Lucene search
K

18 matches found

NVD
NVD
added 2026/05/16 4:16 p.m.27 views

CVE-2021-47955

CouchCMS 2.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript by uploading malicious SVG files through the file upload functionality. Attackers can upload SVG files containing embedded script tags to the browse.php endpoint, which...

5.4CVSS0.00172EPSS
Exploits0References3
CVE
CVE
added 2026/05/16 3:26 p.m.19 views

CVE-2021-47955

CVE-2021-47955 affects CouchCMS 2.2.1 and describes a cross-site scripting vulnerability via SVG file uploads. An authenticated attacker can upload SVG files containing embedded script tags through the file upload functionality, which are then executed in other users’ browsers when the files are ...

5.4CVSS5.9AI score0.00172EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/16 3:26 p.m.10 views

CVE-2021-47955 CouchCMS 2.2.1 Cross-Site Scripting via SVG File Upload

CouchCMS 2.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript by uploading malicious SVG files through the file upload functionality. Attackers can upload SVG files containing embedded script tags to the browse.php endpoint, which...

5.4CVSS5.9AI score0.00172EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.12 views

PT-2026-41452

Name of the Vulnerable Software and Affected Versions CouchCMS version 2.2.1 Description Authenticated attackers can execute arbitrary JavaScript by uploading malicious SVG files through the file upload functionality. This occurs when SVG files containing embedded script tags are uploaded to the...

5.4CVSS6.1AI score0.00172EPSS
Exploits0References5
CVE
CVE
added 2026/05/11 5:17 p.m.9 views

CVE-2026-7308

CVE-2026-7308 (Nexus Repository) : An authenticated user with upload permissions can store content that triggers arbitrary JavaScript in the browser of any user visiting the repository HTML index page, via Nexus Repository versions 3.6.0–3.91.x (3.92.0 fixes this). The attack is a stored XSS on t...

5.1CVSS6AI score0.00266EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/11 5:17 p.m.38 views

CVE-2026-7308 Nexus Repository 3 - Stored Cross-Site Scripting (XSS) via HTML Browse Page

An authenticated user with upload permission to a hosted repository can store content that causes arbitrary JavaScript to execute in the browser of any user who browses that repository directory via the HTML index page in Sonatype Nexus Repository versions 3.6.0 through versions before 3.92.0. Th...

5.1CVSS0.00266EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/05 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-40315

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A limited SQL injection risk was identified in the browse list of users site administration page. CVE-2022-40315 Note that Nessus relies on the presence of the...

9.8CVSS6.4AI score0.0083EPSS
Exploits0References2
CNVD
CNVD
added 2025/07/21 12:0 a.m.1 views

jonnys Liquor browse.php file SQL injection vulnerability

jonnys Liquor is a content and management system. jonnys Liquor suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Search in the file /browse.php. An attacker can exploit this vulnerability to execute illeg...

9.8CVSS8.2AI score0.00399EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/12/27 9:15 p.m.2 views

CVE-2023-43481

An issue in Shenzhen TCL Browser TV Web BrowseHere aka com.tcl.browser 6.65.022dab24cc6231221gp allows a remote attacker to execute arbitrary JavaScript code via the com.tcl.browser.portal.browse.activity.BrowsePageActivity component...

9.8CVSS6.1AI score0.01059EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/12/27 12:0 a.m.3 views

TCL BrowseHere Security Breach

Tcl Communication TCL BrowseHere is a video playback browser with a sophisticated interface from TCL Communication China. A security vulnerability exists in TCL BrowseHere version 6.65.022dab24cc6231221gp, which originates from a vulnerability that allows remote attackers to execute arbitrary...

9.8CVSS7.5AI score0.01059EPSS
Exploits1References2
Openbugbounty
Openbugbounty
added 2017/09/16 4:9 p.m.11 views

rottentomatoes.com XSS vulnerability

Vulnerable URL: https://www.rottentomatoes.com/browse/dvd-streaming-all/?services=...

6.9AI score
Exploits0
CNVD
CNVD
added 2017/04/03 12:0 a.m.3 views

SQL Injection Vulnerability in UReader Digital Library System browse.php Page

UReader Digital Library UReader Digital Library is a comprehensive platform for providing e-books in original foreign languages. A SQL injection vulnerability exists in the UReader Digital Library browse.php page. The vulnerability is caused by not filtering the 'catid' parameter effectively, whi...

7.8AI score
Exploits0
Openbugbounty
Openbugbounty
added 2016/07/16 6:25 p.m.6 views

sevensupergirls.brownpapertickets.com XSS vulnerability

Vulnerable URL: http://sevensupergirls.brownpapertickets.com/browse.html Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check...

6.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2016/06/26 10:28 a.m.17 views

phe-culturecollections.org.uk XSS vulnerability

Vulnerable URL: https://www.phe-culturecollections.org.uk/products/bacteria/browse.jsp?level=1&val1;=Achromobacter%20xylosoxidans%20subsp.%20xylosoxidans=1%22--%3E%3Csvg/onload=;prompt/OPENBUGBOUNTY/;%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017...

6.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2016/05/10 7:46 p.m.17 views

mediatheque.mc XSS vulnerability

Vulnerable URL: http://www.mediatheque.mc/in/faces/browse.xhtml?profile=%3C/title%3E%3C/script/%27-alert%280%29-%27%22-%22--%3E%3Cimg/onerror=%22;alert%28/OPENBUGBOUNTY/%29;%22src=1%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS...

6.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2015/09/04 8:43 a.m.20 views

shopstyle.com XSS vulnerability

Vulnerable URL: http://www.shopstyle.com/browse?fts="...

6.9AI score
Exploits0
Debian CVE
Debian CVE
added 2014/11/30 11:0 a.m.29 views

CVE-2014-8958

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database, 2 table, or 3 column name that is improperly handled during...

4.3CVSS5.3AI score0.02441EPSS
Exploits0
xssed
xssed
added 2008/06/13 12:0 a.m.13 views

Unfixed XSS vulnerability at www.muslima.com

Security researcher TurKPoweR, has submitted on 13/06/2008 a cross-site-scripting XSS vulnerability affecting www.muslima.com, which at the time of submission ranked 8354 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 05/11/2008. It is current...

Exploits0References1
Rows per page
Query Builder