CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

133 matches found

RedhatCVE•added 2025/05/22 12:33 p.m.•5 views

CVE-2010-2275

Cross-site scripting XSS vulnerability in dijit/tests/testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/testButton.html...

4.3CVSS5.8AI score0.02899EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 1:34 a.m.•5 views

CVE-2010-4939

PHP remote file inclusion vulnerability in index.php in MailForm 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the theme parameter...

7.5CVSS7.9AI score0.02096EPSS

Exploits1References1

RedhatCVE•added 2025/05/21 7:5 p.m.•3 views

CVE-2008-2840

Multiple directory traversal vulnerabilities in Exero CMS 1.0.0 and 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the theme parameter to 1 custompage.php, 2 errors/404.php, 3 members/memberslist.php, 4 members/profile.php, 5 news/fullview.php, 6...

6.8CVSS7.7AI score0.01268EPSS

Exploits0References1

OSV•added 2025/01/24 11:15 a.m.•1 views

CVE-2024-13409

The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' parameter of the posttypeajaxhandler function. This makes it possible for...

8.8CVSS6.3AI score0.00842EPSS

Exploits0References4

Positive Technologies•added 2025/01/24 12:0 a.m.•3 views

PT-2025-2162 · WordPress · Post Grid

Name of the Vulnerable Software and Affected Versions: Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress versions up to, and including, 1.6.10 Description: The issue allows authenticated attackers, with Contributor-level access and...

8.8CVSS7.9AI score0.00842EPSS

Exploits0References12

Positive Technologies•added 2025/01/01 12:0 a.m.•1 views

PT-2025-49122

Name of the Vulnerable Software and Affected Versions Alinto Sogo version 5.12.3 Description Alinto Sogo 5.12.3 is susceptible to Cross Site Scripting XSS attacks. The issue is located in the handling of the theme parameter. Successful exploitation could allow an attacker to inject malicious...

6.1CVSS6AI score0.00259EPSS

Exploits2References13

CNNVD•added 2024/07/10 12:0 a.m.•3 views

Croogo Code Issues Vulnerabilities

Croogo is a content management system CMS developed on the CakePHP framework. The system provides content type can be customized as Blog, Node, Page, content editing using WYSIWYG editor and other features. Croogo 4.0.7 and earlier versions of the code problem vulnerability , the vulnerability...

5.8CVSS7AI score0.00471EPSS

Exploits0References5

OSV•added 2023/10/10 10:15 p.m.•2 views

CVE-2023-36126

There is a Cross Site Scripting XSS vulnerability in the "theme" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0...

6.1CVSS5.8AI score0.00378EPSS

Exploits0References1

CNNVD•added 2023/10/10 12:0 a.m.•3 views

PHPJabbers Appointment Scheduler Cross-Site Scripting Vulnerability

PHPJabbers Appointment Scheduler is a Php-based appointment scheduler plugin for planning time and booking meeting schedules from PHPJabbers Serbia. A security vulnerability exists in PHPJabbers Appointment Scheduler version v3.0, which originates from a cross-site scripting XSS vulnerability in...

6.1CVSS5.8AI score0.00378EPSS

Exploits0References3

OSV•added 2023/08/28 1:15 p.m.•3 views

CVE-2023-40755

There is a Cross Site Scripting XSS vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0...

6.1CVSS5.8AI score0.01202EPSS

Exploits0References2

ATTACKERKB•added 2023/08/28 1:15 p.m.•9 views

CVE-2023-40755

There is a Cross Site Scripting XSS vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0...

6.1CVSS6.4AI score0.01202EPSS

Exploits0References5

NVD•added 2023/08/28 1:15 p.m.•14 views

CVE-2023-40755

There is a Cross Site Scripting XSS vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0...

6.1CVSS6AI score0.01202EPSS

Exploits0References2

Prion•added 2023/08/28 1:15 p.m.•22 views

Cross site scripting

There is a Cross Site Scripting XSS vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0...

5.8CVSS6AI score0.01202EPSS

Exploits0References2Affected Software1

CNNVD•added 2023/08/28 12:0 a.m.•2 views

PHPJabbers Callback Widget 跨站脚本漏洞

PHPJabbers Callback Widget is a simple PHP script that places a discreet callback button on a website. A security vulnerability exists in PHPJabbers Callback Widget that stems from a cross-site scripting vulnerability in the theme parameter of preview.php...

6.1CVSS5.9AI score0.01202EPSS

Exploits0References3

Positive Technologies•added 2023/08/28 12:0 a.m.•5 views

PT-2023-27620 · Phpjabbers · Phpjabbers Callback Widget

Name of the Vulnerable Software and Affected Versions: PHPJabbers Callback Widget version 1.0 Description: There is a Cross Site Scripting XSS vulnerability in the theme parameter of the "preview.php" file. This issue allows for malicious script execution. Recommendations: For PHPJabbers Callback...

6.1CVSS6AI score0.01202EPSS

Exploits0References9

ATTACKERKB•added 2023/08/04 12:15 a.m.•3 views

CVE-2023-36137

There is a Cross Site Scripting XSS vulnerability in the "theme" parameter of preview.php in PHPJabbers Class Scheduling System 1.0...

6.1CVSS5.7AI score0.00312EPSS

Exploits0References4

OSV•added 2023/08/04 12:15 a.m.•4 views

CVE-2023-36138

PHPJabbers Cleaning Business Software 1.0 is vulnerable to Cross Site Scripting XSS via the theme parameter of preview.php...

6.1CVSS5.8AI score

Exploits0References2