Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2024-11986
CRITICAL CVSS 9.6
Find Similar
Improper input handling in the 'Host Header' allows an unauthenticated attacker to store a payload in web application logs. When an Administrator views the logs using the application's standard functi
A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. An authenticated user with custom fields privileges c
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause condition where authenticated attackers can have a victim’s browser ru
Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "File Name" page (/cgi/uset.cgi?-cfilename) in t
Stored Cross-Site Scripting (XSS) vulnerability in the CoverManager booking software. This allows an attacker to inject malicious scripts into the application, which are permanently stored on the serv
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in Certificates page on Webserver that could cause an unvalidated data injected by aut
A Stored Cross-Site Scripting (Stored XSS) vulnerability has been found in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within the editable ‘name’ a
CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an authenticated user modifies configuration parameters on the web server
A stored cross-site scripting (XSS) vulnerability in the page_save component of Linksys E5600 V1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into th
Missing sanitation of inputs allowed arbitrary users to conduct a stored XSS attack that triggers for users that view a certain project
Stored Cross-Site Scripting (XSS) in TelegAI (telegai.com) 2025-05-26 in its chat component and character container component. An attacker can achieve arbitrary client-side script execution by craftin
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists impacting configuration file paths that could cause an unvalidated data injected by au
A stored cross-site scripting (XSS) vulnerability in AIxBlock commit 04f305 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the model_desc field.
An authenticated cross-site scripting (XSS) vulnerability in the Administrative interface of Radware AlteonOS Web UI Management v33.0.4.50 allows attackers to execute arbitrary web scripts or HTML via
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bowo Debug Log Manager debug-log-manager allows Stored XSS.This issue affects Debug Log Manager: f
A cross-site scripting (XSS) vulnerability in the Admin Login page of Allworx System Software v9.1.9.12 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into th
A stored cross-site scripting (XSS) vulnerability in the prf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted paylo
A cross-site scripting (XSS) vulnerability exists in the LB-Link BL-CPE300M 01.01.02P42U14_06 router's web interface. The /goform/goform_get_cmd_process endpoint fails to sanitize user input in the cm
CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an authenticated attacker modifies folder names within the context of the product
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause an unvalidated data injected by a malicious user potentially leading
Page 1+ Next →