Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
A Cross-site scripting (XSS) vulnerability in /api_vedo/ in Vedo Suite version 2024.17 allows remote attackers to inject arbitrary Javascript or HTML code and potentially trigger code execution in vic
A Reflected Cross Site Scripting (XSS) vulnerability was found in '/search' in Phoenix Site CMS from Phoenix, which allows remote attackers to execute arbitrary code via 's' GET parameter.
OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious input through the p
An issue was discovered in eGroupWare 17.1.20190111. A cross-site scripting Reflected (XSS) vulnerability exists in calendar/freebusy.php, which allows unauthenticated remote attackers to inject arbit
A cross-site scripting vulnerability exists in Aterm. Arbitrary scripts may be executed in the web browser of a user accessing the web management interface via adjacent network.
Reflected Cross-Site Scripting (XSS) vulnerability in WebWork, which allows remote attackers to execute arbitrary code through the 'q' and 'engine' request parameters in /search.
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string wh
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string wh
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string wh
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string wh
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string wh
A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in Norman's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to
Medical Informatics Engineering Enterprise Health has a reflected cross site scripting vulnerability in the 'portlet_user_id' URL parameter. A remote, unauthenticated attacker can craft a URL that can
A reflected cross-site scripting (XSS) vulnerability in Audemium ERP <=0.9.0 allows remote attackers to execute an arbitrary JavaScript payload in the web browser of a user by including a malicious pa
AgentFlow developed by Flowring has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing a
A stored cross‑site scripting (XSS) vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript
A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in the API Server's public API endpoint can be exploited, allowing an attacker to execute arbitrary JavaScript
Reflected cross-site scripting (XSS) vulnerability in desknet's Web Server allows execution of arbitrary JavaScript in a user’s web browser.
Reflected Cross-Site Scripting in the Change Template function in Easy Hosting Control Panel (EHCP) 20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via the template parameter.
A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the /publix/run endpoint of JATOS 3.7.1 through 3.9.6 (inclusive). This allows remote attackers to execute arbitrary JavaScript i