Lucene search
+L

1523803 matches found

Cvelist
Cvelist
added 2 hours ago6 views

CVE-2026-10525 NEX-Forms < 9.2.3 - Unauthenticated Stored XSS via Form Submission

The NEX-Forms WordPress plugin before 9.2.3 does not sanitise and escape some submitted form data before storing it and outputting it back in the admin dashboard, leading to a Stored Cross-Site Scripting vulnerability which could allow unauthenticated users to perform Stored Cross-Site Scripting...

Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-44175

Kirby is an open-source content management system. In versions prior to 4.9.1 and 5.4.1, Kirby did not securely sanitize the contents of the list field on save, leaving it vulnerable to cross-site scripting XSS. Kirby's list field stores its formatted content as HTML, and unlike other field types...

8.5CVSS0.0004EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday9 views

CVE-2026-45368 Kirby: Cross-site scripting (XSS) from links in KirbyTags and image blocks in the site frontend

Kirby is an open-source content management system. In versions prior to 4.9.1 and 5.4.1, the underlying URL methods for the KirbyTags and image blocks components did not filter out malicious URL values that resolve to script execution. The vulnerability affects four first-party Kirby renderers th...

8.4CVSS0.00062EPSS
Exploits0References2
CVE
CVE
added yesterday26 views

CVE-2026-44175

Kirby has a stored XSS vulnerability in the list field prior to versions 4.9.1 and 5.4.1 due to server-side sanitization on save not being applied (HTML in list field not escaped without breaking formatting). The content is stored as HTML and could be sent via Kirby’s API bypassing the Panel, the...

8.5CVSS5.9AI score0.0004EPSS
Exploits0References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-45053

Kirby is an open-source content management system. In versions prior to 4.9.1 and 5.4.1, Kirby did not securely sanitize the contents of the list field on save, leaving it vulnerable to cross-site scripting XSS. Kirby's list field stores its formatted content as HTML, and unlike other field types...

8.5CVSS5.9AI score0.0004EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-44175

Kirby is an open-source content management system. In versions prior to 4.9.1 and 5.4.1, Kirby did not securely sanitize the contents of the list field on save, leaving it vulnerable to cross-site scripting XSS. Kirby's list field stores its formatted content as HTML, and unlike other field types...

8.5CVSS5.9AI score0.0004EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added yesterday12 views

CVE-2026-44175 Kirby: Cross-site scripting (XSS) from list field content in the site frontend

Kirby is an open-source content management system. In versions prior to 4.9.1 and 5.4.1, Kirby did not securely sanitize the contents of the list field on save, leaving it vulnerable to cross-site scripting XSS. Kirby's list field stores its formatted content as HTML, and unlike other field types...

8.5CVSS0.0004EPSS
Exploits0References2
NVD
NVD
added yesterday7 views

CVE-2026-63081

Perfect Support Ticketing & Document Management System through 1.7 contains a stored cross-site scripting vulnerability that allows authenticated attackers with Agent-level privileges to inject malicious payloads into the Notes field of assigned support tickets. Attackers can store malicious...

5.4CVSS
Exploits0References2
EUVD
EUVD
added yesterday7 views

EUVD-2026-44945

Perfect Support Ticketing & Document Management System through 1.7 contains a stored cross-site scripting vulnerability that allows authenticated attackers with Agent-level privileges to inject malicious payloads into the Notes field of assigned support tickets. Attackers can store malicious...

5.4CVSS6.1AI score
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-63081

The CVE-2026-63081 entry describes a stored XSS in the Perfect Support Ticketing & Document Management System (v1.7). Authenticated attackers with Agent-level privileges can inject scripts into the Notes field of assigned tickets, causing the script to run in the browser context of any viewer (in...

5.4CVSS6.1AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-63081

Perfect Support Ticketing & Document Management System through 1.7 contains a stored cross-site scripting vulnerability that allows authenticated attackers with Agent-level privileges to inject malicious payloads into the Notes field of assigned support tickets. Attackers can store malicious...

5.4CVSS6.1AI score
Exploits0References3
Cvelist
Cvelist
added yesterday16 views

CVE-2026-63081 Perfect Support Ticketing System 1.7 Stored XSS via Ticket Notes Field

Perfect Support Ticketing & Document Management System through 1.7 contains a stored cross-site scripting vulnerability that allows authenticated attackers with Agent-level privileges to inject malicious payloads into the Notes field of assigned support tickets. Attackers can store malicious...

5.4CVSS
Exploits0References2
GithubExploit
GithubExploit
added yesterday39 views

payload-stored-xss

No d...

6.1AI score
Exploits0
GithubExploit
GithubExploit
added yesterday35 views

web-scanner

🛡️ Web Scanner A native macOS app that scans a website for...

6.1AI score
Exploits0
Nuclei
Nuclei
added yesterday55 views

Academy Learning Management System <5.9.1 - Cross-Site Scripting

Academy Learning Management System before 5.9.1 contains a cross-site scripting vulnerability via the Search parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.5AI score0.02316EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday50 views

DomainMOD <=4.13.0 - Cross-Site Scripting

DomainMOD through 4.13.0 contains a cross-site scripting vulnerability via /reporting/domains/cost-by-month.php in Daterange parameters. id: CVE-2019-15811 info: name: DomainMOD =4.13.1 to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/47325 -...

6.1CVSS6.4AI score0.06395EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday47 views

WP Helper Lite < 4.3 - Cross-Site Scripting

The WP Helper Lite WordPress plugin, in versions 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability. id: CVE-2023-0448 info: name: WP Helper Lite 4.3 - Cross-Site Scripting author: ritikchaddha severity: medium description: | T...

6.1CVSS6.4AI score0.44513EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday44 views

WordPress Copyright Proof <=4.16 - Cross-Site-Scripting

WordPress Copyright Proof plugin 4.16 and prior contains a cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users when a specific setting is enabled. id: CVE-2022-1906...

6.1CVSS6.4AI score0.00955EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday64 views

Uniview NVR301-04S2-P4 - Cross-Site Scripting

Uniview NVR301-04S2-P4 contains a reflected cross-site scripting vulnerability via the PATH of LAPI. CISA and Uniview state that this vulnerability needs to be authenticated. This is incorrect. Any PATH payload can cause XSS. A submission to Mitre has been sent to update the verbiage in the findi...

5.4CVSS6AI score0.009EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday34 views

Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting

Caldera Forms WordPress plugin 1.9.7 contains a reflected cross-site scripting caused by lack of validation and escaping of the cf-api parameter in responses, letting attackers execute arbitrary scripts in victim's browser, exploit requires attacker to craft a malicious request. id: CVE-2022-0879...

6.1CVSS6.5AI score0.01195EPSS
Exploits2References3
Rows per page
Query Builder