CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/05/22 3:44 p.m.•16 views

CVE-2020-9419

Multiple stored cross-site scripting XSS vulnerabilities in Arcadyan Wifi routers VRV9506JAC23 allow remote attackers to inject arbitrary web script or HTML via the hostName and domainname parameters present in the LAN configuration section of the administrative dashboard...

5.4CVSS5.7AI score0.0048EPSS

RedhatCVE•added 2025/05/22 3:28 p.m.•14 views

CVE-2020-29456

Multiple cross-site scripting XSS vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. The payload can be in a folder, a tag, or a document's filename. If email consumption is configured in...

6.1CVSS5.6AI score0.01527EPSS

Exploits0

RedhatCVE•added 2025/05/22 3:28 p.m.•7 views

CVE-2020-29315

ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML...

5.4CVSS5.9AI score0.01018EPSS

Exploits1

RedhatCVE•added 2025/05/22 3:23 p.m.•7 views

CVE-2020-26701

Cross-site scripting XSS vulnerability in Dashboards section in Kaa IoT Platform v1.2.0 allows remote attackers to inject malicious web scripts or HTML Injection payloads via the Description parameter...

5.4CVSS6.2AI score0.00903EPSS

RedhatCVE•added 2025/05/22 3:14 p.m.•8 views

CVE-2020-14959

Multiple XSS vulnerabilities in the Easy Testimonials plugin before 3.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the wp-admin/post.php Client Name, Position, Web Address, Other, Location Reviewed, Product Reviewed, Item Reviewed, or Rating parameter...

5.4CVSS6.3AI score0.00892EPSS

RedhatCVE•added 2025/05/22 3:14 p.m.•5 views

CVE-2020-14962

Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before 3.4.19 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Title aka imageTitle or Caption aka description field of an image to wp-admin/admin-ajax.php...

5.4CVSS6.2AI score0.00892EPSS

RedhatCVE•added 2025/05/22 3:9 p.m.•5 views

CVE-2020-12706

Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the go parameter to faq/faqadmin.php or shoutboxpanel/shoutboxadmin.php...

5.4CVSS6.6AI score0.02897EPSS

RedhatCVE•added 2025/05/22 3:9 p.m.•8 views

CVE-2020-11727

A cross-site scripting XSS vulnerability in the AlgolPlus Advanced Order Export For WooCommerce plugin 3.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the view/settings-form.php woeposttype parameter...

6.1CVSS5.5AI score0.01955EPSS

Exploits4References1

RedhatCVE•added 2025/05/22 1:54 p.m.•4 views

CVE-2014-3974

Cross-site scripting XSS vulnerability in filemanager.php in AuraCMS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the viewdir parameter...

4.3CVSS5.9AI score0.03232EPSS

RedhatCVE•added 2025/05/22 1:46 p.m.•6 views

CVE-2014-9241

Multiple cross-site scripting XSS vulnerabilities in MyBB aka MyBulletinBoard 1.8.x before 1.8.2 allow remote attackers to inject arbitrary web script or HTML via the 1 type parameter to report.php, 2 signature parameter in a doeditsig action to usercp.php, or 3 title parameter in the...

4.3CVSS6AI score0.03428EPSS

RedhatCVE•added 2025/05/22 1:46 p.m.•9 views

CVE-2014-9434

Cross-site scripting XSS vulnerability in admin/managerrelated.php in the administrative backend in Absolut Engine 1.73 allows remote authenticated users to inject arbitrary web script or HTML via the title parameter...

3.5CVSS5.5AI score0.01564EPSS

RedhatCVE•added 2025/05/22 1:46 p.m.•4 views

CVE-2014-9364

Cross-site scripting XSS vulnerability in the Unified Login form in the LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.00931EPSS

RedhatCVE•added 2025/05/22 1:44 p.m.•9 views

CVE-2014-9741

Multiple cross-site scripting XSS vulnerabilities in ESRI ArcGIS for Desktop, ArcGIS for Engine, and ArcGIS for Server 10.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6.1AI score0.01801EPSS

RedhatCVE•added 2025/05/22 1:40 p.m.•11 views

CVE-2014-2231

Cross-site scripting XSS vulnerability in the API in synetics i-doit pro before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via a property title...

4.3CVSS5.8AI score0.00931EPSS

RedhatCVE•added 2025/05/22 1:36 p.m.•9 views

CVE-2014-4742

Cross-site scripting XSS vulnerability in system/classlink.php in the System module modulesystem in Kajona before 4.5 allows remote attackers to inject arbitrary web script or HTML via the systemid parameter in a mediaFolder action to index.php...

4.3CVSS5.9AI score0.01914EPSS

RedhatCVE•added 2025/05/22 1:32 p.m.•4 views

CVE-2014-8307

Multiple cross-site scripting XSS vulnerabilities in skins/default/outline.tpl in C97net Cart Engine before 4.0 allow remote attackers to inject arbitrary web script or HTML via the 1 path parameter in the "drop down TOP menu with path" section or 2 printthispage variable in the footercontentbloc...

4.3CVSS6AI score0.01489EPSS

RedhatCVE•added 2025/05/22 12:42 p.m.•6 views

CVE-2010-3012

Cross-site scripting XSS vulnerability in HP System Management Homepage SMH before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue was originally assigned CVE-2010-3010 due to a CNA error...

4.3CVSS5.7AI score0.01728EPSS