CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1122457 matches found

Diary Management System 1.0 - Cross-Site Scripting

Diary Management System 1.0 contains a cross-site scripting vulnerability via the Name parameter in search-result.php. id: CVE-2022-29004 info: name: Diary Management System 1.0 - Cross-Site Scripting author: TenBird severity: medium description: | Diary Management System 1.0 contains a cross-sit...

6.1CVSS6AI score0.39704EPSS

Exploits1References5

Nuclei•added 17 hours ago•18 views

WordPress RSS Aggregator < 4.20 - Authenticated Cross-Site Scripting

WordPress RSS Aggregator 4.20 is susceptible to cross-site scripting. The plugin does not sanitize and escape the id parameter in the wprssfetchitemsrowaction AJAX action before outputting it back in the response, leading to reflected cross-site scripting. id: CVE-2022-0189 info: name: WordPress...

6.1CVSS5.6AI score0.0276EPSS

Exploits2References5

Nuclei•added 17 hours ago•21 views

Spotweb <= 1.5.1 - Cross Site Scripting (Reflected)

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter. id: CVE-2021-40969 info: name: Spotweb = 1.5.1 - Cross Site Scripting Reflected author: theamanrawat...

6.1CVSS6.4AI score0.01286EPSS

Exploits1References4

Nuclei•added 17 hours ago•28 views

QSAN Storage Manager <3.3.3 - Cross-Site Scripting

QSAN Storage Manager before 3.3.3 contains a reflected cross-site scripting vulnerability. Header page parameters do not filter special characters. Remote attackers can inject JavaScript to access and modify specific data. id: CVE-2021-37216 info: name: QSAN Storage Manager 3.3.3 - Cross-Site...

6.1CVSS6.1AI score0.10997EPSS

Exploits0References4

Nuclei•added 17 hours ago•16 views

WordPress Securimage-WP-Fixed <=3.5.4 - Cross-Site Scripting

WordPress Securimage-WP-Fixed plugin 3.5.4 and prior contains a cross-site scripting vulnerability due to the use of $SERVER'PHPSELF' in the /securimage-wp.php file, which allows attackers to inject arbitrary web scripts. id: CVE-2021-34640 info: name: WordPress Securimage-WP-Fixed =3.5.4 -...

6.1CVSS6.2AI score0.03864EPSS

Exploits2References5

Nuclei•added 17 hours ago•18 views

Rukovoditel <= 3.2.1 - Cross-Site Scripting

A stored cross-site scripting XSS vulnerability in the Users Access Groups feature /index.php?module=usersgroups/usersgroups of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New...

5.4CVSS6AI score0.07331EPSS

Exploits1References3

Nuclei•added 17 hours ago•24 views

OpenCATS 0.9.6 - Cross-Site Scripting

OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the entriesPerPage parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launc...

6.1CVSS6.2AI score0.01677EPSS

Exploits2References5

Nuclei•added 17 hours ago•73 views

H3C SSL VPN <=2022-07-10 - Cross-Site Scripting

H3C SSL VPN 2022-07-10 and prior contains a cookie-based cross-site scripting vulnerability in wnm/login/login.json svpnlang. id: CVE-2022-35416 info: name: H3C SSL VPN =2022-07-10 - Cross-Site Scripting author: 0x240x23elu severity: medium description: | H3C SSL VPN 2022-07-10 and prior contains...

6.1CVSS6.1AI score0.06631EPSS

Exploits1References5

Nuclei•added 17 hours ago•24 views

WordPress FeedWordPress < 2022.0123 - Authenticated Cross-Site Scripting

The plugin is affected by a cross-site scripting vulnerability within the "visibility" parameter. id: CVE-2021-25055 info: name: WordPress FeedWordPress 2022.0123 - Authenticated Cross-Site Scripting author: DhiyaneshDK severity: medium description: | The plugin is affected by a cross-site...

6.1CVSS6.1AI score0.01696EPSS

Exploits2References4

Nuclei•added 17 hours ago•24 views

SMTP by BestWebSoft < 1.1.0 - Cross-Site Scripting

The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues. id: CVE-2017-18518 info: name: SMTP by BestWebSoft 1.1.0 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues. impact: |...

6.1CVSS6.3AI score0.00059EPSS

Exploits1References4

Nuclei•added 17 hours ago•16 views

SiYuan Note - Cross-Site Scripting

SiYuan Note through version 3.6.1 is vulnerable to unauthenticated reflected Cross-Site Scripting XSS in the /api/icon/getDynamicIcon endpoint due to improper filtering of SVG elements with a namespace prefix such as . By using a namespaced script element, attackers can bypass the SanitizeSVG...

8.6CVSS5.8AI score0.00139EPSS

Exploits1References2

Nuclei•added 17 hours ago•8 views

Registrations for The Events Calendar < 2.7.5 - Authenticated Reflected Cross-Site Scripting

The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting id: CVE-2021-24876 info: name: Registrations for The Events Calendar 2.7.5 - Authenticated Reflected...

6.1CVSS6.3AI score0.00246EPSS

Exploits2References2

Nuclei•added 17 hours ago•14 views

Smash Balloon Social Post Feed < 4.1.1 - Authenticated Reflected Cross-Site Scripting

The plugin was affected by a reflected XSS in custom-facebook-feed in cff-top admin page. id: CVE-2021-25065 info: name: Smash Balloon Social Post Feed 4.1.1 - Authenticated Reflected Cross-Site Scripting author: Harsh severity: medium description: | The plugin was affected by a reflected XSS in...

5.4CVSS5.8AI score0.03142EPSS

Exploits2References2

Nuclei•added 17 hours ago•14 views

Planon <Live Build 41 - Cross-Site Scripting

Planon before Live Build 41 is vulnerable to cross-site scripting. id: CVE-2018-18570 info: name: Planon Live Build 41 - Cross-Site Scripting author: emadshanab severity: medium description: Planon before Live Build 41 is vulnerable to cross-site scripting. impact: | Successful exploitation of th...

6.1CVSS5.7AI score0.06402EPSS

Exploits1References3

Nuclei•added 17 hours ago•6 views

LibreChat <= 0.7.9 - HTML Injection via Accept-Language Header

danny-avila/librechat 0.7.9 contains a stored XSS caused by improper sanitization of the Accept-Language header, letting logged-in users inject arbitrary HTML into the html lang= tag, exploit requires user to be logged in. id: CVE-2025-8848 info: name: LibreChat marker"...

5.4CVSS5.5AI score0.00015EPSS

Exploits1References3

Nuclei•added 17 hours ago•12 views

WordPress < 4.9.1 - Authenticated JavaScript File Upload

WordPress before 4.9.1 contains a cross-site scripting caused by not requiring unfilteredhtml capability for uploading .js files in functions.php, letting remote attackers execute scripts via crafted files, exploit requires upload permissions. id: CVE-2017-17092 info: name: WordPress 4.9.1 -...

5.4CVSS6.7AI score0.04916EPSS

Exploits0References5

Nuclei•added 17 hours ago•87 views

Pulse Secure Pulse Connect Secure - Cross-Site Scripting (Reflected)

Pulse Secure Pulse Connect Secure PCS 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3 contain a reflected cross-site scripting caused by insufficient sanitization on the Application Launcher page, letting attackers execute scripts in the context of the affected page, exploit requires victim to visit ...

6.1CVSS6.4AI score0.00325EPSS

Exploits1References2

Nuclei•added 17 hours ago•12 views

LiteSpeed Cache <= 6.5.0.2 - Stored XSS

LiteSpeed Technologies LiteSpeed Cache versions up to 6.5.0.2 contain a stored cross-site scripting caused by improper input neutralization during web page generation, letting attackers execute malicious scripts in victim browsers, exploit requires storing malicious input. id: CVE-2024-47374 info...

7.1CVSS5.8AI score0.26284EPSS

Exploits0References2

Nuclei•added 17 hours ago•3 views

OWL Carousel Slider - Cross-Site Scripting

OWL Carousel Slider WordPress plugin v2.2 contains a reflected cross-site scripting caused by unsanitized parameter output in the page, letting attackers execute arbitrary scripts in the context of high privilege users, exploit requires attacker to craft malicious URL. id: CVE-2024-13627 info:...

4.7CVSS7.8AI score0.023EPSS

Exploits1References1

Nuclei•added 17 hours ago•16 views

WP Dream Carousel < 1.0.1b - Cross-Site Scripting

WP Dream Carousel WordPress plugin 1.0.1b contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute arbitrary scripts in the context of high privilege users, exploit requires victim to load a...

6.1CVSS7.8AI score0.02069EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by