Lucene search
K

1042766 matches found

CVE
CVE
added yesterday7 views

CVE-2026-56356

Summary: CVE-2026-56356 affects n8n’s Chat Trigger node Custom CSS field, where a misconfiguration of the sanitize-html library allows stored XSS. Affected versions: before 1.123.27; 2.0.0–2.13.2; 2.14.0. Impact: an authenticated user with workflow creation/modification rights can inject JavaScri...

5.4CVSS5.6AI score
Exploits0References2
Cvelist
Cvelist
added yesterday11 views

CVE-2026-52760 Apache ActiveMQ, Apache ActiveMQ Web Console: Stored XSS via Unescaped values in ActiveMQ Web Console

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web Console. The browse page in the web console renders a message Id directly without sanitization. This allows an authenticated producer to send a message with a J...

Exploits0References1
CVE
CVE
added yesterday14 views

CVE-2026-52760

CVE-2026-52760 is a Cross-site Scripting vulnerability in Apache ActiveMQ and its Web Console. The issue arises because the browse page renders a JMS message ID directly without sanitization, enabling an authenticated producer to send a crafted message ID that contains HTML/JavaScript, which will...

6.1CVSS5.7AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-8141

The Ajax Load More - Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'taxonomyincludechildren' parameter in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

7.2CVSS5.9AI score0.00261EPSS
Exploits0References3
NVD
NVD
added yesterday9 views

CVE-2026-11589

The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not properly validate uploaded files, allowing unauthenticated users to upload files containing malicious JavaScript such as HTML or SVG to a publicly accessible location, leading to Stored Cross-Site Scripting attac...

8.8CVSS0.00173EPSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-11581

The CVE-2026-11581 entry concerns the Kali Forms — Contact Form & Drag-and-Drop Builder for WordPress, vulnerable before version 2.4.13. The form captions (columns on the form-entries admin screen) are not sanitized, allowing stored XSS where a user with Contributor-level access (or higher) can i...

5.9CVSS5.8AI score0.00153EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday29 views

Redirection for Contact Form 7 < 2.5.0 - Cross-Site Scripting

The Redirection for Contact Form 7 WordPress plugin before 2.5.0 does not escape a link generated before outputting it in an attribute, leading to a Reflected Cross-Site Scripting. id: CVE-2022-0250 info: name: Redirection for Contact Form 7 2.5.0 - Cross-Site Scripting author: ritikchaddha...

6.1CVSS6.4AI score0.01253EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday17 views

GTranslate < 2.8.65 - Cross-Site Scripting

In the Pro and Enterprise versions of GTranslate 2.8.65, the gtranslaterequesturivar function runs at the top of all pages and echoes out the contents of $SERVER'REQUESTURI'. Although this uses addslashes, and most modern browsers automatically URLencode requests, this plugin is still vulnerable ...

6.1CVSS6.4AI score0.01572EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday43 views

UpdraftPlus < 1.22.9 - Cross-Site Scripting

The plugin does not sanitise and escape the updraftinterval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting XSS vulnerability. id: CVE-2022-0864 info: name: UpdraftPlus 1.22.9 - Cross-Site Scripting author: DhiyaneshDk severity: medium description...

6.1CVSS6.4AI score0.07355EPSS
Exploits4References4
Nuclei
Nuclei
added yesterday15 views

WordPress Easy Pricing Tables <3.2.1 - Cross-Site Scripting

WordPress Easy Pricing Tables plugin before 3.2.1 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before reflecting it back in a page available to any user both authenticated and unauthenticated when a specific setting is enabled. id:...

6.1CVSS6.2AI score0.01388EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday24 views

Helmet Store Showroom - Cross Site Scripting

Helmet Store Showroom 1.0 is vulnerable to Cross Site Scripting XSS. id: CVE-2022-46073 info: name: Helmet Store Showroom - Cross Site Scripting author: Harsh severity: medium description: | Helmet Store Showroom 1.0 is vulnerable to Cross Site Scripting XSS. impact: | Successful exploitation of...

6.1CVSS6.4AI score0.01235EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday57 views

Yahoo User Interface library (YUI2) TreeView v2.8.2 - Cross-Site Scripting

Reflected cross-site scripting XSS exists in the TreeView of YUI2 through 2800: up.php sam.php renderhidden.php removechildren.php removeall.php readd.php overflow.php newnode2.php newnode.php. id: CVE-2022-48197 info: name: Yahoo User Interface library YUI2 TreeView v2.8.2 - Cross-Site Scripting...

6.1CVSS6.2AI score0.06608EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday19 views

CandidATS 3.0.0 - Cross-Site Scripting.

CandidATS 3.0.0 contains a cross-site scripting vulnerability via the sortDirection parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.4AI score0.01071EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday41 views

WordPress Mapping Multiple URLs Redirect Same Page <=5.8 - Cross-Site Scripting

WordPress Mapping Multiple URLs Redirect Same Page plugin 5.8 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the mmurspid parameter before outputting it back in an admin page. id: CVE-2022-0599 info: name: WordPress Mapping Multiple URLs Redirec...

6.1CVSS6.2AI score0.01713EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday20 views

Backdrop CMS version 1.23.0 - Stored Cross Site Scripting

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting XSS vulnerability via the 'Card' content. id: CVE-2022-42094 info: name: Backdrop CMS version 1.23.0 - Stored Cross Site Scripting author: theamanrawat severity: medium description: | Backdrop CMS version 1.23.0 w...

4.8CVSS5.6AI score0.02505EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday27 views

OpenCATS 0.9.6 - Cross-Site Scripting

OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the joborderID parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch...

6.1CVSS6.4AI score0.01278EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday18 views

WordPress Cookie Information/Free GDPR Consent Solution <2.0.8 - Cross-Site Scripting

WordPress Cookie Information/Free GDPR Consent Solution plugin prior to 2.0.8 contains a cross-site scripting vulnerability via the admin dashboard. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to...

6.1CVSS6.4AI score0.01601EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday40 views

JobMonster < 4.5.2.9 - Cross-Site Scripting

In the theme JobMonster 4.5.2.9 there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests. id: CVE-2022-1170 info: name: JobMonster 4.5.2.9 - Cross-Site Scripting author: Akincibor,ritikchaddha severity: medium description: | In the theme JobMonste...

6.1CVSS6.4AI score0.01836EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday19 views

Rukovoditel <= 3.2.1 - Cross Site Scripting

A stored cross-site scripting XSS vulnerability in the Global Variables feature /index.php?module=globalvars/vars of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after clicking "Create". id:...

5.4CVSS6.1AI score0.00874EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday17 views

Rukovoditel <= 3.2.1 - Cross Site Scripting

A stored cross-site scripting XSS vulnerability in the Users Alerts feature /index.php?module=usersalerts/usersalerts of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add". id:...

5.4CVSS6.1AI score0.00929EPSS
Exploits1References3
Rows per page
Query Builder