Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

727747 matches found

Nuclei
Nucleiadded yesterday23 views

WordPress Checklist <1.1.9 - Cross-Site Scripting

WordPress Checklist plugin before 1.1.9 contains a cross-site scripting vulnerability. The fill parameter is not correctly filtered in the checklist-icon.php file. id: CVE-2019-16525 info: name: WordPress Checklist 1.1.9 - Cross-Site Scripting author: daffainfo severity: medium description:...

6.1CVSS5.8AI score0.05549EPSS
Exploits2References5
Nuclei
Nucleiadded yesterday32 views

Extreme Management Center 8.4.1.24 - Cross-Site Scripting

Extreme Management Center 8.4.1.24 contains a cross-site scripting vulnerability via a parameter in a GET request. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

6.1CVSS6.1AI score0.03465EPSS
Exploits0References5
Nuclei
Nucleiadded yesterday25 views

WordPress Download Manager <2.9.94 - Cross-Site Scripting

WordPress Download Manager plugin before 2.9.94 contains a cross-site scripting vulnerability via the category shortcode feature, as demonstrated by the orderby or searchpublishdate parameter. id: CVE-2019-15889 info: name: WordPress Download Manager 2.9.94 - Cross-Site Scripting author: daffainf...

6.1CVSS5.8AI score0.12531EPSS
Exploits6References5
Nuclei
Nucleiadded yesterday19 views

Microstrategy Web 7 - Cross-Site Scripting

Microstrategy Web 7 does not sufficiently encode user-controlled inputs, resulting in cross-site scripting via the Login.asp Msg parameter. id: CVE-2018-18775 info: name: Microstrategy Web 7 - Cross-Site Scripting author: 0xAkoko severity: medium description: Microstrategy Web 7 does not...

6.1CVSS5.8AI score0.06555EPSS
Exploits5References4
Nuclei
Nucleiadded yesterday23 views

Custom 404 Pro < 3.2.8 - Cross-Site Scripting

Custom 404 Pro before 3.2.9 is susceptible to cross-site scripting via the title parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to...

6.1CVSS6AI score0.01919EPSS
Exploits2References4
Nuclei
Nucleiadded yesterday23 views

Alert Before Your Post <= 0.1.1 - Cross-Site Scripting

A cross-site scripting vulnerability in postalert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter. id: CVE-2011-5107 info: name: Alert Before Your Post = 0.1.1 - Cross-Site...

4.3CVSS5.2AI score0.08772EPSS
Exploits1References4
Nuclei
Nucleiadded yesterday46 views

ClickDesk Live Support Live Chat 2.0 - Cross-Site Scripting

A cross-site scripting vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter. id: CVE-2011-5181 info: name: ClickDesk Live Support Live Chat 2.0 - Cross-Site Scripti...

4.3CVSS5.1AI score0.10428EPSS
Exploits1References5
Nuclei
Nucleiadded yesterday14 views

WordPress sourceAFRICA <=0.1.3 - Cross-Site Scripting

WordPress sourceAFRICA plugin version 0.1.3 contains a cross-site scripting vulnerability. id: CVE-2015-6920 info: name: WordPress sourceAFRICA =0.1.3 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress sourceAFRICA plugin version 0.1.3 contains a cross-site scripting...

4.3CVSS4.8AI score0.03265EPSS
Exploits1References4
Nuclei
Nucleiadded yesterday34 views

Netsweeper 4.0.4 - Cross-Site Scripting

A cross-site scripting vulnerability in remotereporter/loadlogfiles.php in Netsweeper 4.0.3 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter. id: CVE-2014-9607 info: name: Netsweeper 4.0.4 - Cross-Site Scripting author: daffainfo severity: medium...

6.1CVSS6.1AI score0.05452EPSS
Exploits1References4
Nuclei
Nucleiadded yesterday24 views

WordPress e-search <=1.0 - Cross-Site Scripting

WordPress e-search 1.0 and before contains a reflected cross-site scripting vulnerability via titleaz.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.3AI score0.0465EPSS
Exploits2References4
Nuclei
Nucleiadded yesterday22 views

WordPress anti-plagiarism <=3.60 - Cross-Site Scripting

WordPress anti-plagiarism 3.6.0 and prior are vulnerable to reflected cross-site scripting. id: CVE-2016-1000128 info: name: WordPress anti-plagiarism 3.60 or apply the latest security patches provided by the vendor. reference: - http://www.vapidlabs.com/wp/wpadvisory.php?v=161 -...

6.1CVSS5.5AI score0.04195EPSS
Exploits2References3
Nuclei
Nucleiadded yesterday28 views

WordPress Admin Font Editor <=1.8 - Cross-Site Scripting

WordPress Admin Font Editor 1.8 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

6.1CVSS6.3AI score0.03223EPSS
Exploits2References5
Nuclei
Nucleiadded yesterday12 views

WordPress Photoxhibit 2.1.8 - Cross-Site Scripting

WordPress Photoxhibit 2.1.8 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials an...

6.1CVSS6.2AI score0.03558EPSS
Exploits1References5
Nuclei
Nucleiadded yesterday19 views

WordPress S3 Video <=0.983 - Cross-Site Scripting

WordPress S3 Video and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials...

6.1CVSS6.3AI score0.03209EPSS
Exploits2References5
Nuclei
Nucleiadded yesterday58 views

WordPress Plugin All-in-One Event Calendar 1.4 - Cross-Site Scripting

Multiple cross-site scripting vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 title parameter to app/view/agenda-widget-form.php; 2 args, 3 title, 4 beforetitle, or 5 aftertitle parameter to...

4.3CVSS5.2AI score0.08946EPSS
Exploits2References3
Nuclei
Nucleiadded yesterday47 views

WP-FaceThumb 0.1 - Cross-Site Scripting

A cross-site scripting vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the paginationwpfacethumb parameter. id: CVE-2012-2371 info: name: WP-FaceThumb 0.1 - Cross-Site Scripting author: daffainfo severity:...

4.3CVSS5.2AI score0.12905EPSS
Exploits1References5
Nuclei
Nucleiadded yesterday31 views

WordPress Raygun4WP <=1.8.0 - Cross-Site Scripting

WordPress Raygun4WP 1.8.0 contains a reflected cross-site scripting vulnerability via sendtesterror.php. id: CVE-2017-9288 info: name: WordPress Raygun4WP =1.8.0 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress Raygun4WP 1.8.0 contains a reflected cross-site...

6.1CVSS5.8AI score0.03984EPSS
Exploits2References5
Nuclei
Nucleiadded yesterday20 views

Magmi 0.7.22 - Cross-Site Scripting

Magmi 0.7.22 contains a cross-site scripting vulnerability due to insufficient filtration of user-supplied data prefix passed to the magmi-git-master/magmi/web/ajaxgettime.php URL. id: CVE-2017-7391 info: name: Magmi 0.7.22 - Cross-Site Scripting author: pikpikcu severity: medium description: Mag...

6.1CVSS5.8AI score0.08173EPSS
Exploits0References5
Nuclei
Nucleiadded yesterday31 views

Updater by BestWebSoft < 1.35 - Cross-Site Scripting

The updater plugin before 1.35 for WordPress has multiple XSS issues. id: CVE-2017-18565 info: name: Updater by BestWebSoft 1.35 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The updater plugin before 1.35 for WordPress has multiple XSS issues. impact: | Authenticat...

6.1CVSS6AI score0.0139EPSS
Exploits1References4
Nuclei
Nucleiadded yesterday26 views

Contact Form Multi by BestWebSoft < 1.2.1 - Cross-Site Scripting

The contact-form-multi plugin before 1.2.1 for WordPress has multiple XSS issues. id: CVE-2017-18490 info: name: Contact Form Multi by BestWebSoft 1.2.1 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The contact-form-multi plugin before 1.2.1 for WordPress has multip...

6.1CVSS6AI score0.01464EPSS
Exploits1References4
Rows per page
Query Builder