CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1122222 matches found

WordPress Email Newsletter - Reflected XSS

WordPress Email Newsletter plugin through 1.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to cra...

5.4CVSS7.2AI score0.03097EPSS

Exploits1References1

Nuclei•added 14 hours ago•7 views

YesWiki < 4.5.4 - Cross-Site Scripting

YesWiki 4.5.4 contains a reflected cross-site scripting caused by unsanitized idformulaire parameter in /?BazaR endpoint, letting attackers steal cookies and hijack sessions, exploit requires user to click malicious link. id: CVE-2025-46550 info: name: YesWiki 4.5.4 - Cross-Site Scripting author:...

6.1CVSS5.6AI score0.00352EPSS

Exploits1References2

Nuclei•added 14 hours ago•15 views

Memos 0.13.2 - Server-Side Request Forgery

SSRF vulnerabilities exist in the memos API service /o/get/httpmeta that allow unauthenticated and authenticated users to enumerate and read from the internal network. In addition, one SSRF vulnerability leads to a reflected XSS vulnerability, which may allow an attacker complete control over the...

5.8CVSS6.2AI score0.06061EPSS

Exploits1References2

Nuclei•added 14 hours ago•21 views

Apache Druid - Server-Side Request Forgery

Server-Side Request Forgery SSRF, Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting', URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Apache Druid.This issue affects all previous Druid versions.When using the Druid management proxy, a request tha...

5.8CVSS7.5AI score0.02273EPSS

Exploits0References2

Nuclei•added 14 hours ago•34 views

WordPress Easy Forms for Mailchimp Plugin < 6.8.9 - Cross-Site Scripting

The Easy Forms for Mailchimp plugin before version 6.8.9 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the sqlerror parameter before outputting it back in the page when the debug option is enabled, which could allow attackers to execute...

6.1CVSS6.6AI score0.15068EPSS

Exploits2References2

Nuclei•added 14 hours ago•14 views

iboss Secure Web Gateway - Stored Cross-Site Scripting

A cross-site scripting vulnerability has been found in iboss Secure Web Gateway up to version 10.1. The vulnerability affects the /login file of the Login Portal component, where manipulation of the redirectUrl parameter leads to cross-site scripting. The attack can be launched remotely and the...

6.1CVSS4.8AI score0.0554EPSS

Exploits4References5

Nuclei•added 14 hours ago•20 views

Changedetection.io RSS Single Watch - Cross-Site Scripting

changedetection.io 0.54.1 contains a stored XSS caused by unescaped reflection of UUID path parameter in RSS single-watch endpoint, letting remote attackers execute JavaScript in victim's browser, exploit requires victim to visit crafted URL. id: CVE-2026-27645 info: name: Changedetection.io RSS...

6.1CVSS5.9AI score0.00715EPSS

Exploits1References3

Nuclei•added 14 hours ago•6 views

WP-Lister Lite for Amazon <= 2.6.16 - Cross-Site Scripting

The WP-Lister Lite for Amazon plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.6.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...

7.1CVSS6AI score0.17493EPSS

Exploits0References3

Nuclei•added 14 hours ago•67 views

WordPress Contact Form 7 <1.3.6.3 - Stored Cross-Site Scripting

WordPress Contact Form 7 before 1.3.6.3 contains an unauthenticated stored cross-site scripting vulnerability in the Drag and Drop Multiple File Upload plugin. SVG files can be uploaded by default via the dndcodedropzupload AJAX action. id: CVE-2022-0595 info: name: WordPress Contact Form 7 1.3.6...

5.4CVSS5.9AI score0.05776EPSS

Exploits2References4

Nuclei•added 14 hours ago•24 views

WordPress NewStatPress <1.3.6 - Cross-Site Scripting

WordPress NewStatPress plugin before 1.3.6 is susceptible to cross-site scripting. The plugin does not properly escape the whatX parameters before outputting them back in attributes. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site...

6.1CVSS6AI score0.00547EPSS

Exploits2References4

Nuclei•added 14 hours ago•26 views

WooCommerce Stored Exporter WordPress Plugin < 2.7.1 - Cross-Site Scripting

The plugin was affected by a reflected cross-site scripting vulnerability in the wooce admin page. id: CVE-2022-0149 info: name: WooCommerce Stored Exporter WordPress Plugin 2.7.1 - Cross-Site Scripting author: dhiyaneshDk severity: medium description: The plugin was affected by a reflected...

6.1CVSS6.2AI score0.01124EPSS

Exploits2References5

Nuclei•added 14 hours ago•25 views

NextChat - Server-Side Request Forgery

NextChat v2.12.3 suffers from a Server-Side Request Forgery SSRF and Cross-Site Scripting vulnerability due to a lack of validation of the GET parameter on the WebDav API endpoint. id: CVE-2024-38514 info: name: NextChat - Server-Side Request Forgery author: DhiyaneshDk severity: high description...

7.4CVSS5.8AI score0.70485EPSS

Exploits0References4

Nuclei•added 14 hours ago•5 views

MapTiler Tileserver-php v2.0 - Unauthenticated XSS

MapTiler Tileserver-php v2.0 contains a reflected XSS caused by unencoded reflection of the GET parameter "layer" in an error message, letting unauthenticated attackers execute arbitrary script on victim browsers. id: CVE-2025-44136 info: name: MapTiler Tileserver-php v2.0 - Unauthenticated XSS...

9.8CVSS6AI score0.13017EPSS

Exploits2References2

Nuclei•added 14 hours ago•27 views

Cofax <=2.0RC3 - Cross-Site Scripting

Cofax 2.0 RC3 and earlier contains a cross-site scripting vulnerability in search.htm which allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter. id: CVE-2005-4385 info: name: Cofax =2.0RC3 - Cross-Site Scripting author: geeknik severity: medium descriptio...

4.3CVSS5.8AI score0.00274EPSS

Exploits0References4

Nuclei•added 14 hours ago•53 views

SquirrelMail 1.2.6/1.2.7 - Cross-Site Scripting

The Virtual Keyboard plugin for SquirrelMail 1.2.6/1.2.7 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. id: CVE-2002-1131 info: name: SquirrelMail 1.2.6/1.2.7 - Cross-Site Scripting author: dhiyaneshDk,s4e-io severity: high description:...

7.5CVSS5.6AI score0.02841EPSS

Exploits2References4

Nuclei•added 14 hours ago•22 views

Ellucian Ethos Identity CAS - Cross-Site Scripting

A vulnerability was found in Ellucian Ethos Identity up to 5.10.5. It has been classified as problematic. Affected is an unknown function of the file /cas/logout. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. id: CVE-2023-2822...

6.1CVSS3.9AI score0.80995EPSS

Exploits1References5

Nuclei•added 14 hours ago•23 views

ChurchCRM 4.5.3 - Cross-Site Scripting

A reflected cross-site scripting XSS vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter of /churchcrm/v2/family/not-found. id: CVE-2023-25346 info: name: ChurchCRM 4.5.3 - Cross-Site Scripting author: Harsh severity: medium...

6.1CVSS6.4AI score0.12346EPSS

Exploits1References5

Nuclei•added 14 hours ago•29 views

ChurchCRM 4.5.3 - Cross-Site Scripting

A stored Cross-site scripting XSS vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php. id: CVE-2023-26843 info: name: ChurchCRM 4.5.3 - Cross-Site Scripting author: Harsh severity: medium description: | A stored Cross-site scripti...

5.4CVSS6.2AI score0.11478EPSS

Exploits1References5

Nuclei•added 14 hours ago•21 views

Companion Sitemap Generator < 4.5.3 - Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2023-1780 info: name: Companion Sitemap Generator 4.5.3 - Cross-Site Scripting author:...

6.1CVSS6.8AI score0.16021EPSS

Exploits2References2

Nuclei•added 14 hours ago•41 views

Stock Ticker <= 3.23.2 - Cross-Site Scripting

The Stock Ticker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in the ajaxstocktickerload function in versions up to, and including, 3.23.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

7.1CVSS7.1AI score0.03667EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by