CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

48 matches found

CVE-2026-12580

CVE-2026-12580 affects Digiwin EasyFlow .NET. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw that permits authenticated remote attackers to inject persistent JavaScript code which executes in users’ browsers when a page loads. Impact is described as allowing the attacker to cause u...

5.4CVSS6AI score

Exploits0References2

RedhatCVE•added 2026/06/05 7:34 p.m.•7 views

CVE-2026-10058

ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load...

4.8CVSS5.5AI score0.00187EPSS

Exploits0References1

EUVD•added 2026/05/29 8:37 a.m.•14 views

EUVD-2026-33268

4.8CVSS5.8AI score0.00187EPSS

Exploits0References2

CVE•added 2026/05/29 8:34 a.m.•17 views

CVE-2026-10057

CVE-2026-10057 affects the ITS Intelligent SCADA System from ITP Technology. The vulnerability is a Stored Cross-Site Scripting (XSS) issue that lets privileged remote attackers inject persistent JavaScript that runs in users’ browsers when a page loads. The available documents confirm the affect...

4.8CVSS5.8AI score0.00187EPSS

Exploits0References2

EUVD•added 2026/05/29 8:34 a.m.•14 views

EUVD-2026-33267

4.8CVSS5.8AI score0.00187EPSS

Exploits0References2

Cvelist•added 2026/05/29 8:34 a.m.•32 views

CVE-2026-10057 ITP Technology｜ITS Intelligent SCADA System - Stored Cross-Site Scripting

4.8CVSS0.00187EPSS

Exploits0References2

Positive Technologies•added 2026/05/29 12:0 a.m.•8 views

PT-2026-44763

4.8CVSS5.8AI score0.00187EPSS

Exploits0References3

CNNVD•added 2026/05/29 12:0 a.m.•7 views

ITP ITS Intelligent SCADA System 跨站脚本漏洞

ITP ITS Intelligent SCADA System is an industrial automation monitoring and data acquisition platform developed by ITP, a company from Taiwan, China. The ITP ITS Intelligent SCADA System has a cross-site scripting vulnerability, which stems from stored-xss scripts. This vulnerability may allow...

4.8CVSS5.7AI score0.00187EPSS

Exploits0References2

Positive Technologies•added 2026/05/20 12:0 a.m.•10 views

PT-2026-42264

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web configuration interface that allows authenticated attackers to execute persistent JavaScript by fragmenting malicious payloads across multiple administrative form fields...

8.4CVSS5.9AI score0.00441EPSS

Exploits0References3

NVD•added 2026/04/01 10:16 p.m.•5 views

CVE-2026-34571

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, a Stored Cross-Site Scripting Stored XSS vulnerability exists in the backend user management functionality. The application fail...

9.9CVSS0.00393EPSS

Exploits1References2

Vulnrichment•added 2026/04/01 8:41 p.m.•4 views

CVE-2026-34530 File Browser is vulnerable to Stored Cross-Site Scripting via text/template branding injection

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the SPA index page in File Browser is vulnerable to Stored Cross-Site Scripting XSS via admin-controlled branding fields. An admin who...

6.9CVSS5.8AI score0.00356EPSS

Exploits1References2

ATTACKERKB•added 2026/02/28 9:47 p.m.•4 views

CVE-2026-28561

wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows administrators to inject persistent JavaScript via forum description fields echoed without output escaping across multiple theme template files. On multisite installations or with a compromised admin account,...

5.5CVSS5.8AI score0.00227EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2026/02/28 12:0 a.m.•6 views

PT-2026-22482

Name of the Vulnerable Software and Affected Versions wpForo Forum version 2.4.14 Description The software contains a stored cross-site scripting issue. This allows administrators to inject persistent JavaScript through forum description fields. The injected script executes when any user views th...

5.5CVSS5.8AI score0.00227EPSS

Exploits0References6

Positive Technologies•added 2026/02/20 12:0 a.m.•5 views

PT-2026-21341

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 21.0 AVideo version 18.0 Description AVideo allows Markdown in video comments and uses Parsedown v1.7.4 without Safe Mode enabled. Markdown links are not sufficiently sanitized, allowing javascript: URIs to be rendered...

5.1CVSS5.3AI score0.00229EPSS

Exploits0References11

RedhatCVE•added 2026/02/11 7:30 a.m.•3 views

CVE-2026-2099

AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load...

5.4CVSS5.5AI score0.00165EPSS

Exploits0References1

Vulnrichment•added 2026/02/10 7:9 a.m.•4 views

CVE-2026-2099 Flowring｜AgentFlow - Stored Cross-Site Scripting

5.4CVSS5.5AI score0.00165EPSS

Exploits0References2

CNNVD•added 2026/02/10 12:0 a.m.•3 views

Flowring Agentflow 跨站脚本漏洞

Flowring Agentflow is an intelligent process automation RPA platform developed by Flowring Corporation in China. Flowring Agentflow has a cross-site scripting vulnerability. This vulnerability stems from stored-xss scripts, which may allow authenticated remote attackers to inject persistent...

5.4CVSS5.7AI score0.00165EPSS

Exploits0References2

Positive Technologies•added 2026/02/10 12:0 a.m.•6 views

PT-2026-7239

5.4CVSS5.5AI score0.00165EPSS

Exploits0References3

EUVD•added 2026/02/04 12:0 a.m.•4 views

EUVD-2025-206812

A stored cross-site scripting XSS vulnerability exists in the web management interface of the PPC Belden ONT 2K05X router running firmware v1.1.9206L. The Common Gateway Interface CGI component improperly handles user-supplied input, allowing a remote, unauthenticated attacker to inject arbitrary...

6.1CVSS5.2AI score0.0038EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 10:54 a.m.•9 views

CVE-2022-23051

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svgfile' parameter...

5.4CVSS6.8AI score0.00516EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by