Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed.
DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. An authenticated user can upload a web sh
A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious
A template injection vulnerability leading to reflected cross-site scripting (XSS) has been identified in version 1.7.1, requiring authenticated admin access for exploitation. The vulnerability exists
Voyager 1.3.0 contains a directory traversal vulnerability that allows attackers to access sensitive system files by manipulating the asset path parameter. Attackers can exploit the path parameter in
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WalkerWP Walker Core walker-core allows DOM-Based XSS.This issue affects Walker Core: from n/a thr
A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in  spacewalk-java allows execution of arbitrary Javascript code on users machines.This issue affects Cont
A flaw was found in the gi-docgen. This vulnerability allows arbitrary JavaScript execution in the context of the page — enabling DOM access, session cookie theft and other client-side attacks — via a
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2
Reflected Cross-Site Scripting (XSS) vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through desi
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.4, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2
A reflected cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition enables attackers to execute malicious JavaScript code in the context of an authenticated Expedition user’s browse
A reflected cross-site scripting (XSS) vulnerability in Audemium ERP <=0.9.0 allows remote attackers to execute an arbitrary JavaScript payload in the web browser of a user by including a malicious pa
A reflected cross-site scripting (XSS) vulnerability in Sage DPW 2024_12_004 and earlier allows attackers to execute arbitrary JavaScript in the context of a victim's browser via injecting a crafted p
A reflected cross-site scripting (XSS) vulnerability in Elaine's Realtime CRM Automation v6.18.17 allows attackers to execute arbitrary JavaScript code in the web browser of a user via injecting a cra
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pierre Jégo Map Store Locator map-store-location allows DOM-Based XSS.This issue affects Map Store
A reflected Cross-Site Scripting (XSS) vulnerability was found on Temenos T24 Browser R19.40 that enables a remote attacker to execute arbitrary JavaScript code via the skin parameter in the about.jsp
VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation a
Page 1+ Next →