Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /common/autocomplete.php.
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via vam/vam_visits.php.
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /vam/vam_ep.php.
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_monitor_map.php.
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_scheduledfile.php.
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can write arbitrary files by manipulating POST parameters of the page "common/vam_Sql.php".
In Selesta Visual Access Manager < 4.42.2, an authenticated user can access the administrative page /common/vam_Sql.php, which allows for arbitrary SQL queries.
A Reflected Cross Site Scripting (XSS) vulnerability was found in "edit-cate.php" in SourceCodester House Rental Management System v1.0.
CVE-2025-54299
CRITICAL CVSS 9.4
Find Similar
A stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0.0 and 4.0.0-4.0.2 for Joomla was discovered.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allow
kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /client_user/feedback.php.
CVE-2020-26799
CRITICAL CVSS 9.8
Find Similar
A reflected cross-site scripting (XSS) vulnerability was discovered in index.php on Luxcal 4.5.2 which allows an unauthenticated attacker to steal other users' data.
Phpgurukul Maid Hiring Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in /maid-hiring.php va the name field.
A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText Enterprise Security Manager. The vulnerability could be remotely exploited.
WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the `fieldtitle` parameter. Attackers can submit P
A vulnerability was found in Ascensio System SIA OnlyOffice up to 12.7.0. This issue affects some unknown processing of the file /Products/Projects/Messages.aspx of the component SVG Image Handler. Pe
Page 1+ Next →