CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

71 matches found

PHPJabbers Shuttle Booking Software 1.0 - Cross Site Scripting

The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials. id: CVE-2023-4112 info: name: PHPJabbers Shuttle Booking Software 1.0 - Cross Site Scripting...

6.1CVSS5.8AI score0.15132EPSS

Exploits4References5

RedhatCVE•added 2026/01/01 9:12 a.m.•2 views

CVE-2025-62137

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shuttlethemes Shuttle shuttle allows Stored XSS.This issue affects Shuttle: from n/a through = 1.5.0...

6.5CVSS5.9AI score0.00024EPSS

Exploits0References1

NVD•added 2025/12/31 9:15 a.m.•0 views

CVE-2025-62137

6.5CVSS0.00024EPSS

Exploits0References1

Cvelist•added 2025/12/31 8:57 a.m.•21 views

CVE-2025-62137 WordPress Shuttle theme <= 1.5.0 - Cross Site Scripting (XSS) vulnerability

6.5CVSS0.00024EPSS

Exploits0References1

EUVD•added 2025/12/31 8:57 a.m.•2 views

EUVD-2025-205915

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shuttlethemes Shuttle allows Stored XSS.This issue affects Shuttle: from n/a through 1.5.0...

6.5CVSS5.5AI score0.00024EPSS

Exploits0References2

Vulnrichment•added 2025/12/31 8:57 a.m.•2 views

CVE-2025-62137 WordPress Shuttle theme <= 1.5.0 - Cross Site Scripting (XSS) vulnerability

6.5CVSS5.2AI score0.00024EPSS

Exploits0References1

CVE•added 2025/12/31 8:57 a.m.•3 views

CVE-2025-62137

CVE-2025-62137 is a Stored Cross-Site Scripting vulnerability in Shuttle (Shuttle theme) caused by improper neutralization of input during web page generation. Affected: Shuttle theme versions up to 1.5.0 (listed as affected). Connected sources indicate this CVE in Wordfence’ WordPress vulnerabil...

6.5CVSS5.9AI score0.00024EPSS

Exploits0References1

Patchstack•added 2025/12/31 8:55 a.m.•4 views

WordPress Shuttle theme <= 1.5.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Theme Shuttle versions = 1.5.0...

6.5CVSS6.1AI score0.00024EPSS

Exploits0Affected Software1

Patchstack•added 2025/12/31 8:55 a.m.•3 views

WordPress Shuttle theme <= 1.5.0 - Cross Site Scripting (XSS) vulnerability

Software : Shuttle Type : Theme Vulnerable versions : = 1.5.0 OWASP Top 10 : A3: Injection Classification : Cross Site Scripting XSS CVE ID : CVE-2025-62137 Patchstack priority : Low CVSS severity : 6.5 Required privilege : Contributor Developer : Claim ownership PSID : af47e07068e3 Credits : Pet...

6.5CVSS6.1AI score0.00024EPSS

Exploits0Affected Software1

CNNVD•added 2025/12/31 12:0 a.m.•1 views

WordPress plugin Shuttle 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

6.5CVSS5.8AI score0.00024EPSS

Exploits0References1

Positive Technologies•added 2025/12/31 12:0 a.m.•2 views

PT-2025-54299

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Shuttlethemes Shuttle allows Stored XSS.This issue affects Shuttle: from n/a through 1.5.0...

6.5CVSS6AI score0.00024EPSS

Exploits0References2

The Hacker News•added 2025/12/23 2:42 p.m.•15 views

Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Sites

Cybersecurity researchers have discovered two malicious Google Chrome extensions with the same name and published by the same developer that come with capabilities to intercept traffic and capture user credentials. The extensions are advertised as a "multi-location network speed test plug-in" for...

7.3AI score

Exploits0

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2017-14730

Malware in sbrugna...

7.2CVSS6.6AI score0.0006EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-52252

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00116EPSS

Exploits3References3

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-52861

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00228EPSS

Exploits2References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-53998

Malicious code in bioql PyPI...

6.1CVSS4.8AI score0.15132EPSS

Exploits4References3

RedhatCVE•added 2025/05/23 4:23 a.m.•3 views

CVE-2023-48830

Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Languages section via an export...

8.8CVSS7.2AI score0.00228EPSS

Exploits2

RedhatCVE•added 2025/05/23 4:16 a.m.•4 views

CVE-2023-4112

A vulnerability was found in PHP Jabbers Shuttle Booking Software 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this...

6.1CVSS6.2AI score0.15132EPSS

Exploits4

RedhatCVE•added 2025/05/23 4:15 a.m.•6 views

CVE-2023-48172

A Cross Site Scripting XSS vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php...

5.4CVSS5.9AI score0.00116EPSS

Exploits3

NVD•added 2023/12/07 7:15 a.m.•8 views

CVE-2023-48830

Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Languages section via an export...

8.8CVSS0.00228EPSS

Exploits2References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by