Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
1 CRITICAL6 HIGH13 MEDIUM
CVE-2024-57409
MEDIUM CVSS 4.8
Find Similar
A stored cross-site scripting (XSS) vulnerability in the Parameter List module of cool-admin-java v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into th
beian.miit
NVD RRF 0.016
CVE-2024-57408
HIGH CVSS 7.2
Find Similar
An arbitrary file upload vulnerability in the component /comm/upload of cool-admin-java v1.0 allows attackers to execute arbitrary code via uploading a crafted file.
beian.miit
NVD RRF 0.016
CVE-2025-50977
MEDIUM CVSS 6.1
Find Similar
A template injection vulnerability leading to reflected cross-site scripting (XSS) has been identified in version 1.7.1, requiring authenticated admin access for exploitation. The vulnerability exists
gitblit
NVD RRF 0.016
CVE-2025-63885
MEDIUM CVSS 6.1
Find Similar
A stored cross-site scripting (XSS) vulnerability in AIxBlock commit 04f305 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the model_desc field.
NVD RRF 0.016
CVE-2025-69011
MEDIUM CVSS 6.5
Find Similar
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPKube Cool Tag Cloud cool-tag-cloud allows Stored XSS.This issue affects Cool Tag Cloud: from n/a
NVD RRF 0.015
CVE-2025-4987
HIGH CVSS 8.7
Find Similar
A stored Cross-site Scripting (XSS) vulnerability affecting Opportunity Management in Project Portfolio Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker
NVD RRF 0.015
CVE-2025-57444
MEDIUM CVSS 6.1
Find Similar
An authenticated cross-site scripting (XSS) vulnerability in the Administrative interface of Radware AlteonOS Web UI Management v33.0.4.50 allows attackers to execute arbitrary web scripts or HTML via
NVD RRF 0.015
CVE-2025-29686
MEDIUM CVSS 6.1
Find Similar
A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /inform/
hailey888
NVD RRF 0.015
CVE-2025-4985
HIGH CVSS 8.7
Find Similar
A stored Cross-site Scripting (XSS) vulnerability affecting Risk Management in Project Portfolio Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to exec
NVD RRF 0.014
CVE-2025-26127
MEDIUM CVSS 5.0
Find Similar
A stored cross-site scripting (XSS) vulnerability in the Send for Approval function of FileCloud v23.241.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
NVD RRF 0.014
CVE-2026-30526
MEDIUM CVSS 6.1
Find Similar
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Zoo Management System v1.0. The vulnerability is located in the login page, specifically within the msg parameter. The app
pushpam02
NVD RRF 0.014
CVE-2025-34157
CRITICAL CVSS 9.4
Find Similar
Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting (XSS) attack in the project creation workflow. An authenticated user with low privileges can create a projec
coollabs
NVD RRF 0.014
CVE-2024-55100
MEDIUM CVSS 4.8
Find Similar
A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Online Nurse Hiring System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a craft
phpgurukul
NVD RRF 0.014
CVE-2025-25908
MEDIUM CVSS 5.4
Find Similar
A stored cross-site scripting (XSS) vulnerability in tianti v2.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the coverImageURL parameter at /article/
tianti_project
NVD RRF 0.014
CVE-2024-43005
MEDIUM CVSS 4.7
Find Similar
A reflected cross-site scripting (XSS) vulnerability in the component dl_liuyan_save.php of ZZCMS v2023 allows attackers to execute arbitrary code in the context of a user's browser via injecting a cr
zzcms
NVD RRF 0.013
CVE-2025-13614
HIGH CVSS 8.1
Find Similar
The Cool Tag Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cool_tag_cloud' shortcode in all versions up to, and including, 2.29 due to insufficient input sa
NVD RRF 0.013
CVE-2025-2072
MEDIUM CVSS 5.1
Find Similar
A Reflected Cross-Site Scripting (XSS) vulnerability has been discovered in FAST LTA Silent Brick WebUI, allowing attackers to inject malicious JavaScript code into web pages viewed by users. This iss
NVD RRF 0.013
CVE-2025-0602
HIGH CVSS 8.7
Find Similar
A stored Cross-site Scripting (XSS) vulnerability affecting Compare in Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execu
NVD RRF 0.013
CVE-2025-4988
HIGH CVSS 8.7
Find Similar
A stored Cross-site Scripting (XSS) vulnerability affecting Results Analytics in Multidisciplinary Optimization Engineer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an
NVD RRF 0.013
CVE-2024-36697
MEDIUM CVSS 6.1
Find Similar
A cross-site scripting (XSS) vulnerability in the Admin Login page of Allworx System Software v9.1.9.12 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into th
NVD RRF 0.013
Page 1+ Next →