CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5210 matches found

Cvelist•added 2023/10/04 12:0 a.m.•15 views

CVE-2023-27121

A cross-site scripting XSS vulnerability in the component /framework/cron/action/humanize of Pleasant Solutions Pleasant Password Server v7.11.41.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cronString parameter...

6AI score0.04765EPSS

Exploits1References3

Prion•added 2023/10/03 2:15 a.m.•15 views

Cross site scripting

The WP Responsive header image slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'spresponsiveslider' shortcode in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

4.9CVSS5.3AI score0.00157EPSS

Exploits0References2Affected Software1

NVD•added 2023/10/02 9:15 p.m.•10 views

CVE-2023-43267

A cross-site scripting XSS vulnerability in the publish article function of emlog pro v2.1.14 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title field...

5.4CVSS5.3AI score0.00223EPSS

Exploits0References2

OSV•added 2023/10/02 9:15 p.m.•10 views

CVE-2023-43267

5.4CVSS5.9AI score

Exploits0References2

Prion•added 2023/10/02 9:15 p.m.•12 views

Cross site scripting

4.9CVSS5.3AI score0.00223EPSS

Exploits0References2Affected Software1

Cvelist•added 2023/10/02 12:0 a.m.•11 views

CVE-2023-43267

5.4AI score0.00223EPSS

Exploits0References2

Github Security Blog•added 2023/09/28 3:30 p.m.•27 views

Subrion CMS Cross-site Scripting vulnerability

A Cross-site scripting XSS vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Reference ID' parameter...

5.4CVSS6.2AI score0.00184EPSS

Exploits1References3Affected Software1

NVD•added 2023/09/28 3:15 p.m.•25 views

CVE-2023-43876

A Cross-Site Scripting XSS vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field...

5.4CVSS5.2AI score0.00261EPSS

Exploits1References1

OSV•added 2023/09/28 3:15 p.m.•14 views

CVE-2023-43884

5.4CVSS6.2AI score

Exploits0References1

Prion•added 2023/09/28 3:15 p.m.•17 views

Cross site scripting

A Cross-Site Scripting XSS vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field...

4.9CVSS5.2AI score0.00261EPSS

Exploits1References1Affected Software1

Prion•added 2023/09/28 3:15 p.m.•19 views

Cross site scripting

4.9CVSS5.4AI score0.00184EPSS

Exploits1References1Affected Software1

NVD•added 2023/09/28 5:15 a.m.•10 views

CVE-2023-5233

The Font Awesome Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'fawesome' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

6.4CVSS5.7AI score0.00201EPSS

Exploits0References2

Prion•added 2023/09/28 5:15 a.m.•17 views

Cross site scripting

The TM WooCommerce Compare & Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'tmwoowishlisttable' shortcode in versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

4.9CVSS5.2AI score0.00217EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2023/09/28 12:0 a.m.•15 views

CVE-2023-43876

A Cross-Site Scripting XSS vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field...

5.9AI score0.00261EPSS

Exploits1References1

Vulnrichment•added 2023/09/28 12:0 a.m.•9 views

CVE-2023-43884

5.9AI score0.00184EPSS

Exploits1References1

Cvelist•added 2023/09/28 12:0 a.m.•30 views

CVE-2023-43876

A Cross-Site Scripting XSS vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field...

5.4AI score0.00261EPSS

Exploits1References1

WPVulnDB•added 2023/09/28 12:0 a.m.•16 views

Font Awesome Integration <= 5.0 - Contributor+ Stored Cross-Site Scripting

Description The plugin does not sufficiently sanitize and escape user-supplied attributes in the 'fawesome' shortcode, which can lead to the injection of arbitrary web scripts on pages accessed by users...

6.4CVSS6.7AI score0.00201EPSS

Exploits0References1

WPVulnDB•added 2023/09/28 12:0 a.m.•11 views

Font Awesome More Icons <= 3.5 - Contributor+ Stored Cross-Site Scripting

Description The plugin does not properly sanitize and escape the 'icon' shortcode, leading to a potential Stored Cross-Site Scripting vulnerability. As a result, users with contributor-level permissions and above can inject arbitrary web scripts into pages...

6.4CVSS5.7AI score0.00249EPSS

Exploits0References1

Github Security Blog•added 2023/09/27 3:30 p.m.•18 views

Subrion CMS Cross-site Scripting vulnerability in /panel/languages

A Cross-site scripting XSS vulnerability in /panel/languages/ of Subrion v4.2.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Title' parameter...

5.4CVSS6.2AI score0.0027EPSS

Exploits1References3Affected Software1

OSV•added 2023/09/27 3:30 p.m.•9 views

GHSA-4W2J-WJ9Q-6WPX Subrion CMS Cross-site Scripting vulnerability in /panel/languages

A Cross-site scripting XSS vulnerability in /panel/languages/ of Subrion v4.2.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Title' parameter...

5.4CVSS5.4AI score0.0027EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by