Lucene search
K

200 matches found

Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-9626 JSON API User <= 4.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'content' Parameter

The JSON API User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'content' parameter of the postcomment API endpoint in versions up to, and including, 4.1.0 This is due to insufficient input sanitization in the postcomment function, which passes the attacker-controlled...

6.4CVSS0.00228EPSS
Exploits0References6
CVE
CVE
added 5 days ago14 views

CVE-2026-9626

The CVE-2026-9626 entry concerns the WordPress JSON API User plugin (

6.4CVSS5.9AI score0.00228EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.12 views

PT-2026-48171

A markdown based cross-site scripting XSS vulnerability in the /system/notice/create endpoint of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the notice content parameter...

5.6AI score0.00181EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.7 views

CVE-2026-36763

A stored cross-site scripting XSS vulnerability in the /api/blade-desk/notice/submit endpoint of SpringBlade v4.8.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the content parameter...

6.1CVSS5.6AI score0.00187EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.11 views

CVE-2026-36761

A stored cross-site scripting XSS vulnerability in the /msg/msgInner/save endpoint of JeeSite v5.15.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the msgContent parameter...

6.1CVSS5.6AI score0.00155EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/13 6:30 p.m.7 views

EUVD-2020-31223

Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoint. Attackers can send POST requests to /web/?c=bbs&a=reply with HTML and JavaScript payloads in t...

7.2CVSS5.9AI score0.00311EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/13 2:22 p.m.33 views

CVE-2020-37222 Kuicms Php EE 2.0 Persistent Cross-Site Scripting via bbs reply

Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoint. Attackers can send POST requests to /web/?c=bbs&a=reply with HTML and JavaScript payloads in t...

7.2CVSS0.00311EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:22 p.m.7 views

CVE-2020-37222

Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoint. Attackers can send POST requests to /web/?c=bbs&a=reply with HTML and JavaScript payloads in t...

7.2CVSS5.9AI score0.00311EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/09 2:21 a.m.11 views

CVE-2026-36458

ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cmscontent tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/07 3:38 p.m.17 views

EUVD-2026-28377

ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cmscontent tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered...

5.8AI score0.00373EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.13 views

PT-2026-38442

Name of the Vulnerable Software and Affected Versions ChestnutCMS version 1.5.10 Description A SQL injection issue exists where the content parameter of the 'cms content' tag can be manipulated within the admin backend. This allows the parameter to be injected into a SQL query during template...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/07 12:0 a.m.36 views

CVE-2026-36458

ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cmscontent tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered...

0.00373EPSS
Exploits0References2
CVE
CVE
added 2026/05/07 12:0 a.m.15 views

CVE-2026-36458

ChestnutCMS v1.5.10 is affected by a SQL injection in the cms_content tag: the content parameter can be manipulated in the admin backend and injected into a SQL query during template rendering. The issue is documented across NVD/EUVD/CVE sources with a high severity (CVSS v3.1: 9.8, Critical) and...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/07 12:0 a.m.7 views

CVE-2026-36458

ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cmscontent tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered...

5.8AI score0.00373EPSS
Exploits0References2
NVD
NVD
added 2026/04/30 6:16 p.m.6 views

CVE-2026-36763

A stored cross-site scripting XSS vulnerability in the /api/blade-desk/notice/submit endpoint of SpringBlade v4.8.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the content parameter...

6.1CVSS0.00187EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/30 12:0 a.m.3 views

CVE-2026-36763

A stored cross-site scripting XSS vulnerability in the /api/blade-desk/notice/submit endpoint of SpringBlade v4.8.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the content parameter...

5.3AI score0.00187EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/30 12:0 a.m.5 views

EUVD-2026-26394

A stored cross-site scripting XSS vulnerability in the /msg/msgInner/save endpoint of JeeSite v5.15.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the msgContent parameter...

6.1CVSS5.3AI score0.00155EPSS
Exploits0References2
CVE
CVE
added 2026/04/30 12:0 a.m.15 views

CVE-2026-36763

The CVE-2026-36763 entry describes a stored XSS in SpringBlade v4.8.0, exploitable via the /api/blade-desk/notice/submit endpoint by injecting crafted input into the content parameter. The NVD entry confirms the issue and lists a CVSS v3.1 base score of 6.1 (Medium) with network attack vector, lo...

6.1CVSS5.3AI score0.00187EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/30 12:0 a.m.10 views

CVE-2026-36763

A stored cross-site scripting XSS vulnerability in the /api/blade-desk/notice/submit endpoint of SpringBlade v4.8.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the content parameter...

6.1CVSS5.3AI score0.00187EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.7 views

Code-Projects Simple IT Discussion Forum SQL注入漏洞

Code-Projects Simple IT Discussion Forum is a simple forum developed by Code-Projects as open source. Version 1.0 of Code-Projects Simple IT Discussion Forum has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “content” in the file...

7.5CVSS7.2AI score0.00336EPSS
Exploits0References5
Rows per page
Query Builder