CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2025-18936

Malicious code in bioql PyPI...

4.3CVSS6.5AI score0.00132EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2023-28617

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00428EPSS

Exploits0References2

CVE•added 2025/06/20 3:4 p.m.•19 views

CVE-2025-49968

CVE-2025-49968 affects WordPress XML Travel Portal Widget (XML Travel Portal Widget) with CSRF in versions n/a through 2.0. Root cause: Cross-Site Request Forgery (CSRF) in the widget. Affected product/version details are provided, but no exploit specifics are documented in the connected sources....

4.3CVSS5.9AI score0.00132EPSS

Exploits0References1

Vulnrichment•added 2025/06/20 3:4 p.m.•6 views

CVE-2025-49968 WordPress XML Travel Portal Widget plugin <= 2.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Oganro XML Travel Portal Widget oganro-reservation-widget allows Cross Site Request Forgery.This issue affects XML Travel Portal Widget: from n/a through = 2.0...

4.3CVSS5.1AI score0.00132EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 3:22 a.m.•9 views

CVE-2023-24602

OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title...

6.1CVSS5.8AI score0.00428EPSS

Exploits0References1

NVD•added 2023/08/02 1:15 p.m.•18 views

CVE-2023-26447

The "upsell" widget for the portal allows to specify a product description. This description taken from a user-controllable jslob did not get escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering...

5.4CVSS5.5AI score0.00558EPSS

Exploits0References4

NVD•added 2023/05/29 3:15 a.m.•17 views

CVE-2023-24602

OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title...

6.1CVSS6AI score0.00428EPSS

Exploits0References2

OSV•added 2023/05/29 3:15 a.m.•16 views

CVE-2023-24602

OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title...

6.1CVSS5.9AI score

Exploits0References2

Prion•added 2023/05/29 3:15 a.m.•16 views

Cross site scripting

OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title...

5.8CVSS5.9AI score0.00428EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2023/05/29 12:0 a.m.•5 views

PT-2023-19704 · Open Xchange · Ox App Suite

Name of the Vulnerable Software and Affected Versions: OX App Suite versions prior to 7.10.6-rev24 Description: The issue allows for XSS via data to the Tumblr portal widget, such as a post title. Recommendations: For versions prior to 7.10.6-rev24, update to version 7.10.6-rev24 or later to...

6.1CVSS6AI score0.00428EPSS

Exploits0References5

Cvelist•added 2023/05/29 12:0 a.m.•21 views

CVE-2023-24602

OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title...

6.1AI score0.00428EPSS

Exploits0References2

Vulnrichment•added 2023/05/29 12:0 a.m.•7 views

CVE-2023-24602

OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title...

5.8AI score0.00428EPSS

Exploits0References2

CVE•added 2023/05/29 12:0 a.m.•56 views

CVE-2023-24602

Open-Xchange OX App Suite prior to frontend 7.10.6-rev24 is affected by CVE-2023-24602, a cross-site scripting (XSS) vulnerability in the Tumblr portal widget that could affect data such as a post title. The issue is documented across multiple sources, with remediation guidance indicating to upgr...

6.1CVSS5.9AI score0.00428EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by