Lucene search
K

250 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/04 9:15 p.m.8 views

CVE-2026-14655

A weakness has been identified in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file admin/view-users.php. Executing a manipulation of the argument User can lead to cross site scripting. The attack may be performed from remote. The exploit ha...

4.8CVSS4.1AI score0.00347EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/04 12:0 a.m.8 views

PT-2026-55735

Name of the Vulnerable Software and Affected Versions code-projects Assessment Management version 1.0 Description A remote cross-site scripting issue exists in the admin/view-users.php file. This occurs when the User argument is manipulated, allowing an attacker to execute malicious scripts in th...

4.8CVSS5.9AI score0.00347EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54831

Name of the Vulnerable Software and Affected Versions MCO version 25.3.3.1 Description Insufficient authorization enforcement occurs in the '/customer/servlet/mco/webapi/admin-view-hierarchy/get-acl-tree-structure' endpoint. This allows an authenticated user with low privileges to retrieve...

7.1CVSS5.8AI score0.00183EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/23 4:14 p.m.7 views

EUVD-2026-38508

Low‑privileged users could use their Full Name as a vector for a stored XSS attack. The name is included in system‑generated emails, whose content is stored in the details field of the userlog table. An admin user viewing the email content through userlog-details.php would have any malicious...

5.8AI score0.00339EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/23 4:14 p.m.38 views

CVE-2026-44956

Low‑privileged users could use their Full Name as a vector for a stored XSS attack. The name is included in system‑generated emails, whose content is stored in the details field of the userlog table. An admin user viewing the email content through userlog-details.php would have any malicious...

0.00339EPSS
Exploits1References1
NVD
NVD
added 2026/06/06 2:16 a.m.14 views

CVE-2026-8901

The Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Form Submission Data in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This make...

7.2CVSS0.00314EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.14 views

CVE-2026-37593

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfhattendance/admin/viewatt.php...

2.7CVSS5.7AI score0.0019EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 2:28 p.m.41 views

CVE-2026-43984 Tautulli has stored XSS in logFile via guest-controlled log_js_errors input

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose logjserrors to any authenticated user, including guest users when guest access is enabled. The endpoint writes attacker-controlled strings directly into the main application log. The...

8.9CVSS0.00207EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/04 1:22 p.m.10 views

CVE-2019-25731 Zuz Music 2.1 Persistent Cross-site Scripting via zuzconsole Contact

Zuz Music 2.1 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious JavaScript by submitting crafted contact form data. Attackers can inject script code through the name, subject, and message parameters in POST requests to...

6.1CVSS5.7AI score0.00211EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.21 views

PT-2026-46212

Name of the Vulnerable Software and Affected Versions Zoner Real Estate version 4.1.1 Description A persistent cross-site scripting issue exists where authenticated agents can inject malicious JavaScript payloads through the Address input field during property creation. These scripts execute when...

5.4CVSS4.9AI score0.00171EPSS
Exploits0References7
NVD
NVD
added 2026/06/01 11:16 a.m.16 views

CVE-2026-10249

A vulnerability was identified in itsourcecode Online Blood Bank Management System 1.0. Impacted is an unknown function of the file /admin/viewrequest.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might...

7.5CVSS0.00269EPSS
Exploits0References6
CVE
CVE
added 2026/05/26 4:30 p.m.23 views

CVE-2026-9564

CVE-2026-9564 affects SourceCodester/oretnom23 Hospitals Patient Records Management System 1.0. The vulnerability is located in the unknown function handling the file path /admin/?page=patients/view_patient, where manipulating the argument Remarks triggers a cross-site scripting (XSS) flaw. The i...

4.8CVSS4.4AI score0.00202EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/15 5:38 a.m.12 views

CVE-2026-24662

Cross-site scripting vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a file containing malicious contents is uploaded, an arbitrary script may be executed on a user's web browser when viewing the administration page showing the informati...

5.4CVSS6.1AI score0.00134EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/10 12:12 p.m.40 views

CVE-2022-50949 WordPress Plugin Videos sync PDF 1.7.4 Stored XSS

WordPress Plugin Videos sync PDF 1.7.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting unsanitized mov, pdf, mp4, webm, and ogg parameters. Attackers can inject payloads like autofocus onfocus event handlers throug...

6.4CVSS0.00191EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.8 views

CVE-2026-5324

The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when ...

7.2CVSS6AI score0.00401EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.7 views

CVE-2026-5110

The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping in the SingleProduct field when used inside a Repeater field. When SingleProduct fields are...

7.2CVSS6AI score0.00247EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/02 8:27 a.m.33 views

CVE-2026-5324 Brizy – Page Builder <= 2.8.11 - Unauthenticated Stored Cross-Site Scripting via FileUpload Field Value

The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when ...

7.2CVSS0.00401EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/02 8:27 a.m.3 views

CVE-2026-5324

The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when ...

7.2CVSS6AI score0.00401EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/05/02 8:27 a.m.6 views

CVE-2026-5324 Brizy – Page Builder <= 2.8.11 - Unauthenticated Stored Cross-Site Scripting via FileUpload Field Value

The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when ...

7.2CVSS6AI score0.00401EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.8 views

PT-2026-36594

The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when ...

7.2CVSS6AI score0.00401EPSS
Exploits0References9
Rows per page
Query Builder