Lucene search
K

1736 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.8 views

CVE-2026-8253

A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. Affected by this vulnerability is an unknown functionality of the file /inventory/purchasesave. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available a...

4.8CVSS3.6AI score0.00202EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:40 p.m.24 views

CVE-2023-43951

SSCMS 7.2.2 was discovered to contain a cross-site scripting XSS vulnerability via the Column Management component...

5.4CVSS6.2AI score0.00348EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:40 p.m.8 views

CVE-2023-43353

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component...

5.4CVSS6.9AI score0.00473EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:35 p.m.6 views

CVE-2023-49486

JFinalCMS v5.0.0 was discovered to contain a cross-site scripting XSS vulnerability in the model management department...

5.4CVSS6AI score0.0042EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.5 views

CVE-2023-4167

A vulnerability was found in Media Browser Emby Server 4.7.13.0 and classified as problematic. This issue affects some unknown processing of the file /web/. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may b...

6.1CVSS6.2AI score0.00542EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:29 p.m.8 views

CVE-2023-40869

Cross Site Scripting vulnerability in mooSocial mooSocial Software 3.1.6 and 3.1.7 allows a remote attacker to execute arbitrary code via a crafted script to the editmenu, copuon, and groupcategorias functions...

6.1CVSS7.3AI score0.01008EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:8 p.m.8 views

CVE-2018-6002

The Soundy Background Music plugin 3.9 and below for WordPress has Cross-Site Scripting via soundy-background-music\templates\front-end.php warsoundypreview parameter...

6.1CVSS6.6AI score0.0078EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:53 a.m.8 views

CVE-2022-33154

The schema aka Embedding schema.org vocabulary extension before 1.13.1 and 2.x before 2.5.1 for TYPO3 allows XSS...

5.4CVSS6.9AI score0.00487EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:49 a.m.8 views

CVE-2022-37796

In Simple Online Book Store System 1.0 in /adminbook.php the Title, Author, and Description parameters are vulnerable to Cross Site ScriptingXSS...

5.4CVSS6.9AI score0.00404EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:44 a.m.7 views

CVE-2022-0884

The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting attacks even when unfilteredhtml is disallowed...

4.8CVSS6.3AI score0.00644EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:38 a.m.13 views

CVE-2017-12655

Cross-Site Scripting XSS exists in NexusPHP version v1.5 via the query parameter to log.php in a dailylog action...

6.1CVSS6AI score0.00669EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:56 a.m.8 views

CVE-2020-12811

An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting XSS via the Identify Provider name field...

6.1CVSS5.8AI score0.00801EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:54 a.m.9 views

CVE-2020-23049

Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the Displayname field when using the Add, Edit or Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML...

5.4CVSS6.2AI score0.00576EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:46 a.m.7 views

CVE-2015-0917

Cross-site scripting XSS vulnerability in the backend in Kajona before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php...

4.3CVSS5.9AI score0.01892EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:21 a.m.11 views

CVE-2021-41142

Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. There is a cross-site scripting vulnerability in Tuleap Community Edition prior to 12.11.99.25 and Tuleap Enterprise Edition 12.11-2. A malicious user with the capability to add and...

5.4CVSS6.3AI score0.00702EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:13 a.m.8 views

CVE-2022-42985

The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting XSS...

4.8CVSS6.2AI score0.00358EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:0 a.m.9 views

CVE-2023-29183

An improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability CWE-79 in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14 GUI may allow an authenticated...

8CVSS7.1AI score0.01119EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:49 a.m.11 views

CVE-2021-22260

A stored Cross-Site Scripting vulnerability in the DataDog integration in all versions of GitLab CE/EE starting from 13.7 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the...

7.7CVSS6.2AI score0.00912EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:48 a.m.4 views

CVE-2025-23591

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in blulogistics1 blu Logistics blu-logistics allows Reflected XSS.This issue affects blu Logistics: from n/a through = 1.0.0...

7.1CVSS7.2AI score0.00303EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:48 a.m.5 views

CVE-2025-23452

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in EditionGuard EditionGuard for WooCommerce – eBook Sales with DRM editionguard-for-woocommerce-ebook-sales-with-drm allows Reflected XSS.This issue affects EditionGuard for WooCommerce – eBook Sales...

7.1CVSS7.2AI score0.004EPSS
Exploits0References1
Rows per page
Query Builder