Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
3 HIGH17 MEDIUM
CVE-2024-57776
MEDIUM CVSS 4.6
Find Similar
A cross-site scripting (XSS) vulnerability in the /apply/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
jfinaloa_project
NVD RRF 0.016
CVE-2024-57771
MEDIUM CVSS 4.8
Find Similar
A cross-site scripting (XSS) vulnerability in the common/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
jfinaloa_project
NVD RRF 0.016
CVE-2024-57772
MEDIUM CVSS 4.8
Find Similar
A cross-site scripting (XSS) vulnerability in the /bumph/getDraftListPage?type interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
jfinaloa_project
NVD RRF 0.016
CVE-2024-57773
MEDIUM CVSS 4.8
Find Similar
A cross-site scripting (XSS) vulnerability in the openSelectManyUserPage?orgid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
jfinaloa_project
NVD RRF 0.016
CVE-2024-57774
MEDIUM CVSS 4.8
Find Similar
A cross-site scripting (XSS) vulnerability in the getBusinessUploadListPage?busid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted paylo
jfinaloa_project
NVD RRF 0.015
CVE-2025-45806
MEDIUM CVSS 6.1
Find Similar
A cross-site scripting (XSS) vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
NVD RRF 0.015
CVE-2025-57444
MEDIUM CVSS 6.1
Find Similar
An authenticated cross-site scripting (XSS) vulnerability in the Administrative interface of Radware AlteonOS Web UI Management v33.0.4.50 allows attackers to execute arbitrary web scripts or HTML via
NVD RRF 0.015
CVE-2024-44872
MEDIUM CVSS 6.1
Find Similar
A reflected cross-site scripting (XSS) vulnerability in moziloCMS v3.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.
mozilo
NVD RRF 0.015
CVE-2025-29686
MEDIUM CVSS 6.1
Find Similar
A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /inform/
hailey888
NVD RRF 0.014
CVE-2025-67163
MEDIUM CVSS 6.1
Find Similar
A stored cross-site scripting (XSS) vulnerability in Simple Machines Forum v2.1.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Forum Name paramete
simplemachines
NVD RRF 0.014
CVE-2025-26127
MEDIUM CVSS 5.0
Find Similar
A stored cross-site scripting (XSS) vulnerability in the Send for Approval function of FileCloud v23.241.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
NVD RRF 0.014
CVE-2025-29690
MEDIUM CVSS 6.1
Find Similar
A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the outtype parameter at /addre
hailey888
NVD RRF 0.014
CVE-2025-61314
HIGH CVSS 7.3
Find Similar
A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_orderopt.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in
NVD RRF 0.014
CVE-2025-63885
MEDIUM CVSS 6.1
Find Similar
A stored cross-site scripting (XSS) vulnerability in AIxBlock commit 04f305 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the model_desc field.
NVD RRF 0.014
CVE-2025-60646
MEDIUM CVSS 6.1
Find Similar
A stored cross-site scripting (XSS) in the Business Line Management module of Xxl-api v1.3.0 attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.
xuxueli
NVD RRF 0.013
CVE-2025-61306
MEDIUM CVSS 6.1
Find Similar
A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_coveragealerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascri
NVD RRF 0.013
CVE-2025-51691
MEDIUM CVSS 6.1
Find Similar
Cross-Site Scripting (XSS) vulnerability found in MarkTwo commit e3a1d3f90cce4ea9c26efcbbf3a1cbfb9dcdb298 (May 2025) allows a remote attacker to execute arbitrary code via a crafted script input to th
NVD RRF 0.013
CVE-2025-55620
MEDIUM CVSS 6.1
Find Similar
A cross-site scripting (XSS) vulnerability in the valuateJavascript() function of Reolink v4.54.0.4.20250526 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
reolink
NVD RRF 0.013
CVE-2025-61313
HIGH CVSS 7.3
Find Similar
A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_markeralerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript
NVD RRF 0.013
CVE-2025-4988
HIGH CVSS 8.7
Find Similar
A stored Cross-site Scripting (XSS) vulnerability affecting Results Analytics in Multidisciplinary Optimization Engineer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an
NVD RRF 0.013
Page 1+ Next →