Vulnerability Lab

14 exploits Active since Jan 2026
CVE-2021-47769 EXPLOITDB MEDIUM text WRITEUP
Bdtask Isshue - XSS
Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. Attackers with privileged user accounts can inject malicious scripts that execute on preview, potentially enabling session hijacking and persistent phishing attacks.
CVSS 4.8
CVE-2021-47768 EXPLOITDB MEDIUM text WRITEUP
Cleidigh Importexporttools NG - XSS
ImportExportTools NG 10.0.4 contains a persistent HTML injection vulnerability in the email export module that allows remote attackers to inject malicious HTML payloads. Attackers can send emails with crafted HTML in the subject that execute during HTML export, potentially compromising user data or session credentials.
CVSS 6.1
EIP-2026-113810 EXPLOITDB text WRITEUP
WordPress Plugin Hotel Listing 3 - 'Multiple' Cross-Site Scripting (XSS)
EIP-2026-112956 EXPLOITDB text WORKING POC
Vanguard 2.1 - 'Search' Cross-Site Scripting (XSS)
EIP-2026-112885 EXPLOITDB text WORKING POC
Ultimate POS 4.4 - 'name' Cross-Site Scripting (XSS)
EIP-2026-112154 EXPLOITDB text WORKING POC
Simplephpscripts Simple CMS 2.1 - 'Multiple' Stored Cross-Site Scripting (XSS)
EIP-2026-112153 EXPLOITDB text WRITEUP
Simplephpscripts Simple CMS 2.1 - 'Multiple' SQL Injection
EIP-2026-112530 EXPLOITDB text WORKING POC
Syneto Unified Threat Management 1.3.3/1.4.2 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
EIP-2026-110729 EXPLOITDB text WORKING POC
PHP Melody 3.0 - Persistent Cross-Site Scripting (XSS)
EIP-2026-110728 EXPLOITDB text WORKING POC
PHP Melody 3.0 - 'vid' SQL Injection
EIP-2026-110727 EXPLOITDB text WORKING POC
PHP Melody 3.0 - 'Multiple' Cross-Site Scripting (XSS)
EIP-2026-110502 EXPLOITDB text WORKING POC
Payment Terminal 3.1 - 'Multiple' Cross-Site Scripting (XSS)
EIP-2026-109622 EXPLOITDB text WORKING POC
Mult-e-Cart Ultimate 2.4 - 'id' SQL Injection
EIP-2026-102019 EXPLOITDB text WORKING POC
Sonicwall SonicOS 6.5.4 - 'Common Name' Cross-Site Scripting (XSS)