Search Vulnerabilities

DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload

Apr 17, 2026

CVE-2025-14732

Elementor Website Builder <= 3.35.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API

Apr 8, 2026

CVE-2026-22711

Stored XSS through system messages in WikiLove

CVE-2026-35534

ChurchCRM has Stored XSS in PersonView.php via Facebook Field Attribute Injection

CVE-2026-33510

DOM-Based XSS in Homarr /auth/login Redirect

Apr 6, 2026

CVE-2026-34598

YesWiki has Persistant Blind XSS at "/?BazaR&vue=consulter"

Apr 2, 2026

CVE-2026-33506

DOM-Based XSS in Ory Polis Login Page

Mar 26, 2026

CVE-2025-52563

Chamilo: Reflected XSS via page parameter

Mar 2, 2026

CVE-2026-27120

Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster

Feb 20, 2026

CVE-2025-54369

CRITICAL

Node-SAML SAML Authentication Bypass

Dec 12, 2025

CVE-2025-65961

LOW

Contao is vulnerable to cross-site scripting in templates

Nov 25, 2025

CVE-2025-48076

Galette is vulnerable to Cross-site Scripting

Nov 4, 2025

CVE-2025-62415

bagisto - Cross Site Scripting (XSS) in TinyMCE Image Upload (HTML)

CVE-2025-62418

bagisto - Cross Site Scripting (XSS) in TinyMCE Image Upload (SVG)

CVE-2025-62414

bagisto - Cross Site Scripting (XSS) in Create New Customer

CVE-2025-8561

Ova Advent <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Oct 15, 2025

CVE-2025-55291

Shaarli allows reflected XSS via searchtags parameter

Aug 18, 2025

CVE-2025-48992

Group-Office vulnerable to blind XSS

Jun 16, 2025

CVE-2025-49137

Hax CMS Stored Cross-Site Scripting vulnerability

Jun 9, 2025

CVE-2025-48495

Gokapi has stored XSS vulnerability in friendly name for API keys

Jun 2, 2025

Showing 1 - 20 of 1,000+ results

...

Searching...

Filters

1,000+ results

CVE-2026-40321

DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload

Apr 17, 2026

CVE-2025-14732

Elementor Website Builder <= 3.35.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API

Apr 8, 2026

CVE-2026-22711

Stored XSS through system messages in WikiLove

CVE-2026-35534

ChurchCRM has Stored XSS in PersonView.php via Facebook Field Attribute Injection

CVE-2026-33510

DOM-Based XSS in Homarr /auth/login Redirect

Apr 6, 2026

CVE-2026-34598

YesWiki has Persistant Blind XSS at "/?BazaR&vue=consulter"

Apr 2, 2026

CVE-2026-33506

DOM-Based XSS in Ory Polis Login Page

Mar 26, 2026

CVE-2025-52563

Chamilo: Reflected XSS via page parameter

Mar 2, 2026

CVE-2026-27120

Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster

Feb 20, 2026

CVE-2025-54369

CRITICAL

Node-SAML SAML Authentication Bypass

Dec 12, 2025

CVE-2025-65961

LOW

Contao is vulnerable to cross-site scripting in templates

Nov 25, 2025

CVE-2025-48076

Galette is vulnerable to Cross-site Scripting

Nov 4, 2025

CVE-2025-62415

bagisto - Cross Site Scripting (XSS) in TinyMCE Image Upload (HTML)

CVE-2025-62418

bagisto - Cross Site Scripting (XSS) in TinyMCE Image Upload (SVG)

CVE-2025-62414

bagisto - Cross Site Scripting (XSS) in Create New Customer

CVE-2025-8561

Ova Advent <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Oct 15, 2025

CVE-2025-55291

Shaarli allows reflected XSS via searchtags parameter

Aug 18, 2025

CVE-2025-48992

Group-Office vulnerable to blind XSS

Jun 16, 2025

CVE-2025-49137

Hax CMS Stored Cross-Site Scripting vulnerability

Jun 9, 2025

CVE-2025-48495