CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1126518 matches found

Abandoned Cart Lite for WooCommerce < 5.2.0 - Cross-Site Scripting

The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping. i...

7.2CVSS6.3AI score0.27125EPSS

Exploits1References4

Nuclei•added 2 days ago•25 views

WordPress Download Manager <2.9.94 - Cross-Site Scripting

WordPress Download Manager plugin before 2.9.94 contains a cross-site scripting vulnerability via the category shortcode feature, as demonstrated by the orderby or searchpublishdate parameter. id: CVE-2019-15889 info: name: WordPress Download Manager 2.9.94 - Cross-Site Scripting author: daffainf...

6.1CVSS6AI score0.04462EPSS

Exploits6References5

Nuclei•added 2 days ago•22 views

RPCMS 3.0.2 - Cross-Site Scripting

RPCMS 3.0.2 contains a cross-site scripting vulnerability in the Search function. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other...

6.1CVSS6.2AI score0.04425EPSS

Exploits1References5

Nuclei•added 2 days ago•22 views

WordPress API Bearer Auth <20190907 - Cross-Site Scripting

WordPress API Bearer Auth plugin before 20190907 contains a cross-site scripting vulnerability. The server parameter is not correctly filtered in swagger-config.yaml.php. id: CVE-2019-16332 info: name: WordPress API Bearer Auth 20190907 - Cross-Site Scripting author: daffainfo severity: medium...

6.1CVSS6.1AI score0.22302EPSS

Exploits2References5

Nuclei•added 2 days ago•31 views

The Code Snippets WordPress Plugin < 2.14.3 - Cross-Site Scripting

The Wordpress plugin Code Snippets before 2.14.3 does not escape the snippets-safe-mode parameter before reflecting it in attributes, leading to a reflected cross-site scripting issue. id: CVE-2021-25008 info: name: The Code Snippets WordPress Plugin 2.14.3 - Cross-Site Scripting author: cckuailo...

6.1CVSS6AI score0.03359EPSS

Exploits2References4

Nuclei•added 2 days ago•85 views

Adobe ColdFusion - Cross-Site Scripting

Adobe Coldfusion versions 2016 update 16 and earlier, 2018 update 10 and earlier and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code...

5.4CVSS6.3AI score0.84201EPSS

Exploits0References5

Nuclei•added 2 days ago•36 views

EPrints 3.4.2 - Cross-Site Scripting

EPrints 3.4.2 contains a reflected cross-site scripting vulnerability via the cgi/cal URI. id: CVE-2021-26475 info: name: EPrints 3.4.2 - Cross-Site Scripting author: geeknik severity: medium description: EPrints 3.4.2 contains a reflected cross-site scripting vulnerability via the cgi/cal URI...

6.1CVSS6.6AI score0.49622EPSS

Exploits1References5

Nuclei•added 2 days ago•30 views

ClinicCases 7.3.3 Cross-Site Scripting

ClinicCases 7.3.3 is susceptible to multiple reflected cross-site scripting vulnerabilities that could allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL. This can result in account takeover via session token theft. id: CVE-2021-38704 info: name:...

6.1CVSS6.2AI score0.04987EPSS

Exploits1References5

Nuclei•added 2 days ago•41 views

WordPress Hero Maps Premium <=2.2.1 - Cross-Site Scripting

WordPress Hero Maps Premium plugin 2.2.1 and prior contains an unauthenticated reflected cross-site scripting vulnerability via the views/dashboard/index.php p parameter. id: CVE-2019-19134 info: name: WordPress Hero Maps Premium =2.2.2 or apply the vendor-provided patch to fix the XSS...

6.1CVSS6.1AI score0.17251EPSS

Exploits2References5

Nuclei•added 2 days ago•13 views

123Solar 1.8.4.5 - Cross-Site Scripting

123Solar 1.8.4.5 is vulnerable to reflected cross-site scripting XSS via the date1 parameter in detailed.php. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution. id: CVE-2024-9007 info: name: 123Solar 1.8.4.5 - Cross-Site Scripting author: ritikchaddha...

5.4CVSS5.3AI score0.03711EPSS

Exploits1References2

Nuclei•added 2 days ago•58 views

Fortinet FortiOS - Cross-Site Scripting

Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below versions under SSL VPN web portal are vulnerable to cross-site scripting and allows attacker to execute unauthorized malicious script code via the error or message handling parameters. id: CVE-2018-13380 info: name:...

6.1CVSS6.2AI score0.37395EPSS

Exploits0References5

Nuclei•added 2 days ago•22 views

Companion Sitemap Generator < 4.5.3 - Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2023-1780 info: name: Companion Sitemap Generator 4.5.3 - Cross-Site Scripting author:...

6.1CVSS6.8AI score0.16021EPSS

Exploits2References2

Nuclei•added 2 days ago•29 views

mooDating 1.2 - Cross-site scripting

A vulnerability was found in mooSocial mooDating 1.2. It has been classified as problematic. Affected is an unknown function of the file /matchmakings/question of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-235194 is...

6.1CVSS3.4AI score0.07556EPSS

Exploits4References4

Nuclei•added 2 days ago•24 views

Rukovoditel <= 2.7.2 - Cross Site Scripting

A stored cross site scripting XSS vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. id: CVE-2020-35986 info: name: Rukovoditel = 2.7.2 - Cross Sit...

5.4CVSS5.8AI score0.03657EPSS

Exploits1References3

Nuclei•added 2 days ago•30 views

ChurchCRM 4.5.3 - Cross-Site Scripting

A stored Cross-site scripting XSS vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php. id: CVE-2023-26843 info: name: ChurchCRM 4.5.3 - Cross-Site Scripting author: Harsh severity: medium description: | A stored Cross-site scripti...

5.4CVSS6AI score0.11478EPSS

Exploits1References5

Nuclei•added 2 days ago•30 views

Dolibarr <7.0.2 - Cross-Site Scripting

Dolibarr before 7.0.2 is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php. id: CVE-2018-10095 info: name: Dolibarr 7.0.2 - Cross-Site Scripting author: pikpikcu severity: medium...

6.1CVSS6.6AI score0.475EPSS

Exploits1References5

Nuclei•added 2 days ago•62 views

Atlassian Jira WallboardServlet <7.13.1 - Cross-Site Scripting

The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting vulnerability in the cyclePeriod parameter. id: CVE-2018-20824 info: name: Atlassian Jira WallboardServlet 7.13.1 - Cross-Site Scripting author:...

6.1CVSS6.2AI score0.17834EPSS

Exploits0References5

Nuclei•added 2 days ago•39 views

NeDi 1.9C - Cross-Site Scripting

NeDi 1.9C is vulnerable to cross-site scripting because of an incorrect implementation of sanitize in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a...

6.1CVSS6AI score0.15743EPSS

Exploits0References4

Nuclei•added 2 days ago•8 views

MapTiler Tileserver-php v2.0 - Unauthenticated XSS

MapTiler Tileserver-php v2.0 contains a reflected XSS caused by unencoded reflection of the GET parameter "layer" in an error message, letting unauthenticated attackers execute arbitrary script on victim browsers. id: CVE-2025-44136 info: name: MapTiler Tileserver-php v2.0 - Unauthenticated XSS...

9.8CVSS5.8AI score0.13017EPSS

Exploits2References2

Nuclei•added 2 days ago•43 views

Stock Ticker <= 3.23.2 - Cross-Site Scripting

The Stock Ticker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in the ajaxstocktickerload function in versions up to, and including, 3.23.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

7.1CVSS7.1AI score0.03667EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by