Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Reflected Cross-site Scripting (XSS) in Alkacon's OpenCms v18.0, which allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL containing the ‘q’ pa
A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the
A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the C
Stored Cross-Site Scripting (XSS) in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-article/org.opencms.ugc.CmsUgcEditService
Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field
A reflected cross-site scripting (XSS) vulnerability in moziloCMS v3.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.
A reflected cross-site scripting (XSS) vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying
A Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1 exists via cmis-online/type.
An unauthenticated reflected cross-site scripting vulnerability in the query handling of CMSimpleXH allows remote attackers to inject and execute arbitrary JavaScript in a victim's browser via a craft
A reflected cross-site scripting (XSS) vulnerability in RiteCMS v3.1.0 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload.
Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet.
A template injection vulnerability leading to reflected cross-site scripting (XSS) has been identified in version 1.7.1, requiring authenticated admin access for exploitation. The vulnerability exists
Reflected Cross-Site Scripting (XSS) in osCommerce v4. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the name of
A Cross Site Scripting vulnerability in Alkacon OpenCms before 16 exists via updateModelGroups.jsp.
A reflected cross-site scripting (XSS) vulnerability in the login_newpwd.php endpoint of Interzen Consulting S.r.l ZenShare Suite v17.0 allows attackers to execute arbitrary Javascript in the context
Cross-Site Scripting (XSS) vulnerability found in MarkTwo commit e3a1d3f90cce4ea9c26efcbbf3a1cbfb9dcdb298 (May 2025) allows a remote attacker to execute arbitrary code via a crafted script input to th
A Reflected Cross Site Scripting (XSS) vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the vic
OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious input through the p
In Concrete CMS below version 9.4.8, A stored cross-site scripting (XSS) vulnerability exists in the search block where page names and content are rendered without proper HTML encoding in search resul
A reflected cross-site scripting (XSS) vulnerability in the /index/login.html component of YZMCMS v7.4 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifyi
Page 1+ Next →