Lucene search
+L

20242 matches found

Nuclei
Nuclei
added 13 hours ago43 views

osTicket < 1.10.2 - Cross-Site Scripting

Cross-site scripting XSS vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "sort" parameter. id: CVE-2018-7196 info: name: osTicket 1.10.2 - Cross-Site Scripting author: ritikchaddha severity: medium...

6.1CVSS6.3AI score0.02482EPSS
Exploits1References2
Nuclei
Nuclei
added 13 hours ago11 views

AffiliateImporterEb <= 1.0.6 - Reflected XSS

AffiliateImporterEb WordPress plugin through 1.0.6 contains a reflected XSS caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires crafted request. id: CVE-2024-12732 info: name: AffiliateImporterEb =...

6.1CVSS5.1AI score0.00517EPSS
Exploits1References1
Nuclei
Nuclei
added 13 hours ago16 views

WSO2 - Server Side Request Forgery

WSO2 products contain SSRF and reflected XSS vulnerabilities in the deprecated Try-It feature accessible only to administrative users, caused by improper URL validation and direct content reflection, letting attackers trick admins into executing arbitrary JavaScript and querying internal services...

5.9CVSS5.3AI score0.00583EPSS
Exploits0References1
Nuclei
Nuclei
added 13 hours ago39 views

WordPress Plugin Category Grid View Gallery 2.3.1 - Cross-Site Scripting

A cross-site scripting vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter. id: CVE-2013-4117 info: name: WordPress Plugin Category Grid View Gallery 2.3.1 -...

4.3CVSS5.1AI score0.12974EPSS
Exploits0References5
Nuclei
Nuclei
added 13 hours ago79 views

CandidATS 3.0.0 - Cross-Site Scripting

CandidATS 3.0.0 contains a cross-site scripting vulnerability via the page parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

6.1CVSS6AI score0.01071EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added yesterday6 views

CVE-2026-9585 Unauthenticated Reflected Cross-Site Scripting (XSS) in Switchvox SMB Web Portal

An unauthenticated reflected cross-site scripting XSS vulnerability exists in Sangoma Switchvox SMB Edition version 8.3 104997. The application fails to properly sanitize the portal parameter supplied to the invalidbrowser and invalidbrowserlogin handlers. User-supplied data is reflected into...

8.6CVSS5.3AI score
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday7 views

CVE-2026-41845

A flaw was found in Spring Framework. Due to incorrect escaping when using JavaScriptUtils.javaScriptEscape, a remote attacker could inject malicious JavaScript code into a user's browser. This could lead to a cross-site scripting XSS vulnerability, allowing the attacker to execute arbitrary...

7.1CVSS5.3AI score0.00161EPSS
Exploits0References4
Cvelist
Cvelist
added yesterday36 views

CVE-2026-15094 WP Hotel Booking <= 2.3.2 - Reflected Cross-Site Scripting via 'check_in_date' Parameter

The WP Hotel Booking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'checkindate' parameter in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

6.1CVSS0.00215EPSS
Exploits0References6
Cvelist
Cvelist
added yesterday32 views

CVE-2026-15759 ChatHelp <= 3.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'number' and 'group' Shortcode Attributes

The ChatHelp – Click to Chat Button, WooCommerce Chat to Order & Floating Chat Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'number' and 'group' Shortcode Attributes in all versions up to, and including, 3.5.1 due to insufficient input sanitization and output escapin...

6.4CVSS0.00201EPSS
Exploits0References7
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-44854

The MxChat – AI Chatbot & Content Generation for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS6.2AI score0.00207EPSS
Exploits0References6
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-44554

ColdFusion is affected by a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user...

8.5CVSS6.1AI score0.09358EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-47995 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Commerce is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerab...

8.1CVSS0.00269EPSS
Exploits0References1
CVE
CVE
added 4 days ago7 views

CVE-2026-47995

Technical details such as affected versions, vulnerable components, exploit methods, or remediation steps are not provided in the supplied documents. Monitor for updates from Adobe/NVD for concrete technical information.

8.1CVSS6.1AI score0.00269EPSS
Exploits0References1Affected Software1
OSV
OSV
added 4 days ago3 views

CVE-2026-60119 Hi.Events < 1.11.0 XSS via Event Title JSON.stringify Injection

Hi.Events before 1.11.0 contains a cross-site scripting vulnerability that allows authenticated attackers with event creation or edit permissions to inject arbitrary HTML and JavaScript by embedding a malicious event title containing the sequence, which is not escaped by JSON.stringify when...

5.1CVSS6.3AI score0.00171EPSS
Exploits0References8
CVE
CVE
added 4 days ago8 views

CVE-2025-15665

The CVE-2025-15665 affects the Ultimate Before After Image Slider & Gallery WordPress plugin prior to version 4.7.1. The BEAF Slider widget shortcode field is not escaped before output, as its value is passed through do_shortcode and echoed verbatim. This allows users with administrator-level acc...

5.4CVSS6.1AI score0.00133EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2025-15665

The Ultimate Before After Image Slider & Gallery WordPress plugin before 4.7.1 does not escape the value of the BEAF Slider widget's shortcode field before outputting it on the front end the value is passed through doshortcode, which echoes non-shortcode content verbatim, allowing users with...

5.4CVSS6.1AI score0.00133EPSS
Exploits0References1
NVD
NVD
added 4 days ago11 views

CVE-2026-44768

SAP CRM WebClient UI allows an attacker to inject and execute malicious scripts in the context of the application due to the absence of a Content Security Policy CSP configuration for certain restrictive directives. This vulnerability has a low impact on the integrity of the application...

4.1CVSS0.00165EPSS
Exploits0References2
NVD
NVD
added 4 days ago6 views

CVE-2026-44759

SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user's browser when the crafted URL is visited, leading to theft of session information, manipulation of portal...

6.1CVSS0.00172EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-44768 Security misconfiguration in SAP CRM (WebClient UI)

SAP CRM WebClient UI allows an attacker to inject and execute malicious scripts in the context of the application due to the absence of a Content Security Policy CSP configuration for certain restrictive directives. This vulnerability has a low impact on the integrity of the application...

4.1CVSS0.00165EPSS
Exploits0References2
CVE
CVE
added 4 days ago11 views

CVE-2026-44768

Summary: CVE-2026-44768 affects the SAP CRM WebClient UI. The vulnerability arises from the absence of a Content Security Policy (CSP) configuration for certain restrictive directives, enabling an attacker to inject and execute malicious scripts in the application context. According to the source...

4.1CVSS6.2AI score0.00165EPSS
Exploits0References2
Rows per page
Query Builder