Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
2 HIGH18 MEDIUM
CVE-2026-42401
MEDIUM CVSS 5.4
Find Similar
Improper Neutralization of Input During Web Page Generation (CWE-79) in Kibana can lead to stored HTML injection. A user with write access to an Elasticsearch index could persist crafted markup which,
elastic
NVD RRF 0.016
CVE-2025-25018
MEDIUM CVSS 5.4
Find Similar
Improper Neutralization of Input During Web Page Generation in Kibana can lead to stored Cross-Site Scripting (XSS)
elastic
NVD RRF 0.016
CVE-2025-25017
MEDIUM CVSS 6.1
Find Similar
Improper Neutralization of Input During Web Page Generation in Kibana can lead to Cross-Site Scripting (XSS)
elastic
NVD RRF 0.016
CVE-2025-25009
MEDIUM CVSS 5.4
Find Similar
Improper Neutralization of Input During Web Page Generation in Kibana can lead to Stored XSS via case file upload.
elastic
NVD RRF 0.016
CVE-2025-37732
MEDIUM CVSS 5.4
Find Similar
Improper neutralization of input during web page generation ('Cross-site Scripting') (CWE-79) allows an authenticated user to render HTML tags within a user’s browser via the integration package uploa
elastic
NVD RRF 0.015
CVE-2025-68387
MEDIUM CVSS 6.1
Find Similar
Improper neutralization of input during web page generation ('Cross-site Scripting') (CWE-79) allows an unauthenticated user to embed a malicious script in content that will be served to web browsers
elastic
NVD RRF 0.015
CVE-2025-7746
MEDIUM CVSS 5.3
Find Similar
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause an unvalidated data injected by a malicious user potentially leading
NVD RRF 0.015
CVE-2026-26938
HIGH CVSS 7.7
Find Similar
Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem,
elastic
NVD RRF 0.015
CVE-2024-11390
MEDIUM CVSS 5.4
Find Similar
Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript execution in a victim’s browser (XSS) via crafted HTML and JavaScript files. The attacker must have access
elastic
NVD RRF 0.014
CVE-2025-13902
MEDIUM CVSS 5.1
Find Similar
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause condition where authenticated attackers can have a victim’s browser ru
schneider-electric
NVD RRF 0.014
CVE-2024-47387
MEDIUM CVSS 5.9
Find Similar
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Search Atlas Group Search Atlas SEO metasync allows Stored XSS.This issue affects Search Atlas SEO
NVD RRF 0.014
CVE-2025-3117
MEDIUM CVSS 5.1
Find Similar
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists impacting configuration file paths that could cause an unvalidated data injected by au
NVD RRF 0.014
CVE-2025-31409
MEDIUM CVSS 6.5
Find Similar
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Bridge Core allows Stored XSS. This issue affects Bridge Core: from n/a through n/a.
NVD RRF 0.014
CVE-2025-5742
MEDIUM CVSS 5.1
Find Similar
CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an authenticated user modifies configuration parameters on the web server
NVD RRF 0.014
CVE-2024-51885
MEDIUM CVSS 6.5
Find Similar
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Takashi Matsuyama Browsing History browsing-history allows Stored XSS.This issue affects Browsing
NVD RRF 0.013
CVE-2025-68385
MEDIUM CVSS 6.1
Find Similar
Improper neutralization of input during web page generation ('Cross-site Scripting') (CWE-79) allows an authenticated user to embed a malicious script in content that will be served to web browsers ca
elastic
NVD RRF 0.013
CVE-2025-58019
MEDIUM CVSS 6.5
Find Similar
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Search Atlas Group Search Atlas SEO metasync allows Stored XSS.This issue affects Search Atlas SEO
NVD RRF 0.013
CVE-2024-44054
MEDIUM CVSS 5.4
Find Similar
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Fluida allows Stored XSS.This issue affects Fluida: from n/a through 1.8.8.
cryoutcreations
NVD RRF 0.013
CVE-2025-27314
HIGH CVSS 7.1
Find Similar
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kush Sharma Kush Micro News kush-micro-news allows Stored XSS.This issue affects Kush Micro News:
NVD RRF 0.013
CVE-2025-55064
MEDIUM CVSS 4.8
Find Similar
CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
NVD RRF 0.013
Page 1+ Next →