CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

946 matches found

Positive Technologies•added 2026/02/20 12:0 a.m.•5 views

PT-2026-21232

Name of the Vulnerable Software and Affected Versions fox-themes Reflector versions through 1.2.2 Description The software contains a flaw due to improper neutralization of input during web page generation, which allows for Reflected Cross-site Scripting XSS. This issue impacts the Reflector...

7.1CVSS5.3AI score0.00151EPSS

Exploits0References4

NVD•added 2026/02/19 1:16 p.m.•3 views

CVE-2019-25424

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input to the EXCEPTIONSITELIST parameter. Attackers can craft POST requests to the httpsexceptions endpoint with script payloads to execut...

6.1CVSS0.0033EPSS

Exploits1References4

NVD•added 2026/02/19 1:16 p.m.•6 views

CVE-2019-25420

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the snat endpoint. Attackers can send POST requests with JavaScript payloads in the port or snattoip parameters to execute arbitrary...

6.1CVSS0.00399EPSS

Exploits1References4

OSV•added 2026/02/19 1:16 p.m.•2 views

CVE-2019-25408

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the netmaskaddr parameter. Attackers can send POST requests to the netwizard2 endpoint with script payloads in the netmaskaddr...

5.1CVSS5.9AI score

Exploits0References4

Cvelist•added 2026/02/19 12:2 p.m.•21 views

CVE-2019-25422 Comodo Dome Firewall 2.7.0 Cross-Site Scripting via vpnfw

Comodo Dome Firewall 2.7.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through the vpnfw endpoint. Attackers can submit POST requests with script payloads in the target parameter for reflected XSS or the remark parameter for stored XSS to execute...

7.2CVSS0.00348EPSS

Exploits1References4

Cvelist•added 2026/02/19 12:2 p.m.•26 views

CVE-2019-25417 Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via QoS Rules

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the protocol parameter. Attackers can send POST requests to the QoS rules management endpoint with JavaScript payloads in the protoco...

6.1CVSS0.00399EPSS

Exploits1References4

Cvelist•added 2026/02/19 12:2 p.m.•24 views

CVE-2019-25411 Comodo Dome Firewall 2.7.0 Cross-Site Scripting via DHCP

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the GATEWAYGREEN parameter. Attackers can send POST requests to the DHCP configuration endpoint with script payloads to execute arbitrary JavaScript...

6.1CVSS0.00344EPSS

Exploits1References4

Cvelist•added 2026/02/19 12:2 p.m.•22 views

CVE-2019-25410 Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via policy_routing

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through the source and destination parameters. Attackers can submit POST requests to the policy routing endpoint with script payloads in these parameters to execute...

6.1CVSS0.0034EPSS

Exploits1References4

ATTACKERKB•added 2026/02/19 12:2 p.m.•4 views

CVE-2019-25409

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the destination parameter. Attackers can send POST requests to the routing endpoint with script payloads in the destination parameter to execute...

6.1CVSS5.6AI score0.0034EPSS

Exploits1References4Affected Software1

Cvelist•added 2026/02/19 3:25 a.m.•37 views

CVE-2025-11706 Aruba HiSpeed Cache <= 3.0.2 - Reflected Cross-Site Scripting

The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the dbstatus parameter in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS0.00283EPSS

Exploits0References3

Positive Technologies•added 2026/02/19 12:0 a.m.•6 views

PT-2026-20619

The WP Customer Reviews plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpcr3 fname' parameter in all versions up to, and including, 3.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS5.8AI score0.00255EPSS

Exploits0References7

Positive Technologies•added 2026/02/19 12:0 a.m.•4 views

PT-2026-20833

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the username parameter. Attackers can send POST requests to the vpn users endpoint with script payloads in the userna...

6.1CVSS5.6AI score0.00369EPSS

Exploits1References4

Positive Technologies•added 2026/02/19 12:0 a.m.•8 views

PT-2026-20816

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. Attackers can craft requests to the /manage/ips/rules/ endpoint with script payloads in the ID parameter to execut...

6.1CVSS5.6AI score0.00384EPSS

Exploits1References4

Positive Technologies•added 2026/02/19 12:0 a.m.•2 views

PT-2026-20825

7.2CVSS5.5AI score0.00348EPSS

Exploits1References4

NVD•added 2026/02/18 3:18 p.m.•10 views

CVE-2026-1404

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the filter parameters e.g., 'filterfirstname' in all versions up to, and including, 2.11.1 due to insufficien...

6.1CVSS0.00211EPSS

Exploits1References4

Vulnrichment•added 2026/02/18 2:24 p.m.•9 views

CVE-2026-1404 Ultimate Member <= 2.11.1 - Reflected Cross-Site Scripting via Filter Parameters

6.1CVSS5.7AI score0.00211EPSS

Exploits1References4

CVE•added 2026/02/18 1:40 p.m.•12 views

CVE-2025-8308

The CVE concerns INFOREX- General Information Management System from Key Software Solutions Inc. Affected component: input handling during web page generation via HTTP headers. Root cause: improper neutralization of input leading to cross-site scripting (XSS). Publicly disclosed impact: allows XS...

6.3CVSS5.4AI score0.00152EPSS

Exploits0References2

Patchstack•added 2026/02/17 8:3 a.m.•5 views

WordPress MP-Ukagaka plugin <= 1.5.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin MP-Ukagaka versions = 1.5.2...

6.1CVSS5.4AI score0.00264EPSS

Exploits0References1Affected Software1

Tenable Nessus•added 2026/02/17 12:0 a.m.•5 views

SHARP MFPs Cross-Site Scripting (CVE-2024-47801)

Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser. This plugin only works with Tenable.ot...

7.4CVSS5.1AI score0.00338EPSS

Exploits0References4

OSV•added 2026/02/16 6:19 p.m.•2 views

CVE-2019-25384

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the portfw.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the EXT, SRCPORTSEL,...

6.1CVSS5.9AI score0.00225EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by