CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

71 matches found

CNVD•added 2026/04/07 12:0 a.m.•2 views

Endian Firewall domain parameter cross-site scripting vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall domain parameter, which originates from improper handling of the domain parameter in /manage/smtpscan/domainrouting/, and can be exploited by an attacker to inject...

6.4CVSS5AI score0.00034EPSS

Exploits0

CNVD•added 2026/04/07 12:0 a.m.•0 views

Endian Firewall name parameter cross-site scripting vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall name parameter, which stems from improper cleanup of the name parameter input in /manage/qos/classes/, and can be exploited by an attacker to inject malicious...

6.4CVSS5AI score0.00034EPSS

Exploits0

CNVD•added 2026/04/07 12:0 a.m.•0 views

Endian Firewall user parameter cross-site scripting vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall user parameter, which stems from improper handling of the user parameter in /cgi-bin/proxyuser.cgi, and can be exploited by an attacker to inject malicious...

6.4CVSS5AI score0.00011EPSS

Exploits0

CNVD•added 2026/04/07 12:0 a.m.•1 views

Endian Firewall remark parameter cross-site scripting vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which originates from improperly cleaning up the input of the remark parameter in /cgi-bin/routing.cgi, and can be exploited by an attacker to...

6.4CVSS5AI score0.00034EPSS

Exploits0

CNVD•added 2026/04/07 12:0 a.m.•1 views

Endian Firewall group parameter cross-site scripting vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall group parameter, which stems from improper handling of the group parameter in /cgi-bin/proxygroup.cgi, and can be exploited by an attacker to inject malicious...

6.4CVSS5AI score0.00034EPSS

Exploits0

CNVD•added 2026/04/07 12:0 a.m.•1 views

Endian Firewall ADDRESS BCC Parameter Cross-Site Scripting Vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall ADDRESS BCC parameter, which originates from improper handling of the ADDRESS BCC parameter in /cgi-bin/smtprouting.cgi, and can be exploited by an attacker to...

6.4CVSS5AI score0.00034EPSS

Exploits0

CNVD•added 2026/04/07 12:0 a.m.•1 views

Endian Firewall remark parameter cross-site scripting vulnerability (CNVD-2026-18402)

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /cgi-bin/zonefw.cgi, and can be exploited by an attacker to inject malicious...

6.4CVSS5AI score0.00034EPSS

Exploits0

CNVD•added 2026/04/07 12:0 a.m.•2 views

Endian Firewall REMARK Parameter Cross-Site Scripting Vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall REMARK parameter, which stems from improper handling of the REMARK parameter in /cgi-bin/openvpnclient.cgi, and can be exploited by an attacker to inject malicious...

6.4CVSS5AI score0.00011EPSS

Exploits0

ATTACKERKB•added 2026/04/02 2:46 p.m.•1 views

CVE-2026-34817

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the ADDRESS BCC parameter to /cgi-bin/smtprouting.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS5.9AI score0.00034EPSS

Exploits0References3Affected Software1

CNNVD•added 2026/04/02 12:0 a.m.•2 views

Endian Firewall 跨站脚本漏洞

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /manage/dnsmasq/localdomains/, and can be exploited by an attacker to inject...

6.4CVSS5.7AI score0.00034EPSS

Exploits0References2

CNNVD•added 2026/04/02 12:0 a.m.•1 views

Endian Firewall 跨站脚本漏洞

6.4CVSS5.7AI score0.00034EPSS

Exploits0References2

CNNVD•added 2026/04/02 12:0 a.m.•2 views

Endian Firewall 跨站脚本漏洞

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall dscp parameter, which stems from improper handling of the dscp parameter in /manage/qos/rules/, and can be exploited by an attacker to inject malicious JavaScript...

6.4CVSS5.7AI score0.00034EPSS

Exploits0References2

CNNVD•added 2026/04/02 12:0 a.m.•1 views

Endian Firewall 跨站脚本漏洞

6.4CVSS5.7AI score0.00034EPSS

Exploits0References2

CNNVD•added 2026/04/02 12:0 a.m.•2 views

Endian Firewall 跨站脚本漏洞

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improperly cleaning up the input of the remark parameter in /manage/dhcp/fixedleases/, and can be exploited by an attacker to...

6.4CVSS5.7AI score0.00011EPSS

Exploits0References2

CNNVD•added 2026/04/02 12:0 a.m.•1 views

Endian Firewall 跨站脚本漏洞

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /cgi-bin/vpnfw.cgi, and can be exploited by an attacker to inject malicious...

6.4CVSS5.7AI score0.00034EPSS

Exploits0References2

Cvelist•added 2026/04/01 9:27 p.m.•18 views

CVE-2026-34566 CI4MS: Pages Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within the Page Management functionality when creating or editi...

9.1CVSS0.0005EPSS

Exploits1References2

ATTACKERKB•added 2026/03/15 6:34 p.m.•1 views

CVE-2015-20115

Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize file uploads, allowing attackers to store malicious scripts through the file POST parameter in admin/tools.php. Attackers can upload files containing JavaScript code that executes in the context of admin/tools.php when accessed by...

5.9AI score0.00035EPSS

Exploits1References3Affected Software1

Positive Technologies•added 2026/02/25 12:0 a.m.•3 views

PT-2026-21841

Name of the Vulnerable Software and Affected Versions Bugsink versions prior to 2.0.13 Description Bugsink is a self-hosted error tracking tool affected by a stored cross-site scripting XSS issue. An unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScrip...

9.3CVSS6AI score0.00099EPSS

Exploits1References13

Vulnrichment•added 2026/02/19 5:54 p.m.•2 views

CVE-2026-23605 GFI MailEssentials AI < 22.4 Attachment Filtering Rule Stored XSS

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Attachment Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXBRuleName parameter to...

5.4CVSS5.4AI score0.00045EPSS

Exploits0References2

Veracode•added 2026/02/09 8:7 p.m.•2 views

Cross-site Scripting (XSS)

craftcms/commerce is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of the “Address Line 1” field in Inventory Locations, which allows an attacker to store and execute malicious JavaScript in an administrator’s browser via the admin panel...

6.3CVSS5.5AI score0.00012EPSS

Exploits1References4Affected Software3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by