CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

531 matches found

OSV•added 2026/02/01 1:15 p.m.•3 views

CVE-2021-47913

PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation...

5.4CVSS5.8AI score

Exploits0References4

RedhatCVE•added 2026/01/09 11:25 a.m.•4 views

CVE-2021-28114

Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing...

5.4CVSS6AI score0.52037EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:24 a.m.•4 views

CVE-2021-31712

react-draft-wysiwyg aka React Draft Wysiwyg before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS...

5.4CVSS6.8AI score0.00795EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:17 a.m.•3 views

CVE-2025-23958

Missing Authorization vulnerability in FADI MED Editor Wysiwyg Background Color editor-wysiwyg-background-color allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Editor Wysiwyg Background Color: from n/a through = 1.0...

6.5CVSS7.2AI score0.00308EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:36 a.m.•6 views

CVE-2019-7882

A stored cross-site scripting vulnerability exists in the WYSIWYG editor of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the editor can...

5.4CVSS5.8AI score0.00566EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:36 a.m.•8 views

CVE-2019-7859

A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could result in unauthorized access to uploaded images due to insufficient access control...

7.5CVSS6.6AI score0.01454EPSS

Exploits0References1

EUVD•added 2025/12/19 9:30 p.m.•4 views

EUVD-2025-204602

InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload...

9.8CVSS6.5AI score0.00559EPSS

Exploits0References4

NVD•added 2025/12/19 9:15 p.m.•3 views

CVE-2023-53950

9.8CVSS0.00559EPSS

Exploits0References3

CVE•added 2025/12/19 9:7 p.m.•9 views

CVE-2023-53950

CVE-2023-53950 affects InnovaStudio WYSIWYG Editor 5.4. The vulnerability is an unrestricted file upload via filename manipulation that bypasses file extension restrictions, enabling attackers to upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent...

9.8CVSS6.6AI score0.00559EPSS

Exploits0References3

OSV•added 2025/12/17 11:15 p.m.•4 views

CVE-2023-53910

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by inserting script tags into page content through the WYSIWYG editor. Attackers can submit POST requests to /wbce/modules/wysiwyg/save.php with malicious script...

5.4CVSS6AI score

Exploits0References3

Vulnrichment•added 2025/12/17 10:44 p.m.•3 views

CVE-2023-53910 WBCE CMS 1.6.1 Stored Cross-Site Scripting via Page Content

5.4CVSS5.7AI score0.00267EPSS

Exploits1References3

CVE•added 2025/12/17 10:44 p.m.•9 views

CVE-2023-53910

WBCE CMS 1.6.1 has a stored XSS vulnerability in the WYSIWYG editor: authenticated attackers can inject JavaScript by sending malicious content to /wbce/modules/wysiwyg/save.php (content parameter), which executes when pages are viewed. Root cause: improper input handling in page content. Impact:...

5.4CVSS5.7AI score0.00267EPSS

Exploits1References3Affected Software1

CNNVD•added 2025/12/17 12:0 a.m.•3 views

WBCE CMS 跨站脚本漏洞

WBCE CMS is WBCE CMS open source a set of PHP and MySQL based open source content management system CMS. A cross-site scripting vulnerability exists in WBCE CMS version 1.6.1, which stems from improper cleanup of content parameters in the WYSIWYG editor and could lead to a stored cross-site...

5.4CVSS5.8AI score0.00267EPSS

Exploits1References4

Fedora•added 2025/12/04 12:53 a.m.•5 views

[SECURITY] Fedora 43 Update: sigil-2.6.2-3.fc43

Sigil is a multi-platform WYSIWYG ebook editor. It is designed to edit books in ePub format. Now what does it have to offer... Full Unicode support: everything you see in Sigil is in UTF-16 Full EPUB spec support WYSIWYG editing Multiple Views: Book View, Code View and Split View Metadata editor...

7AI score

Exploits0

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-7899

Malware in sbrugna...

6.1CVSS6.3AI score0.00655EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2017-5707

Malware in sbrugna...

6.1CVSS6.3AI score0.00602EPSS

Exploits0References2