Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface (/admin/pages/add)
An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted pa
Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into category titles. Attackers can create a new contact categor
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.4, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2
A stored Cross-site Scripting (XSS) vulnerability affecting Compare in Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execu
A stored cross-site scripting (XSS) vulnerability exists in open-webui/open-webui version 0.3.8. The vulnerability is present in the `/api/v1/models/add` endpoint, where the model description field is
A cross-site scripting (XSS) vulnerability in the graphicCustomization.do page in Kurmi Provisioning Suite before 7.9.0.38, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15 allows remote attacke
An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted pa
CMS Made Simple 2.2.15 contains a stored cross-site scripting vulnerability that allows authenticated users with Content Manager access to inject malicious scripts through SVG file uploads. Attackers
A Stored Cross-site Scripting (XSS) vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows a
A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the rich text editor component for page and form builders. Attackers can exploit this
Joomla HikaShop 4.7.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating GET parameters in the product filter end
A reflected cross-site scripting (XSS) vulnerability in tawk.to chatbox widget v4 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload
A stored cross-site scripting (XSS) in Kissflow Work Platform Kissflow Application Versions 7337 Account v2.0 to v4.2vallows attackers to execute arbitrary web scripts or HTML via injecting a crafted
Cross-Site Scripting (XSS) vulnerability found in MarkTwo commit e3a1d3f90cce4ea9c26efcbbf3a1cbfb9dcdb298 (May 2025) allows a remote attacker to execute arbitrary code via a crafted script input to th
Marky 0.0.1 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded Ja
CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payload
Cross-site scripting vulnerability in QGIS QWC2 Registration GUI <=v2025.03.31 allows an authorized attacker to plant arbitrary JavaScript code in the page
Stored Cross-Site Scripting (XSS) in the _genai/_evals_visualization component of Google Cloud Vertex AI SDK (google-cloud-aiplatform) versions from 1.98.0 up to (but not including) 1.131.0 allows an
An authenticated cross-site scripting (XSS) vulnerability in the Administrative interface of Radware AlteonOS Web UI Management v33.0.4.50 allows attackers to execute arbitrary web scripts or HTML via