CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

Positive Technologies•added 2026/05/05 12:0 a.m.•5 views

PT-2026-37281

Name of the Vulnerable Software and Affected Versions Grav CMS Form plugin versions prior to 9.1.0 Description A Stored Cross-Site Scripting XSS issue exists in the select field template of the Grav CMS Form plugin. Taxonomy tag and category values are rendered using the Twig |raw filter in the...

5.4CVSS6AI score0.00029EPSS

Exploits0References6

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-2792

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00302EPSS

Exploits1References7

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-1972

Malicious code in bioql PyPI...

6.1CVSS6.5AI score0.00387EPSS

Exploits0References11

Tenable Nessus•added 2025/08/12 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2020-25815

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names f...

6.1CVSS6.9AI score0.00387EPSS

Exploits0References2

RedhatCVE•added 2025/05/22 12:59 p.m.•5 views

CVE-2018-20962

The Backpack\CRUD Backpack component before 3.4.9 for Laravel allows XSS via the select field type...

6.1CVSS5.8AI score0.00302EPSS

Exploits1References1

OSV•added 2025/04/10 7:16 p.m.•0 views

UBUNTU-CVE-2025-3469

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLMultiSelectField.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6,...

5.8AI score0.00357EPSS

Exploits0References3

OSV•added 2024/03/06 11:13 a.m.•19 views

BIT-MEDIAWIKI-2020-25815

An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped instead of text...

6.1CVSS6.6AI score0.00387EPSS

Exploits0References5

Veracode•added 2022/08/30 4:1 a.m.•29 views

Cross-site Scripting (XSS)

getkirby/cms is vulnerable to Cross-site Scripting XSS. The use of the v-html tag in MultiselectInput.vue allows an attacker to inject and execute malicious javascript through the dynamic options in the multi-select field...

5.9CVSS5.5AI score0.00598EPSS

Exploits0References3Affected Software1

Github Security Blog•added 2022/05/24 4:52 p.m.•15 views

Backpack\CRUD for Laravel XSS Vulnerability

The Backpack\CRUD Backpack component before 3.4.9 for Laravel allows XSS via the select field type...

6.1CVSS6.3AI score0.00302EPSS

Exploits1References6Affected Software1

OSV•added 2020/09/27 9:15 p.m.•2 views

DEBIAN-CVE-2020-25815

6.1CVSS7AI score0.00387EPSS

Exploits0References1

Debian CVE•added 2020/09/27 8:27 p.m.•25 views

CVE-2020-25815

6.1CVSS6.5AI score0.00387EPSS

Exploits0

CVE•added 2020/09/27 8:27 p.m.•81 views

CVE-2020-25815

The CVE-2020-25815 issue affects MediaWiki 1.32.x–1.34.x prior to 1.34.4. The root cause is LogEventList::getFiltersDesc constructing HTML multi-select option names by using message text (text()) instead of the correct escaping method (escaped()). This insecure handling can expose UI strings and ...

6.1CVSS6.6AI score0.00387EPSS

Exploits0References4Affected Software1

OSV•added 2019/08/08 8:15 p.m.•14 views

CVE-2018-20962

The Backpack\CRUD Backpack component before 3.4.9 for Laravel allows XSS via the select field type...

6.1CVSS5.8AI score

Exploits0References4