Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
19 MEDIUM1 NONE
CVE-2024-57773
MEDIUM CVSS 4.8
Find Similar
A cross-site scripting (XSS) vulnerability in the openSelectManyUserPage?orgid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
jfinaloa_project
NVD RRF 0.016
CVE-2024-57771
MEDIUM CVSS 4.8
Find Similar
A cross-site scripting (XSS) vulnerability in the common/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
jfinaloa_project
NVD RRF 0.016
CVE-2024-57772
MEDIUM CVSS 4.8
Find Similar
A cross-site scripting (XSS) vulnerability in the /bumph/getDraftListPage?type interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
jfinaloa_project
NVD RRF 0.016
CVE-2024-57776
MEDIUM CVSS 4.6
Find Similar
A cross-site scripting (XSS) vulnerability in the /apply/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
jfinaloa_project
NVD RRF 0.016
CVE-2024-57774
MEDIUM CVSS 4.8
Find Similar
A cross-site scripting (XSS) vulnerability in the getBusinessUploadListPage?busid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted paylo
jfinaloa_project
NVD RRF 0.015
CVE-2025-29686
MEDIUM CVSS 6.1
Find Similar
A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /inform/
hailey888
NVD RRF 0.015
CVE-2025-45806
MEDIUM CVSS 6.1
Find Similar
A cross-site scripting (XSS) vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
NVD RRF 0.015
CVE-2025-29690
MEDIUM CVSS 6.1
Find Similar
A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the outtype parameter at /addre
hailey888
NVD RRF 0.015
CVE-2025-29688
MEDIUM CVSS 6.1
Find Similar
A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /daymana
hailey888
NVD RRF 0.014
CVE-2025-29689
MEDIUM CVSS 6.1
Find Similar
A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the password parameter at /mail
hailey888
NVD RRF 0.014
CVE-2025-57444
MEDIUM CVSS 6.1
Find Similar
An authenticated cross-site scripting (XSS) vulnerability in the Administrative interface of Radware AlteonOS Web UI Management v33.0.4.50 allows attackers to execute arbitrary web scripts or HTML via
NVD RRF 0.014
CVE-2025-26127
MEDIUM CVSS 5.0
Find Similar
A stored cross-site scripting (XSS) vulnerability in the Send for Approval function of FileCloud v23.241.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
NVD RRF 0.014
CVE-2025-29691
MEDIUM CVSS 6.1
Find Similar
A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the userName parameter at /logi
hailey888
NVD RRF 0.014
CVE-2024-44872
MEDIUM CVSS 6.1
Find Similar
A reflected cross-site scripting (XSS) vulnerability in moziloCMS v3.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.
mozilo
NVD RRF 0.014
CVE-2024-12870
NONE
Find Similar
A stored cross-site scripting (XSS) vulnerability exists in infiniflow/ragflow, affecting the latest commit on the main branch (cec2080). The vulnerability allows an attacker to upload HTML/XML files
NVD RRF 0.013
CVE-2025-55620
MEDIUM CVSS 6.1
Find Similar
A cross-site scripting (XSS) vulnerability in the valuateJavascript() function of Reolink v4.54.0.4.20250526 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
reolink
NVD RRF 0.013
CVE-2025-67163
MEDIUM CVSS 6.1
Find Similar
A stored cross-site scripting (XSS) vulnerability in Simple Machines Forum v2.1.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Forum Name paramete
simplemachines
NVD RRF 0.013
CVE-2024-46538
MEDIUM CVSS 4.8
Find Similar
A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_ed
netgate
NVD RRF 0.013
CVE-2025-28380
MEDIUM CVSS 6.1
Find Similar
A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS before v6.0.2 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter.
openc3
NVD RRF 0.013
CVE-2025-29322
MEDIUM CVSS 4.6
Find Similar
A cross-site scripting (XSS) vulnerability in ScriptCase before v1.0.003 - Build 3 allows attackers to execute arbitrary code via a crafted payload to the "Connection Name" in the New Connection and R
NVD RRF 0.013
Page 1+ Next →