CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

137 matches found

Cvelist•added 2026/06/02 2:7 p.m.•34 views

CVE-2026-7299 CVE-2026-7299

Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other...

6.3CVSS0.0004EPSS

Exploits2References5

Vulnrichment•added 2026/05/27 5:4 p.m.•11 views

CVE-2026-46426 Budibase: Unrestricted Upload of File with Dangerous Type

Budibase is an open-source low-code platform. Prior to 3.38.2, the file upload endpoint POST /api/attachments/process does not enforce active-content restrictions for authenticated users. The checks for dangerous file extensions are conditionally wrapped inside if isPublicUser or if isPublicUser ...

7.6CVSS5.8AI score0.00033EPSS

Exploits0References2

Cvelist•added 2026/05/16 3:25 p.m.•34 views

CVE-2020-37233 WordPress Plugin Buddypress 6.2.0 Persistent Cross-Site Scripting

WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers with moderator privileges to inject malicious script code through the figure parameter in wp:html blocks. Attackers can inject iframe elements with event handlers like...

6.4CVSS0.00032EPSS

Exploits0References3

EUVD•added 2026/05/16 3:25 p.m.•5 views

EUVD-2020-31235

6.4CVSS5.8AI score0.00032EPSS

Exploits0References3

CVE•added 2026/05/15 6:36 p.m.•13 views

CVE-2021-47963

CVE-2021-47963 affects Anote 1.0 and describes a persistent cross-site scripting vulnerability in which attackers can inject malicious payloads into markdown files stored by the application. When a crafted markdown file containing embedded JavaScript is opened, it can execute system commands on t...

7.2CVSS6.5AI score0.00027EPSS

Exploits0References3

Vulnrichment•added 2026/05/15 6:36 p.m.•8 views

CVE-2021-47962 Savsoft Quiz 5.0 Persistent Cross-Site Scripting via User Settings

Savsoft Quiz 5.0 contains a persistent cross-site scripting vulnerability in the user account settings page that allows authenticated attackers to inject malicious HTML and JavaScript code. Attackers can inject script payloads into user profile fields at the edituser endpoint, which execute in th...

6.4CVSS5.7AI score0.00034EPSS

Exploits0References4

NVD•added 2026/05/13 4:16 p.m.•7 views

CVE-2020-37222

Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoint. Attackers can send POST requests to /web/?c=bbs&a=reply with HTML and JavaScript payloads in t...

7.2CVSS0.001EPSS

Exploits0References4

CVE•added 2026/05/13 2:22 p.m.•8 views

CVE-2020-37225

Powie’s WHOIS Domain Check 0.9.31 has a persistent cross-site scripting (XSS) vulnerability in pwhois_settings.php, exploitable by authenticated attackers via unsanitized input in plugin settings (textarea/input fields). This can execute JavaScript in the admin context and may enable privilege es...

6.4CVSS5.9AI score0.00036EPSS

Exploits0References5

Vulnrichment•added 2026/05/13 2:22 p.m.•7 views

CVE-2020-37222 Kuicms Php EE 2.0 Persistent Cross-Site Scripting via bbs reply

7.2CVSS5.9AI score0.001EPSS

Exploits0References4

Cvelist•added 2026/05/10 12:52 p.m.•34 views

CVE-2021-47950 Advanced Guestbook 2.4.4 Persistent XSS via Smilies

Advanced Guestbook 2.4.4 contains a persistent cross-site scripting vulnerability in the smilies administration interface that allows authenticated attackers to inject malicious scripts by manipulating the semotion parameter. Attackers can submit POST requests to admin.php with JavaScript code in...

6.4CVSS0.00037EPSS

Exploits0References3

Vulnrichment•added 2026/04/29 7:24 p.m.•0 views

CVE-2018-25309 MyBB Recent threads 17.0 Persistent Cross-Site Scripting

MyBB Recent threads 17.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating threads with crafted subject lines. Attackers can create threads with script tags in the subject parameter to execute arbitrary JavaScript in the browser...

7.2CVSS5.3AI score0.00028EPSS

Exploits1References3

Vulnrichment•added 2026/03/15 6:34 p.m.•1 views

CVE-2015-20113 RealtyScript 4.0.2 Multiple Cross-Site Request Forgery and Persistent Cross-Site Scripting Vulnerabilities

Next Click Ventures RealtyScript 4.0.2 contains cross-site request forgery and persistent cross-site scripting vulnerabilities that allow attackers to perform administrative actions and inject malicious scripts. Attackers can craft malicious web pages that execute unauthorized actions when...

6.9CVSS5.7AI score0.00039EPSS

Exploits2References3

CVE•added 2026/03/15 6:34 p.m.•6 views

CVE-2013-20006

Qool CMS (notably version 2.0 RC2 per ZSL report) contains multiple persistent cross-site scripting vulnerabilities in administrative scripts. POST parameters such as title, name, email, username, link, and task are not properly sanitized before storage and return, allowing injected JavaScript to...

8.7CVSS5.9AI score0.00069EPSS

Exploits1References3

NVD•added 2026/02/06 5:16 p.m.•6 views

CVE-2019-25294

html5snmp 1.11 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through the 'Remark' parameter in addrouteroperation.php. Attackers can craft a POST request with a script payload in the Remark field to execute arbitrary JavaScript in victi...

6.1CVSS0.00044EPSS

Exploits1References3

CVE•added 2026/02/06 4:41 p.m.•7 views

CVE-2019-25294

The vulnerability (CVE-2019-25294) affects html5_snmp 1.11. A persistent cross-site scripting flaw exists in add_router_operation.php via the Remark parameter. An attacker can send a crafted POST request containing a script payload in Remark, causing arbitrary JavaScript to execute in a victim’s ...

6.4CVSS5.4AI score0.00044EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/02/03 10:9 p.m.•23 views

CVE-2020-37087 Easy Transfer 1.7 for iOS - Persistent Cross-Site Scripting

Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts by manipulating the oldPath, newPath, and path parameters in Create Folder and Move/Edit functions. Attackers can exploit improper input...

5.1CVSS0.00293EPSS

Exploits0References4

Cvelist•added 2026/02/03 4:52 p.m.•33 views

CVE-2020-37103 DotNetNuke 9.5 - Persistent Cross-Site Scripting

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially...

6.4CVSS0.00082EPSS

Exploits1References4

Cvelist•added 2026/02/03 4:52 p.m.•28 views

CVE-2019-25264 Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Scripting

Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that allows authorized users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags to execute arbitrary JavaScript when the accessory is viewed by other users...

6.4CVSS0.00055EPSS

Exploits0References4

ATTACKERKB•added 2026/02/01 12:15 p.m.•4 views

CVE-2022-50797

Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site scripting vulnerability allowing remote attackers to inject malicious scripts in button label fields. Attackers can exploit input parameters to execute arbitrary scripts, potentially leading to session hijacking and...

6.4CVSS6.1AI score0.00039EPSS

Exploits0References3Affected Software1

ATTACKERKB•added 2026/01/30 4:16 p.m.•5 views

CVE-2020-37022

OpenZ ERP 3.6.60 contains a persistent cross-site scripting vulnerability in the Employee module's name and description parameters. Attackers can inject malicious scripts through POST requests to , enabling session hijacking and manipulation of application modules...

6.4CVSS5.8AI score0.00059EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by