Lucene search
K

103 matches found

Cvelist
Cvelist
added 2025/12/05 5:17 p.m.21 views

CVE-2025-34266 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via plugin-config/addins/menus

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/plugin-config/addins/menus endpoint. When an authenticated user adds or edits an AddIns menu entry, the label and path values are stored in plugin configuration data and lat...

5.1CVSS0.00182EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/05 5:16 p.m.6 views

CVE-2025-34259 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via devicemap/building

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicemap/building endpoint. When an authenticated user creates a map entry, the name parameter is stored and later rendered in the map list UI without HTML sanitzation. An...

5.1CVSS5.1AI score0.00221EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-7087

Malware in sbrugna...

5.4CVSS5.6AI score0.01028EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-11417

Malware in sbrugna...

5.4CVSS5.6AI score0.0062EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-2008

Malware in sbrugna...

4.8CVSS5AI score0.00735EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-17663

Malware in sbrugna...

5.4CVSS5.6AI score0.01853EPSS
Exploits2References5
Cvelist
Cvelist
added 2025/09/22 6:0 a.m.12 views

CVE-2025-9487 Admin and Site Enhancements < 7.9.8 - Authenticated Stored XSS via SVG

The Admin and Site Enhancements ASE WordPress plugin before 7.9.8 does not sanitise SVG files when uploaded via xmlrpc.php when such uploads are enabled, which could allow users to upload a malicious SVG containing XSS payloads...

0.00217EPSS
Exploits0References1
CVE
CVE
added 2025/09/11 11:49 a.m.29 views

CVE-2025-40696

CVE-2025-40696 affects Online Fire Reporting System v1.2 (PHPGurukul). The vulnerability is a stored authenticated XSS in /ofrs/reporting.php caused by insufficient validation of POST parameters fullname, location, and message. This could allow an authenticated attacker to craft input that steals...

5.4CVSS5.1AI score0.00193EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/09/04 12:15 p.m.18 views

CVE-2025-41053

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/commonresource...

5.4CVSS0.00162EPSS
Exploits0References1
NVD
NVD
added 2025/09/04 12:15 p.m.7 views

CVE-2025-41048

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/admin...

5.4CVSS0.00162EPSS
Exploits0References1
NVD
NVD
added 2025/09/04 12:15 p.m.5 views

CVE-2025-41040

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datacode', 'datalang0key', 'datalang0value', 'datalang1key' and 'datatitle' parameters in /apprain/developer/language/lipsum.xm...

5.4CVSS0.00162EPSS
Exploits0References1
CVE
CVE
added 2025/09/04 11:14 a.m.14 views

CVE-2025-41058

appRain CMF 4.0.5 is affected by a stored authenticated XSS vulnerability in the /apprain/developer/addons/update/row_manager endpoint. The issue arises from improper validation of user input in the parameters data[Addon][layouts] and data[Addon][layouts_except], enabling an attacker to inject sc...

5.4CVSS5.7AI score0.00162EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/04 11:12 a.m.3 views

CVE-2025-41050 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/baselibs...

5.1CVSS5.7AI score0.00162EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2016-2559

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in the format function in libraries/sql- parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1...

5.4CVSS6.7AI score0.01712EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2017-6814

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In WordPress before 4.7.3, there is authenticated Cross-Site Scripting XSS via Media File Metadata. This is demonstrated by both 1 mishandling of the playlist...

5.4CVSS5.9AI score0.03016EPSS
Exploits1References2
Patchstack
Patchstack
added 2025/07/30 12:0 a.m.9 views

Drupal GoogleTag Manager module < 1.10.0 - Authenticated Cross Site Scripting (XSS) vulnerability

Authenticated Cross Site Scripting XSS vulnerability discovered by Pierre Rudloff prudloff in WordPress Module GoogleTag Manager versions 1.10.0...

6.1CVSS6.1AI score0.00217EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/30 5:12 p.m.3 views

CVE-2025-52896 Frappe authenticated XSS via data import

Frappe is a full-stack web application framework. Prior to versions 14.94.2 and 15.57.0, authenticated users could upload carefully crafted malicious files via Data Import, leading to cross-site scripting XSS. This issue has been patched in versions 14.94.2 and 15.57.0. There are no workarounds f...

8.6CVSS5.8AI score0.00241EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 5:16 a.m.9 views

CVE-2023-47658

Auth. ShopManager+ Stored Cross-Site Scripting XSS vulnerability in actpro Extra Product Options for WooCommerce plugin = 3.0.3 versions...

5.9CVSS5.6AI score0.00418EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:19 p.m.14 views

CVE-2020-13980

OpenCart 3.0.3.3 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section because of a lack of entity encoding. NOTE: this issue exists because of an incomplete fix for CVE-2020-10596. The vendor states "this is not a massive issue as you...

5.4CVSS5.6AI score0.02671EPSS
Exploits5
Patchstack
Patchstack
added 2025/04/02 12:0 a.m.6 views

Drupal TacJS module < 6.7.0 - Authenticated Cross Site Scripting (XSS) vulnerability

Authenticated Cross Site Scripting XSS vulnerability discovered by Pierre Rudloff prudloff in WordPress Module TacJS versions 6.7.0...

4.8CVSS6.1AI score0.0033EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder