Lucene search
K

2809 matches found

NVD
NVD
added 2026/06/09 8:16 p.m.12 views

CVE-2026-47106

Ellucian Banner Self-Service before the April T2 release 2025-04-23 contains a stored cross-site scripting vulnerability in the course search functionality that allows authenticated Banner ERP users to inject malicious payloads into faculty and course fields by exploiting missing HTML encoding...

5.4CVSS0.00196EPSS
Exploits0References3
NVD
NVD
added 2026/06/09 8:16 p.m.16 views

CVE-2026-32856

Ellucian Banner Self-Service before the April T2 release 2025-04-23 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting unsanitized input through the toDateFormat request parameter in the...

6.1CVSS0.0022EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 7:15 p.m.11 views

EUVD-2026-35796

Ellucian Banner Self-Service before the April T2 release 2025-04-23 contains a stored cross-site scripting vulnerability in the course search functionality that allows authenticated Banner ERP users to inject malicious payloads into faculty and course fields by exploiting missing HTML encoding...

5.4CVSS5.3AI score0.00196EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 7:15 p.m.32 views

CVE-2026-47106 Ellucian Banner Self-Service Stored XSS via getFacultyMeetingTimes API

Ellucian Banner Self-Service before the April T2 release 2025-04-23 contains a stored cross-site scripting vulnerability in the course search functionality that allows authenticated Banner ERP users to inject malicious payloads into faculty and course fields by exploiting missing HTML encoding...

5.4CVSS0.00196EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 7:15 p.m.20 views

CVE-2026-47106

CVE-2026-47106 affects Ellucian Banner Self-Service prior to the April T2 release. The issue is a stored cross-site scripting (XSS) vulnerability in the course search functionality caused by missing HTML encoding during DOM insertion. Malicious JavaScript can be stored in fields such as faculty d...

5.4CVSS5.6AI score0.00196EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 7:15 p.m.11 views

CVE-2026-47106 Ellucian Banner Self-Service Stored XSS via getFacultyMeetingTimes API

Ellucian Banner Self-Service before the April T2 release 2025-04-23 contains a stored cross-site scripting vulnerability in the course search functionality that allows authenticated Banner ERP users to inject malicious payloads into faculty and course fields by exploiting missing HTML encoding...

5.4CVSS5.6AI score0.00196EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 7:14 p.m.93 views

CVE-2026-32856

Ellucian Banner Self-Service (before the April T2 release, 2025-04-23) contains a reflected XSS flaw in the dateConverter endpoint’s toDateFormat parameter. An unauthenticated attacker can craft a malicious URL to inject unsanitized input, causing the victim’s browser to execute arbitrary JavaScr...

6.1CVSS5.6AI score0.0022EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 7:14 p.m.15 views

EUVD-2026-35795

Ellucian Banner Self-Service before the April T2 release 2025-04-23 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting unsanitized input through the toDateFormat request parameter in the...

6.1CVSS5.6AI score0.0022EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 7:14 p.m.38 views

CVE-2026-32856 Ellucian Banner Self-Service Reflected XSS via dateConverter

Ellucian Banner Self-Service before the April T2 release 2025-04-23 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting unsanitized input through the toDateFormat request parameter in the...

6.1CVSS0.0022EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 7:14 p.m.9 views

CVE-2026-32856 Ellucian Banner Self-Service Reflected XSS via dateConverter

Ellucian Banner Self-Service before the April T2 release 2025-04-23 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting unsanitized input through the toDateFormat request parameter in the...

6.1CVSS5.6AI score0.0022EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-48219

Name of the Vulnerable Software and Affected Versions Ellucian Banner Self-Service versions prior to April T2 release 2025-04-23 Description A reflected cross-site scripting issue exists where unauthenticated attackers can execute arbitrary JavaScript in a victim's browser. This is achieved by...

6.1CVSS5.2AI score0.0022EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

Ellucian Banner Self-Service 跨站脚本漏洞

Ellucian Banner Self-Service is a higher education self-service platform developed by the American company Ellucian. Versions of Ellucian Banner Self-Service prior to 2025-04-23 had a cross-site scripting vulnerability. This vulnerability stemmed from the course search function not being...

5.4CVSS4.9AI score0.00196EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.18 views

PT-2026-48222

Name of the Vulnerable Software and Affected Versions Ellucian Banner Self-Service versions prior to 2025-04-23 Description The course search functionality contains a stored cross-site scripting issue. Authenticated Banner ERP users with write access can inject malicious JavaScript into faculty a...

5.4CVSS5.3AI score0.00196EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Ellucian Banner Self-Service 跨站脚本漏洞

Ellucian Banner Self-Service is a higher education self-service platform developed by the American company Ellucian. Versions of Ellucian Banner Self-Service prior to 2025-04-23 had a cross-site scripting vulnerability. This vulnerability stemmed from the lack of proper cleaning of the input...

6.1CVSS5.4AI score0.0022EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.11 views

CVE-2026-36358

Cross Site Scripting vulnerability in Juzaweb CMS v.5.0.0 allows a remote attacker via execute arbitrary code via a crafted script to the Add Banner Ads function...

5.4CVSS6AI score0.00202EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.8 views

CVE-2026-44240

basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is vulnerable to client-side denial of service when parsing FTP control-channel multiline responses. A malicious or compromised FTP server can send an unterminated multiline response during the initial FTP banner phase, before...

7.5CVSS5.7AI score0.00465EPSS
Exploits0References1
Debian
Debian
added 2026/05/30 2:38 p.m.19 views

[BSA-135] Security Update for exim4

Andreas Metzler uploaded new packages for exim4 which fixed the following security problems: CVE-2026-48840 PROXYv2 parser: reject PROXY frames whose declared payload length is too short for the claimed address family 12 bytes for TCPv4/0x11, 36 bytes for TCPv6/0x21. Previously a frame with...

5.3CVSS5.7AI score0.00264EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.14 views

PT-2026-43495

The CM Ad Changer – A simple tool to control and optimize your site's banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the cmac campaigns action function. This makes it...

4.3CVSS5.9AI score0.00128EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/19 1:58 a.m.12 views

CVE-2026-45665

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Banner component due to an improper sanitization order specifically, DOMPurify is executed before the marked library. Th...

8.1CVSS5.8AI score0.00322EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/19 12:51 a.m.11 views

EUVD-2026-30822

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.1.0 through 0.6.51, SendEmailBlock in autogptplatform/backend/backend/blocks/emailblock.py accepts a user-supplied smtpserver string and smtpport integer as...

5CVSS5.9AI score0.00304EPSS
Exploits0References2
Rows per page
Query Builder