Lucene search
K

6 matches found

ATTACKERKB
ATTACKERKB
added 2026/01/20 11:33 a.m.5 views

CVE-2025-40644

Reflected Cross-Site Scripting XSS vulnerability in Riftzilla's QRGen. This vulnerability allows an attavker to execute JavaScript code in the victim's browser by sending them a malicious URL using the 'id' parameter in '/article.php'. This vulnerability can be exploited to steal sensitive user...

5.1CVSS5.7AI score0.00318EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/21 6:30 p.m.4 views

EUVD-2025-35187

Cross-Site Scripting XSS vulnerability in Bang Resto v1.0 could allow an attacker to inject malicious JavaScript code into the application's web pages. This vulnerability exists due to insufficient input sanitization or output encoding, allowing attacker-controlled input to be rendered directly i...

6.1CVSS5.4AI score0.00229EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/10/29 12:0 a.m.6 views

PT-2024-37791 · Unknown · Lollms-Webui

Name of the Vulnerable Software and Affected Versions: lollms-webui versions prior to 10 Description: A CORS misconfiguration allows attackers to steal sensitive information, such as logs, browser sessions, and settings containing private API keys from other services. This issue can also enable...

8.1CVSS8.1AI score0.00242EPSS
Exploits1References6
CNNVD
CNNVD
added 2021/03/10 12:0 a.m.3 views

Iteris Apache Velocity 跨站脚本漏洞

Iteris Apache Velocity is a software application from the United States Iteris. It is used to create and maintain open source software features related to the Apache Velocity Engine. A security vulnerability exists in Apache Velocity 3.1, which can be exploited by an attacker to steal a session...

6.1CVSS6.9AI score0.06357EPSS
Exploits0References15
OSV
OSV
added 2019/07/19 3:15 p.m.1 views

DEBIAN-CVE-2019-1010247

ZmartZone IAM modauthopenidc 2.3.10.1 and earlier is affected by: Cross Site Scripting XSS. The impact is: Redirecting the user to a phishing page or interacting with the application on behalf of the user. The component is: File: src/modauthopenidc.c, Line: 3109. The fixed version is: 2.3.10.2...

6.1CVSS6.2AI score0.01274EPSS
Exploits0References1
OSV
OSV
added 2019/06/12 2:29 p.m.3 views

CVE-2019-1031

A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

5.4CVSS6.2AI score0.01662EPSS
Exploits0References2
Rows per page
Query Builder