Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the response without s
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in podspod AppReview appreview allows Reflected XSS.This issue affects AppReview: from n/a through <=
The Podlove Podcast Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Feed Name value in version <= 4.1.25 due to insufficient input sanitization and output escaping.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in podpirate Access Areas wp-access-areas allows Reflected XSS.This issue affects Access Areas: from
A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victi
Zenar Content Management System contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating form parameters in POST requests. Attack
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Stored XSS.This issue affects Podlove Podcast Publ
A reflected cross-site scripted (XSS) vulnerability in the acc-menu_billings.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in
A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS 5.202406.d. This issue affects some unknown processing of the file /admin/cmsTagType/save of the component Tag
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podamibe Nepal Podamibe Twilio Private Call podamibe-twilio-private-call allows Reflected XSS.This
Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without
A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_markeralerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript
Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoin
A cross-site scripting (XSS) vulnerability in the component /master/header.php of Ganglia-web v3.73 to v3.76 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected in
A cross-site scripting (reflected XSS) vulnerability was found in Mettler Toledo FreeWeight.Net Web Reports Viewer 8.4.0 (440). It allows an attacker to inject malicious scripts via the IW_SessionID_
A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the arg
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.4, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in landb.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value
A reflected cross-site scripting (XSS) vulnerability was discovered in Output Messenger before 2.0.63, where unsanitized input could be injected into the web application’s response. This vulnerability
Page 1+ Next →