CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/06/09 4:49 p.m.•9 views

CVE-2026-47980

Adobe Experience Manager (AEM) versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored XSS vulnerability. The issue allows a low-privileged attacker to inject malicious scripts into vulnerable form fields, with execution of JavaScript when a user visits the page containing the vuln...

5.4CVSS5.5AI score0.00224EPSS

CVE•added 2026/06/09 4:48 p.m.•14 views

CVE-2026-47977

Adobe Experience Manager versions 6.5.24, LTS SP1, and 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability. A low-privileged attacker can inject malicious scripts into vulnerable form fields, with malicious JavaScript potentially executed in a victim’s browser wh...

5.4CVSS5.5AI score0.00224EPSS

CVE•added 2026/06/09 4:48 p.m.•10 views

CVE-2026-47951

Adobe Experience Manager (AEM) on versions 6.5.24, LTS SP1, 2026.04 and earlier is affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields. A low-privileged attacker can inject malicious scripts that are executed in the victim’s browser when visiting a page contain...

5.4CVSS5.5AI score0.00224EPSS

Cvelist•added 2026/06/09 4:48 p.m.•28 views

CVE-2026-47970 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS0.00307EPSS

CVE•added 2026/06/09 4:48 p.m.•10 views

CVE-2026-47970

Adobe Experience Manager (AEM) versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability. A low-privileged attacker can abuse vulnerable form fields to inject malicious scripts, which may execute in a victim’s browser when visiting the page co...

5.4CVSS5.5AI score0.00307EPSS

RedhatCVE•added 2026/06/09 8:59 a.m.•7 views

CVE-2026-41722

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations...

8CVSS5.2AI score0.00201EPSS

Cvelist•added 2026/06/09 8:29 a.m.•34 views

CVE-2026-8677 Prime Elementor Addons <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget HTML Tag Settings

The Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Widget HTML Tag Settings in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible...

6.4CVSS0.00262EPSS

Exploits0References16

EUVD•added 2026/06/09 7:35 a.m.•9 views

EUVD-2026-35371

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. User-supplied content was included in notification emails without proper escaping, allowing authenticated users to inject arbitrary HTML int...

5.4CVSS5.5AI score0.00308EPSS

NVD•added 2026/06/09 5:16 a.m.•11 views

CVE-2026-8909

The WpMobi plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.3. This is due to missing or incorrect nonce validation on the handleSaveGeneralSettings function. This makes it possible for unauthenticated attackers to modify the plugin's...

4.3CVSS0.00128EPSS

Exploits0References4

NVD•added 2026/06/09 5:16 a.m.•9 views

CVE-2026-41845

Due to incorrect escaping, the use of JavaScriptUtils.javaScriptEscape may lead to JavaScript code injection in the browser, potentially resulting in a cross-site scripting XSS vulnerability. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3....

7.1CVSS0.00161EPSS

EUVD•added 2026/06/09 3:41 a.m.•6 views

EUVD-2026-35317

The kk blog card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blog-card' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on the shortcode's 'href' and 'type' attributes, which are...

6.4CVSS5.7AI score0.00187EPSS

EUVD•added 2026/06/09 3:41 a.m.•5 views

EUVD-2026-35310

The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ninjagdprajaxactions' AJAX action in versions up to, and including, 1.0.0. This is due to missing capability and nonce checks on the handleAjaxCalls function, combined with insufficient input...

6.4CVSS5.7AI score0.00193EPSS

Exploits0References5

EUVD•added 2026/06/09 3:41 a.m.•8 views

EUVD-2026-35305

The RomanCart Ecommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blclass' attribute and other attributes of the romancartbutton shortcode in versions up to, and including, 2.0.8. This is due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS5.7AI score0.00198EPSS

EUVD•added 2026/06/09 3:41 a.m.•7 views

EUVD-2026-35298

The Extra Settings for RocketChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rocketchat' shortcode's 'title' attribute in versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping in the rxstgshortcode function, which...

6.4CVSS5.7AI score0.00187EPSS

NVD•added 2026/06/09 3:16 a.m.•8 views

CVE-2026-5714

The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘locationdir’ parameter in all versions up to, and including, 4.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...

6.4CVSS0.00187EPSS

Vulnrichment•added 2026/06/09 2:28 a.m.•4 views

CVE-2026-5714 Enable Media Replace <= 4.1.8 - Authenticated (Author+) Stored Cross-Site Scripting via 'location_dir' Parameter

6.4CVSS5.7AI score0.00187EPSS

Cvelist•added 2026/06/09 1:27 a.m.•38 views

CVE-2026-10862 Accordions <= 2.3.23 - Authenticated (Custom+) Stored Cross-Site Scripting via Accordion Body Field

The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion body field in all versions up to, and including, 2.3.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Custom-level access and...

6.4CVSS0.00159EPSS

Exploits0References2

Positive Technologies•added 2026/06/09 12:0 a.m.•9 views

PT-2026-48070

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.24 and earlier Adobe Experience Manager versions LTS SP1 and earlier Adobe Experience Manager versions 2026.04 and earlier Description A stored Cross-Site Scripting XSS issue allows a low-privileged attack...

5.4CVSS5.4AI score0.00224EPSS

CNNVD•added 2026/06/09 12:0 a.m.•5 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...

5.4CVSS5.2AI score0.00224EPSS