CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21 matches found

CVE•added 2026/04/13 12:0 a.m.•1 views

CVE-2025-63743

Snipe-IT web-based asset management system (v8.3.0–v8.3.1) is affected by an authenticated stored XSS: an attacker with login privileges can inject JavaScript via the Name/Surname fields, executed when the Activity Report or a profile is viewed if Display Name is not set. The issue is fixed in v8...

5.4CVSS5.9AI score0.0001EPSS

Exploits1References4

RedhatCVE•added 2025/05/23 2:59 a.m.•6 views

CVE-2023-1403

The Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 5.0.7. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary...

6.4CVSS5.4AI score0.00121EPSS

Exploits2References1

OSV•added 2024/02/07 5:15 a.m.•1 views

CVE-2024-0256

The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Profile Display Name and Social Settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS7.4AI score

Exploits0References2

NVD•added 2024/02/07 5:15 a.m.•9 views

CVE-2024-0256

6.4CVSS5.7AI score0.00134EPSS

Exploits0References2

OSV•added 2023/06/09 6:15 a.m.•0 views

CVE-2023-1403

5.4CVSS7.4AI score0.00121EPSS

Exploits2References2

NVD•added 2023/06/09 6:15 a.m.•13 views

CVE-2023-1403

6.4CVSS5.9AI score0.00121EPSS

Exploits2References3

Prion•added 2023/06/09 6:15 a.m.•14 views

Cross site scripting

The Weaver Show Posts Plugin for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 1.6. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitra...

4.9CVSS5AI score0.00121EPSS

Exploits2References2Affected Software1

Vulnrichment•added 2023/06/09 5:33 a.m.•19 views

CVE-2023-1403 Weaver Xtreme Theme <= 5.0.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via Display Name

6.4CVSS6.8AI score0.00121EPSS

Exploits2References3

Cvelist•added 2023/06/09 5:33 a.m.•21 views

CVE-2023-1403 Weaver Xtreme Theme <= 5.0.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via Display Name

6.4CVSS6AI score0.00121EPSS

Exploits2References3

Positive Technologies•added 2023/06/09 12:0 a.m.•6 views

PT-2023-16961 · WordPress · Weaver Show Posts Plugin

Name of the Vulnerable Software and Affected Versions: Weaver Show Posts Plugin for WordPress versions up to, and including, 1.6 Description: The issue is related to stored Cross-Site Scripting due to insufficient escaping of the profile display name. This allows authenticated attackers with...

6.4CVSS5.8AI score0.00121EPSS

Exploits2References4

WPVulnDB•added 2023/04/05 12:0 a.m.•16 views

Weaver Xtreme Theme < 6.2 - Contributor+ Stored Cross-Site Scripting

The theme does not properly escape the profile display name, leading to a stored Cross-Site Scripting vulnerability...

6.4CVSS6.1AI score0.00121EPSS

Exploits2References1Affected Software1

WPVulnDB•added 2023/04/01 12:0 a.m.•19 views

Weaver Show Posts < 1.7 - Contributor+ Stored Cross-Site Scripting

The plugin does not properly escape the profile display name, leading to stored Cross-Site Scripting vulnerabilities...

6.4CVSS6AI score0.00121EPSS

Exploits2References1Affected Software1

exploitpack•added 2018/05/10 12:0 a.m.•19 views

MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting

MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting Exploit Title: MyBB Latest Posts on Profile Plugin v1.1 - Cross-Site Scripting Date: 4/20/2018 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=914...

3.5CVSS5.4AI score0.00188EPSS

Exploits5

Packet Storm•added 2018/03/23 12:0 a.m.•18 views

MyBB Last User's Threads In Profile 1.2 Cross Site Scripting

Exploit Title: MyBB Last User's Threads in Profile Plugin v1.2 - Persistent XSS Date: 3/19/2018 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atprotonmail.com Software Link: https://community.mybb.com/mods.php?action=view&pid=910 Version: v1.2 Tested on: Ubuntu 17.10 1. Description:...

7.1AI score

Exploits0

Openbugbounty•added 2017/06/26 6:1 a.m.•14 views

ifishillinois.org XSS vulnerability

Vulnerable URL: https://www.ifishillinois.org/profiles/displaylake.php?waternum=1/-///'/"//--...

6.9AI score

Exploits0

Packet Storm•added 2012/10/11 12:0 a.m.•22 views

LAN Messenger 1.2.28 Cross Site Scripting

Title: ====== LAN Messenger v1.2.28 - Persistent Software Vulnerability Date: ===== 2012-05-16 References: =========== http://www.vulnerability-lab.com/getcontent.php?id= VL-ID: ===== 541 Common Vulnerability Scoring System: ==================================== 7.5 Introduction: ============= LAN...

7.4AI score

Exploits0

Vulnerability Lab•added 2012/05/16 12:0 a.m.•71 views

LAN Messenger v1.2.28 - Persistent Software Vulnerability

Document Title: =============== LAN Messenger v1.2.28 - Persistent Software Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id= Release Date: ============= 2012-05-16 Vulnerability Laboratory ID VL-ID: ==================================== 541...

7.1AI score

Exploits0

0day.today•added 2012/05/16 12:0 a.m.•25 views

LAN Messenger v1.2.28 - Persistent Software Vulnerability

Exploit for windows platform in category local exploits Title: ====== LAN Messenger v1.2.28 - Persistent Software Vulnerability Common Vulnerability Scoring System: ==================================== 7.5 Introduction: ============= LAN Messenger is a free and open source cross-platform instant...

6.8AI score

Exploits0

Vulnerability Lab•added 2012/05/16 12:0 a.m.•9 views

LAN Messenger v1.2.28 - Persistent Software Vulnerability

0.1AI score

Exploits0

Prion•added 2011/12/15 3:57 a.m.•19 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the user profile feature in Atlassian FishEye before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via 1 snippets in a user comment, which is not properly handled in a Confluence page, or 2 the user profile display name,...

4.3CVSS6AI score0.00468EPSS

Exploits0References9Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by