Lucene search
K

2811 matches found

RedhatCVE
RedhatCVE
added 2026/05/19 1:58 a.m.12 views

CVE-2026-45665

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Banner component due to an improper sanitization order specifically, DOMPurify is executed before the marked library. Th...

8.1CVSS5.8AI score0.00322EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/19 12:51 a.m.11 views

EUVD-2026-30822

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.1.0 through 0.6.51, SendEmailBlock in autogptplatform/backend/backend/blocks/emailblock.py accepts a user-supplied smtpserver string and smtpport integer as...

5CVSS5.9AI score0.00304EPSS
Exploits0References2
Hacker One
Hacker One
added 2026/05/18 8:49 a.m.26 views

Revive Adserver: PHP code injection via unexpected delivery limitation parameter

A vulnerability was reported in Revive Adserver 6.0.6 and earlier versions where user input was not properly validated when saving delivery limitations. This allowed a low-privileged user to inject malicious PHP code into the compiledlimitations field, which could then be executed during banner...

8.8CVSS5.9AI score0.0045EPSS
Exploits1
NVD
NVD
added 2026/05/16 4:16 p.m.13 views

CVE-2020-37237

Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin credentials can inject XSS payloads in the Description field of the Add banner...

6.4CVSS0.00239EPSS
Exploits0References4
CVE
CVE
added 2026/05/16 3:25 p.m.17 views

CVE-2020-37237

Summary : CVE-2020-37237 affects Composr CMS 10.0.34. A persistent cross-site scripting (XSS) flaw exists in the banner management interface, enabling authenticated administrators to inject scripts via the Description field in Add banner. Payloads executed for all visitors when they access the ho...

6.4CVSS5.7AI score0.00239EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/16 3:25 p.m.42 views

CVE-2020-37237 Composr CMS 10.0.34 Persistent Cross-Site Scripting via banners

Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin credentials can inject XSS payloads in the Description field of the Add banner...

6.4CVSS0.00239EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/16 3:25 p.m.10 views

EUVD-2020-31241

Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin credentials can inject XSS payloads in the Description field of the Add banner...

6.4CVSS5.7AI score0.00239EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/16 3:25 p.m.11 views

CVE-2020-37237 Composr CMS 10.0.34 Persistent Cross-Site Scripting via banners

Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin credentials can inject XSS payloads in the Description field of the Add banner...

6.4CVSS5.7AI score0.00239EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/16 3:25 p.m.12 views

CVE-2020-37237

Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin credentials can inject XSS payloads in the Description field of the Add banner...

6.4CVSS5.7AI score0.00239EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.13 views

PT-2026-41437

Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin credentials can inject XSS payloads in the Description field of the Add banner...

6.4CVSS5.7AI score0.00239EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.12 views

Ocproducts Composr CMS 跨站脚本漏洞

Ocproducts Composr CMS is an open-source content management system CMS developed by the British company Ocproducts, written in PHP language. Version Ocproducts Composr CMS 10.0.34 has a cross-site scripting vulnerability. This vulnerability stems from a persistent cross-site script in the banner...

6.4CVSS5.6AI score0.00239EPSS
Exploits0References1
NVD
NVD
added 2026/05/15 10:16 p.m.28 views

CVE-2026-45665

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Banner component due to an improper sanitization order specifically, DOMPurify is executed before the marked library. Th...

8.1CVSS0.00322EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/15 9:42 p.m.53 views

CVE-2026-45665 Open WebUI: Stored XSS in Banner Component via Improper Sanitization Order

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Banner component due to an improper sanitization order specifically, DOMPurify is executed before the marked library. Th...

8.1CVSS0.00322EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 9:42 p.m.7 views

CVE-2026-45665

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Banner component due to an improper sanitization order specifically, DOMPurify is executed before the marked library. Th...

8.1CVSS5.8AI score0.00322EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/05/15 9:42 p.m.31 views

CVE-2026-45665

Open WebUI contains a Stored XSS in the Banner component due to incorrect sanitization order (DOMPurify before marked.parse). The vulnerability allows a compromised administrator to store a payload in the global banner that is rendered for all users, including the Super Admin, enabling privilege ...

8.1CVSS5.8AI score0.00322EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/15 9:42 p.m.18 views

CVE-2026-45665 Open WebUI: Stored XSS in Banner Component via Improper Sanitization Order

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Banner component due to an improper sanitization order specifically, DOMPurify is executed before the marked library. Th...

8.1CVSS5.8AI score0.00322EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/15 9:42 p.m.20 views

EUVD-2026-30664

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Banner component due to an improper sanitization order specifically, DOMPurify is executed before the marked library. Th...

8.1CVSS5.8AI score0.00322EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

Open WebUI 跨站脚本漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.8.0 had a cross-site scripting vulnerability. This vulnerability stemmed from improper cleanup order in the Banner component, leading to storage-based cross-site...

8.1CVSS5.6AI score0.00322EPSS
Exploits1References2
OSV
OSV
added 2026/05/14 8:27 p.m.57 views

GHSA-CQP4-QQVG-3787 Open WebUI has Stored XSS in Banner Component via Improper Sanitization Order

Summary A Stored Cross-Site Scripting XSS vulnerability exists in the Banner component due to an improper sanitization order specifically, DOMPurify is executed before the marked library. This vulnerability allows a compromised or malicious administrator to plant a malicious payload in the global...

8.1CVSS5.8AI score0.00322EPSS
Exploits1References4
Patchstack
Patchstack
added 2026/05/14 8:27 p.m.8 views

NPM: Open WebUI has Stored XSS in Banner Component via Improper Sanitization Order

NPM: Open WebUI has Stored XSS in Banner Component via Improper Sanitization Order vulnerability discovered by ? in WordPress Npm open-webui versions = 0.7.2...

8.1CVSS5.8AI score0.00322EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder