Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
2 HIGH18 MEDIUM
CVE-2025-60646
MEDIUM CVSS 6.1
Find Similar
A stored cross-site scripting (XSS) in the Business Line Management module of Xxl-api v1.3.0 attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.
xuxueli
NVD RRF 0.016
CVE-2025-60645
MEDIUM CVSS 6.5
Find Similar
A Cross-Site Request Forgery (CSRF) in xxl-api v1.3.0 allows attackers to arbitrarily add users to the management module via a crafted GET request.
xuxueli
NVD RRF 0.016
CVE-2024-57773
MEDIUM CVSS 4.8
Find Similar
A cross-site scripting (XSS) vulnerability in the openSelectManyUserPage?orgid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
jfinaloa_project
NVD RRF 0.016
CVE-2024-57771
MEDIUM CVSS 4.8
Find Similar
A cross-site scripting (XSS) vulnerability in the common/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
jfinaloa_project
NVD RRF 0.016
CVE-2025-63885
MEDIUM CVSS 6.1
Find Similar
A stored cross-site scripting (XSS) vulnerability in AIxBlock commit 04f305 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the model_desc field.
NVD RRF 0.015
CVE-2025-57444
MEDIUM CVSS 6.1
Find Similar
An authenticated cross-site scripting (XSS) vulnerability in the Administrative interface of Radware AlteonOS Web UI Management v33.0.4.50 allows attackers to execute arbitrary web scripts or HTML via
NVD RRF 0.015
CVE-2025-57393
HIGH CVSS 8.8
Find Similar
A stored cross-site scripting (XSS) in Kissflow Work Platform Kissflow Application Versions 7337 Account v2.0 to v4.2vallows attackers to execute arbitrary web scripts or HTML via injecting a crafted
NVD RRF 0.015
CVE-2024-57774
MEDIUM CVSS 4.8
Find Similar
A cross-site scripting (XSS) vulnerability in the getBusinessUploadListPage?busid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted paylo
jfinaloa_project
NVD RRF 0.015
CVE-2025-61313
HIGH CVSS 7.3
Find Similar
A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_markeralerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript
NVD RRF 0.014
CVE-2024-57776
MEDIUM CVSS 4.6
Find Similar
A cross-site scripting (XSS) vulnerability in the /apply/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
jfinaloa_project
NVD RRF 0.014
CVE-2024-53569
MEDIUM CVSS 5.4
Find Similar
A stored cross-site scripting (XSS) vulnerability in the New Goal Creation section of Volmarg Personal Management System v1.4.65 allows authenticated attackers to execute arbitrary web scripts or HTML
NVD RRF 0.014
CVE-2024-44851
MEDIUM CVSS 5.4
Find Similar
A stored cross-site scripting (XSS) vulnerability in the Discussion section of Perfex CRM v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Conte
perfexcrm
NVD RRF 0.014
CVE-2024-50677
MEDIUM CVSS 6.1
Find Similar
A cross-site scripting (XSS) vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter.
oroinc
NVD RRF 0.014
CVE-2025-67163
MEDIUM CVSS 6.1
Find Similar
A stored cross-site scripting (XSS) vulnerability in Simple Machines Forum v2.1.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Forum Name paramete
simplemachines
NVD RRF 0.014
CVE-2026-31353
MEDIUM CVSS 5.4
Find Similar
An authenticated stored cross-site scripting (XSS) vulnerability in the Category module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload in
feehi
NVD RRF 0.013
CVE-2025-45806
MEDIUM CVSS 6.1
Find Similar
A cross-site scripting (XSS) vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
NVD RRF 0.013
CVE-2024-44872
MEDIUM CVSS 6.1
Find Similar
A reflected cross-site scripting (XSS) vulnerability in moziloCMS v3.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.
mozilo
NVD RRF 0.013
CVE-2024-40317
MEDIUM CVSS 6.1
Find Similar
A reflected cross-site scripting (XSS) vulnerability in MyNET up to v26.08 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the parame
airc
NVD RRF 0.013
CVE-2025-45316
MEDIUM CVSS 6.1
Find Similar
A cross-site scripting (XSS) vulnerability in the TextBlockModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the
hortusfox
NVD RRF 0.013
CVE-2024-43005
MEDIUM CVSS 4.7
Find Similar
A reflected cross-site scripting (XSS) vulnerability in the component dl_liuyan_save.php of ZZCMS v2023 allows attackers to execute arbitrary code in the context of a user's browser via injecting a cr
zzcms
NVD RRF 0.013
Page 1+ Next →