Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
2 CRITICAL6 HIGH12 MEDIUM
CVE-2025-54296
HIGH CVSS 7.0
Find Similar
A stored XSS vulnerability in ProFiles component 1.0-1.5.0 for Joomla was discovered.
NVD RRF 0.016
CVE-2025-54297
HIGH CVSS 7.0
Find Similar
A stored XSS vulnerability in CComment component 5.0.0-6.1.14 for Joomla was discovered.
NVD RRF 0.016
CVE-2025-54299
CRITICAL CVSS 9.4
Find Similar
A stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0.0 and 4.0.0-4.0.2 for Joomla was discovered.
NVD RRF 0.016
CVE-2025-54295
MEDIUM CVSS 5.1
Find Similar
A Reflected XSS vulnerability in DJ-Reviews component 1.0-1.3.6 for Joomla was discovered.
NVD RRF 0.016
CVE-2025-54298
CRITICAL CVSS 9.4
Find Similar
A stored XSS vulnerability in CommentBox component 1.0.0-1.1.0 for Joomla was discovered.
NVD RRF 0.015
CVE-2025-55757
MEDIUM CVSS 6.1
Find Similar
A unauthenticated reflected XSS vulnerability in VirtueMart 1.0.0-4.4.10 for Joomla was discovered.
NVD RRF 0.015
CVE-2025-50058
MEDIUM CVSS 5.1
Find Similar
A stored XSS vulnerability in the RSDirectory! component 1.0.0-2.2.8 Joomla was discovered. The issue allows remote authenticated attackers to inject arbitrary web script or HTML via the review reply
NVD RRF 0.015
CVE-2025-54301
HIGH CVSS 8.5
Find Similar
A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. File names are not properly escaped.
NVD RRF 0.015
CVE-2025-32465
HIGH CVSS 8.5
Find Similar
A stored XSS vulnerability in RSTickets! component 1.9.12 - 3.3.0 for Joomla was discovered. It allows attackers to perform cross-site scripting (XSS) attacks via sending crafted payload.
NVD RRF 0.014
CVE-2025-49486
HIGH CVSS 8.6
Find Similar
A stored XSS vulnerability in the Balbooa Gallery plugin 1.0.0-2.4.0 for Joomla allows privileged users to store malicious scripts in gallery items.
NVD RRF 0.014
CVE-2025-54300
HIGH CVSS 8.5
Find Similar
A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. The SVG upload feature does not sanitize uploads.
NVD RRF 0.014
CVE-2025-50126
MEDIUM CVSS 5.3
Find Similar
A stored XSS vulnerability in the RSBlog! component 1.11.6-1.14.5 Joomla was discovered. The issue allows remote authenticated users to inject arbitrary web script or HTML via the jform[tags_text] par
NVD RRF 0.014
CVE-2021-27917
MEDIUM CVSS 5.4
Find Similar
Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.
acquia
NVD RRF 0.014
CVE-2025-63644
MEDIUM CVSS 5.4
Find Similar
A stored cross-site scripting (XSS) vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the user profile Description field.
ph7builder
NVD RRF 0.013
CVE-2025-27754
MEDIUM CVSS 6.5
Find Similar
A stored XSS vulnerability in RSBlog! component 1.11.6 - 1.14.4 for Joomla was discovered. The vulnerability allows authenticated users to inject malicious JavaScript into the plugin's resource. The i
rsjoomla
NVD RRF 0.013
CVE-2024-55100
MEDIUM CVSS 4.8
Find Similar
A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Online Nurse Hiring System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a craft
phpgurukul
NVD RRF 0.013
CVE-2024-53365
MEDIUM CVSS 5.4
Find Similar
A stored cross-site scripting (XSS) vulnerability was identified in PHPGURUKUL Vehicle Parking Management System v1.13 in /users/profile.php. This vulnerability allows authenticated users to inject ma
phpgurukul
NVD RRF 0.013
CVE-2025-63885
MEDIUM CVSS 6.1
Find Similar
A stored cross-site scripting (XSS) vulnerability in AIxBlock commit 04f305 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the model_desc field.
NVD RRF 0.013
Page 1+ Next →