Lucene search
+L

111 matches found

Vulnrichment
Vulnrichment
added 2026/02/20 4:48 p.m.5 views

CVE-2026-27503 SVXportal <= 2.5 admin/log.php Search Reflected XSS

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.php via the search query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value directly into an HTML input value attribute,...

6.1CVSS5.3AI score0.00155EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/20 4:48 p.m.30 views

CVE-2026-27503 SVXportal <= 2.5 admin/log.php Search Reflected XSS

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.php via the search query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value directly into an HTML input value attribute,...

6.1CVSS0.00155EPSS
Exploits0References2
CVE
CVE
added 2026/02/20 4:48 p.m.32 views

CVE-2026-27503

SVXportal 2.5 and earlier versions are affected by a reflected XSS in admin/log.php triggered via the search query parameter. When an authenticated administrator loads a crafted URL, the unsanitized parameter value is embedded into an HTML input value attribute, enabling attacker-supplied JavaScr...

6.1CVSS5.3AI score0.00155EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.9 views

SVXportal 安全漏洞

SVXportal is a portal website developed by Peter as an individual developer. Versions of SVXportal 2.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the lack of validation for the search query parameter in the admin/log.php file, which could lead to...

6.1CVSS5.7AI score0.00155EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.14 views

PT-2026-21272

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.php via the search query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value directly into an HTML input value attribute,...

5.1CVSS5.3AI score0.00155EPSS
Exploits0References3
NVD
NVD
added 2026/02/19 7:17 a.m.7 views

CVE-2026-2502

The xmlrpc attacks blocker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0, via the 'X-Forwarded-For' HTTP header. This is due to the plugin trusting and logging attacker-controlled IP header data and rendering debug log entries without outp...

6.1CVSS0.00265EPSS
Exploits0References5
Sick AG
Sick AG
added 2026/01/15 2:0 p.m.19 views

Vulnerabilities affecting SICK Incoming Goods Suite

SICK has identified multiple vulnerabilities in the SICK Incoming Goods Suite product. Vulnerabilities related to Grafana apply exclusively to the administrative user interface for log management and do not affect the Incoming Goods Suite user interface. The vulnerabilities could potentially affe...

8.3CVSS7.1AI score0.97999EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.6 views

MiracleLinux 3 : krb5-1.6.1-17AXS3.1 (AXSA:2008-153:02)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2008-153:02 advisory. Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of...

10CVSS8.4AI score0.29842EPSS
Exploits10References14
OSV
OSV
added 2026/01/09 5:15 p.m.7 views

CVE-2026-22198

GestSup versions prior to 3.2.60 contain a pre-authentication stored cross-site scripting XSS vulnerability in the API error logging functionality. By sending an API request with a crafted X-API-KEY header value for example, to /api/v1/ticket.php, an unauthenticated attacker can cause...

6.1CVSS5.9AI score0.00258EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/07 9:49 a.m.13 views

CVE-2022-27886

Maccms v10 was discovered to contain a reflected cross-site scripting XSS vulnerability in /admin.php/admin/ulog/index.html via the wd parameter...

6.1CVSS6.1AI score0.00547EPSS
Exploits1References1
Veracode
Veracode
added 2025/11/05 8:11 a.m.7 views

Cross-site Scripting (XSS)

s-cart/core and gp247/core are vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of the User-Agent header in the Admin Log Viewer, which allows an attacker to inject malicious scripts that execute in an administrator’s browser when viewing the security log...

5.4CVSS6.7AI score0.00201EPSS
Exploits0References4Affected Software2
EUVD
EUVD
added 2025/11/03 6:31 p.m.7 views

EUVD-2025-37504

A cross-site scripting XSS vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated...

8.7CVSS5.5AI score0.00375EPSS
Exploits3References3
NVD
NVD
added 2025/11/03 4:15 p.m.6 views

CVE-2025-60503

A cross-site scripting XSS vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated...

8.7CVSS0.00375EPSS
Exploits3References2
CVE
CVE
added 2025/11/03 12:0 a.m.38 views

CVE-2025-60503

A cross-site scripting (XSS) vulnerability exists in UltimatePOS 4.8 (admin purchases). User input in the Purchases &gt; reference No. field is reflected in the Admin Log panel without proper escaping, enabling an authenticated attacker to execute JavaScript in an admin session (potential session...

8.7CVSS5.6AI score0.00375EPSS
Exploits3References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/03 12:0 a.m.6 views

CVE-2025-60503

A cross-site scripting XSS vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated...

5.6AI score0.00375EPSS
Exploits3References2
CNNVD
CNNVD
added 2025/11/03 12:0 a.m.9 views

Ultimate Fosters UltimatePOS 安全漏洞

Ultimate Fosters UltimatePOS is a product management and POS cashiering system from Ultimate Fosters. A security vulnerability exists in Ultimate Fosters UltimatePOS version 4.8, which stems from the input submitted by the purchase function in the administration interface is not properly escaped ...

8.7CVSS5.9AI score0.00375EPSS
Exploits3References3
Cvelist
Cvelist
added 2025/11/03 12:0 a.m.18 views

CVE-2025-60503

A cross-site scripting XSS vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated...

0.00375EPSS
Exploits3References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2017-1562

Malware in sbrugna...

6.1CVSS6.3AI score0.00836EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-7569

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00506EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-8125

Malicious code in bioql PyPI...

6.5CVSS9AI score0.00394EPSS
Exploits0References5
Rows per page
Query Builder