0.00034EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2025/10/27 12:0 a.m.•2 views

PT-2025-43885

Name of the Vulnerable Software and Affected Versions projectworlds Expense Management System version 1.0 Description A weakness exists in projectworlds Expense Management System version 1.0 that allows for cross site scripting. The issue impacts an unknown function within the Currency Page...

4.8CVSS5AI score0.00034EPSS

Exploits1References7

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2025-26698

Malicious code in bioql PyPI...

9.8CVSS6.4AI score0.00061EPSS

Exploits0References1

Veracode•added 2025/08/20 6:34 a.m.•2 views

Reflected Cross Site Scripting (XSS)

microweber/microweber is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to improper validation of the layout parameter on the /admin/page/create page, which allows arbitrary JavaScript execution in the context of authenticated admin users...

6.1CVSS6.5AI score0.00218EPSS

Exploits1References5Affected Software1

Snyk•added 2025/08/01 6:31 p.m.•2 views

Cross-site Scripting (XSS)

Overview microweber/microweber is a new generation CMS with drag and drop. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the layout parameter on the /admin/page/create page. An attacker can execute arbitrary JavaScript in the context of authenticated admin users...

6.1CVSS5.4AI score0.00218EPSS

Exploits1References2

OSV•added 2025/08/01 5:15 p.m.•3 views

CVE-2025-51502

Reflected Cross-Site Scripting XSS in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users...

6.1CVSS6.1AI score0.00218EPSS

Exploits1References3

CNNVD•added 2025/08/01 12:0 a.m.•2 views

Microweber CMS 安全漏洞

Microweber CMS is a drag-and-drop website builder from Microweber Open Source. A security vulnerability exists in Microweber CMS version 2.0, which stems from reflected cross-site scripting in the layout parameter in the /admin/page/create page, which could lead to arbitrary JavaScript execution...

6.1CVSS6AI score0.00218EPSS

Exploits1References4

NVD•added 2023/12/07 7:15 a.m.•8 views

CVE-2023-48824

BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the title, subtitle, footer, or keywords parameter in a page=create action...

5.4CVSS0.00193EPSS

Exploits2References1

Prion•added 2023/12/07 7:15 a.m.•10 views

Cross site scripting

BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the title, subtitle, footer, or keywords parameter in a page=create action...

4.9CVSS5.9AI score0.00193EPSS

Exploits2References1Affected Software1

Cvelist•added 2023/12/07 12:0 a.m.•14 views

CVE-2023-48824

BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the title, subtitle, footer, or keywords parameter in a page=create action...

5.5AI score0.00193EPSS

Exploits2References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by