Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
1 HIGH19 MEDIUM
CVE-2013-20006
HIGH CVSS 8.7
Find Similar
Qool CMS contains multiple persistent cross-site scripting vulnerabilities in several administrative scripts where POST parameters are not properly sanitized before being stored and returned to users.
NVD RRF 0.016
CVE-2020-37240
MEDIUM CVSS 5.1
Find Similar
Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through user creation fields. Attackers can inse
NVD RRF 0.016
CVE-2025-46041
MEDIUM CVSS 5.4
Find Similar
A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface (/admin/pages/add)
anchorcms
NVD RRF 0.016
CVE-2023-53910
MEDIUM CVSS 5.1
Find Similar
WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by inserting script tags into page content through the WYSIWYG ed
wbce
NVD RRF 0.016
CVE-2020-36998
MEDIUM CVSS 5.1
Find Similar
Forma.lms The E-Learning Suite 2.3.0.2 contains a persistent cross-site scripting vulnerability in multiple course and profile parameters. Attackers can inject malicious scripts in course code, name,
NVD RRF 0.015
CVE-2021-47917
MEDIUM CVSS 5.1
Find Similar
Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and edi
simplephpscripts
NVD RRF 0.015
CVE-2023-53882
MEDIUM CVSS 5.1
Find Similar
JLex GuestBook 1.6.4 contains a reflected cross-site scripting vulnerability in the 'q' URL parameter that allows attackers to inject malicious scripts. Attackers can craft malicious links with XSS pa
NVD RRF 0.015
CVE-2025-50977
MEDIUM CVSS 6.1
Find Similar
A template injection vulnerability leading to reflected cross-site scripting (XSS) has been identified in version 1.7.1, requiring authenticated admin access for exploitation. The vulnerability exists
gitblit
NVD RRF 0.015
CVE-2025-57444
MEDIUM CVSS 6.1
Find Similar
An authenticated cross-site scripting (XSS) vulnerability in the Administrative interface of Radware AlteonOS Web UI Management v33.0.4.50 allows attackers to execute arbitrary web scripts or HTML via
NVD RRF 0.014
CVE-2024-9799
MEDIUM CVSS 5.3
Find Similar
A vulnerability has been found in SourceCodester Profile Registration without Reload Refresh 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file a
rems
NVD RRF 0.014
CVE-2023-4507
MEDIUM CVSS 6.1
Find Similar
The Admission AppManager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'q' parameter in versions up to, and including, 1.0.0 due to insufficient input sanitization and o
NVD RRF 0.014
CVE-2018-25331
MEDIUM CVSS 5.1
Find Similar
Zenar Content Management System contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating form parameters in POST requests. Attack
NVD RRF 0.014
CVE-2026-56381
MEDIUM CVSS 4.6
Find Similar
Craft CMS from version 5.0.0-RC1 contains a stored cross-site scripting vulnerability in the User Permissions page where user group names are rendered without proper HTML escaping. Attackers with admi
NVD RRF 0.014
CVE-2024-8152
MEDIUM CVSS 5.3
Find Similar
A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /endpoint/add-bookmark.php of the comp
rems
NVD RRF 0.014
CVE-2023-53891
MEDIUM CVSS 5.1
Find Similar
Blackcat CMS 1.4 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into page content. Attackers can insert JavaScript payloads in the pag
blackcat-cms
NVD RRF 0.013
CVE-2021-47906
MEDIUM CVSS 5.1
Find Similar
BloofoxCMS 0.5.2.1 contains a stored cross-site scripting vulnerability in the articles text parameter that allows authenticated attackers to inject malicious scripts. Attackers can insert malicious j
NVD RRF 0.013
CVE-2025-51990
MEDIUM CVSS 4.8
Find Similar
XWiki through version 17.3.0 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities in the Administration interface, specifically under the Presentation section of the Global Prefer
xwiki
NVD RRF 0.013
CVE-2025-11184
MEDIUM CVSS 6.9
Find Similar
Cross-site scripting vulnerability in QGIS QWC2 Registration GUI <=v2025.03.31 allows an authorized attacker to plant arbitrary JavaScript code in the page
NVD RRF 0.013
CVE-2025-11183
MEDIUM CVSS 6.9
Find Similar
Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 <2025.08.14 allows an authorized attacker to plant arbitrary JavaScript code in the page
NVD RRF 0.013
CVE-2023-54362
MEDIUM CVSS 5.1
Find Similar
Joomla VirtueMart Shopping-Cart 4.0.12 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can cr
NVD RRF 0.013
Page 1+ Next →