Lucene search
K

13 matches found

CVE
CVE
added 5 days ago9 views

CVE-2026-60120

Bagisto CVE-2026-60120 affects Bagisto before 2.4.4. It is a stored XSS via client-side template injection: an unauthenticated attacker registers a customer with malicious payload in the first or last name, causing the Create Order page to render in administrator browsers and execute arbitrary Ja...

5.4CVSS6.1AI score0.00201EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/08 2:50 p.m.37 views

CVE-2026-41576 Ajax30/BraveCMS-2.0: Stored HTML Injection in Contact Email via nl2br() and Unescaped Blade Template

Brave CMS is an open-source CMS. Prior to commit 6c56603, the contact form is publicly accessible no authentication required. User-supplied message text is passed through PHP's nl2br function, which converts newlines to tags but does not escape HTML. The resulting string is then passed to a Blade...

7.1CVSS0.00271EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.14 views

PT-2026-36484

Name of the Vulnerable Software and Affected Versions V2Board versions prior to 1.7.5 Description Cross-Site Scripting XSS occurs when the custom html field in the theme configuration is rendered using unescaped Blade output in the 'public/theme/v2board/dashboard.blade.php' file. An administrator...

6.9CVSS6AI score0.00191EPSS
Exploits1References5
NVD
NVD
added 2026/03/20 8:16 a.m.12 views

CVE-2026-33061

Jexactyl is a customisable game management panel and billing system. Commits after 025e8dbb0daaa04054276bda814d922cf4af58da and before e28edb204e80efab628d1241198ea4f079779cfd inject server-side objects into client-side JavaScript through resources/views/templates/wrapper.blade.php. Using unescap...

5.8CVSS0.00165EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/20 7:34 a.m.3 views

CVE-2026-33061 Jexactyl has Stored DOM Cross-Site Scripting (XSS) via unescaped JSON in Blade template

Jexactyl is a customisable game management panel and billing system. Commits after 025e8dbb0daaa04054276bda814d922cf4af58da and before e28edb204e80efab628d1241198ea4f079779cfd inject server-side objects into client-side JavaScript through resources/views/templates/wrapper.blade.php. Using unescap...

5.8CVSS5.9AI score0.00165EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/20 7:34 a.m.23 views

CVE-2026-33061 Jexactyl has Stored DOM Cross-Site Scripting (XSS) via unescaped JSON in Blade template

Jexactyl is a customisable game management panel and billing system. Commits after 025e8dbb0daaa04054276bda814d922cf4af58da and before e28edb204e80efab628d1241198ea4f079779cfd inject server-side objects into client-side JavaScript through resources/views/templates/wrapper.blade.php. Using unescap...

5.8CVSS0.00165EPSS
Exploits1References2
OSV
OSV
added 2026/03/20 7:34 a.m.5 views

CVE-2026-33061 Jexactyl has Stored DOM Cross-Site Scripting (XSS) via unescaped JSON in Blade template

Jexactyl is a customisable game management panel and billing system. Commits after 025e8dbb0daaa04054276bda814d922cf4af58da and before e28edb204e80efab628d1241198ea4f079779cfd inject server-side objects into client-side JavaScript through resources/views/templates/wrapper.blade.php. Using unescap...

5.8CVSS5.9AI score0.00165EPSS
Exploits1References4
CVE
CVE
added 2026/03/20 7:34 a.m.15 views

CVE-2026-33061

CVE-2026-33061 affects Jexactyl (previously named Exactyl), a configurable game management panel and billing system. The issue arises from injecting server-side objects into client-side JavaScript via resources/views/templates/wrapper.blade.php, where unescaped {!! json_encode(...) !!} is used wi...

5.8CVSS5.9AI score0.00165EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.8 views

PT-2026-26575

exactyl is a customisable game management panel and billing system. Commits after 025e8dbb0daaa04054276bda814d922cf4af58da and before e28edb204e80efab628d1241198ea4f079779cfd inject server-side objects into client-side JavaScript through resources/views/templates/wrapper.blade.php. Using unescape...

5.8CVSS5.9AI score0.00165EPSS
Exploits1References3
CVE
CVE
added 2026/03/19 9:35 p.m.15 views

CVE-2026-32754

FreeScout (Laravel) versions ≤ 1.8.208 are affected by a Stored XSS in email notification templates. Incoming email bodies are stored and rendered unescaped with Blade's raw output {!! $thread->body !!}, enabling an attacker to inject HTML/JS via a sent email that can execute when recipients (...

9.3CVSS5.9AI score0.00527EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/06/17 2:15 p.m.3 views

CVE-2024-37621

StrongShop v1.0 was discovered to contain a Server-Side Template Injection SSTI vulnerability via the component /shippingOptionConfig/index.blade.php...

7.2CVSS5.8AI score0.00693EPSS
Exploits1References2
CNVD
CNVD
added 2021/12/09 12:0 a.m.21 views

Laravel Framework Cross-Site Scripting Vulnerability

Laravel Framework is a PHP-based web application development framework by Taylor Otwell, a personal developer.Laravel Framework has a cross-site scripting vulnerability that can be exploited by attackers to perform xss attacks through the Blade template engine...

6.1CVSS2.3AI score0.00799EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/12/08 12:0 a.m.7 views

Laravel Framework 加密问题漏洞

Laravel Framework is a PHP-based web application development framework by Taylor Otwell, a personal developer.Laravel Framework has a cross-site scripting vulnerability that can be exploited by attackers to perform xss attacks through the Blade template engine...

6.1CVSS5.2AI score0.00799EPSS
Exploits1References10
Rows per page
Query Builder