CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5210 matches found

WPVulnDB•added 2023/08/09 12:0 a.m.•12 views

Post Connector < 1.0.10 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...

5.9CVSS6.8AI score0.00087EPSS

Exploits0Affected Software1

Cvelist•added 2023/08/09 12:0 a.m.•12 views

CVE-2023-39002

A cross-site scripting XSS vulnerability in the act parameter of systemcertmanager.php in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

6AI score0.23578EPSS

Exploits1References2

NVD•added 2023/08/02 9:15 a.m.•8 views

CVE-2023-4067

The Bus Ticket Booking with Seat Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tabdate' and 'tabdater' parameters in versions up to, and including, 5.2.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS6AI score0.01034EPSS

Exploits0References2

NVD•added 2023/07/27 8:15 p.m.•11 views

CVE-2023-36942

A cross-site scripting XSS vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the website title field...

6.1CVSS5.9AI score0.00148EPSS

Exploits1References2

NVD•added 2023/07/27 6:15 p.m.•8 views

CVE-2023-36941

6.1CVSS5.9AI score0.00193EPSS

Exploits1References2

Prion•added 2023/07/27 6:15 p.m.•17 views

Cross site scripting

5.8CVSS5.9AI score0.00193EPSS

Exploits1References2Affected Software1

Cvelist•added 2023/07/27 12:0 a.m.•11 views

CVE-2023-36941

6AI score0.00193EPSS

Exploits1References2

Prion•added 2023/07/26 9:15 p.m.•17 views

Cross site scripting

A cross-site scripting XSS vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a user chat box...

5.8CVSS5.9AI score0.00096EPSS

Exploits0References2Affected Software1

Prion•added 2023/07/26 8:15 p.m.•18 views

Cross site scripting

A cross-site scripting XSS vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the team name parameter...

5.8CVSS5.9AI score0.00105EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2023/07/26 12:0 a.m.•19 views

CVE-2022-31456

A cross-site scripting XSS vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the team name parameter...

5.8AI score0.00105EPSS

Exploits0References2

Cvelist•added 2023/07/26 12:0 a.m.•18 views

CVE-2022-31455

A cross-site scripting XSS vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a user chat box...

6AI score0.00096EPSS

Exploits0References2

CVE•added 2023/07/26 12:0 a.m.•53 views

CVE-2022-31455

CVE-2022-31455 affects Truedesk v1.2.2 and is an XSS vulnerability exploitable via a crafted payload injected into the user chat box. The CVE details from multiple sources confirm the vulnerability exists in Truedesk 1.2.2 and describe arbitrary script/HTML execution. The NVD/NVD-derived metrics ...

6.1CVSS5.8AI score0.00096EPSS

Exploits0References2Affected Software1

Prion•added 2023/07/24 8:15 p.m.•11 views

Cross site scripting

A cross-site scripting XSS vulnerability in SeedDMS v6.0.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.8CVSS5.9AI score0.00096EPSS

Exploits0References1Affected Software1

NVD•added 2023/07/24 7:15 p.m.•7 views

CVE-2023-37613

A cross-site scripting XSS vulnerability in Assembly Software Trialworks v11.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the asset src parameter...

6.1CVSS5.9AI score0.00114EPSS

Exploits1References2

Cvelist•added 2023/07/24 12:0 a.m.•10 views

CVE-2023-37613

6AI score0.00114EPSS

Exploits1References2

Cvelist•added 2023/07/24 12:0 a.m.•15 views

CVE-2021-39421

A cross-site scripting XSS vulnerability in SeedDMS v6.0.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

6AI score0.00096EPSS

Exploits0References1

Vulnrichment•added 2023/07/24 12:0 a.m.•11 views

CVE-2021-39421

A cross-site scripting XSS vulnerability in SeedDMS v6.0.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.8AI score0.00096EPSS

Exploits0References1

OpenVAS•added 2023/07/20 12:0 a.m.•18 views

WordPress YARPP Plugin < 5.30.4 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:yarpp:yetanotherrelatedpostsplugin"; ifdescription...

6.4CVSS7AI score0.00154EPSS

Exploits0References1

NVD•added 2023/07/18 3:15 a.m.•11 views

CVE-2023-3708

Several themes for WordPress by DeoThemes are vulnerable to Reflected Cross-Site Scripting via breadcrumbs in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if...

6.1CVSS0.01036EPSS

Exploits0References6

Prion•added 2023/07/18 3:15 a.m.•14 views

Cross site scripting

5.8CVSS6.2AI score0.01036EPSS

Exploits0References6Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by