Lucene search
K

1498 matches found

Nuclei
Nuclei
added yesterday160 views

SPIP <3.1.2 - Cross-Site Scripting

SPIP 3.1.2 and earlier contains a cross-site scripting vulnerability in validerxml.php which allows remote attackers to inject arbitrary web script or HTML via the varurl parameter in a validerxml action. id: CVE-2016-7981 info: name: SPIP 3.1.2 - Cross-Site Scripting author: pikpikcu severity:...

6.1CVSS6.8AI score0.08216EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday54 views

Zarafa WebApp <=2.0.1.47791 - Cross-Site Scripting

Zarafa WebApp 2.0.1.47791 and earlier contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. id: CVE-2019-7219 info: name: Zarafa WebApp =2.0.1.47791 -...

6.1CVSS6.6AI score0.05173EPSS
Exploits0References5
NVD
NVD
added last week7 views

CVE-2026-12948

A stored cross-site scripting XSS vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA allows a remote, authenticated administrator to inject script into certain system configuration fields. The script subsequently executes in the...

4.8CVSS0.00269EPSS
Exploits0References1
CVE
CVE
added last week14 views

CVE-2026-12948

The CVE-2026-12948 vulnerability affects the web management interfaces of Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA. It is a stored XSS (CWE-79) that permits a remote, authenticated administrator to inject script into certain system configuration fields; the script can exec...

4.8CVSS5.8AI score0.00269EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 8:19 p.m.31 views

CVE-2025-36321 Vulnerabilities found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.7CVSS0.00407EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 12:32 a.m.6 views

EUVD-2026-39596

A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored cross-site scripting XSS payload into cluster objects such as ClusterVersion...

6.9CVSS5.7AI score0.00176EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 2:32 p.m.31 views

CVE-2026-57532

Malicious HTML content contained in the layout specification of a PDF ticket or badge layout was executed when the PDF editor is opened in the browser. This could allow one backend user to inject JavaScript into the browser context of another backend user. Due to requirements of the PDF rendering...

8.8CVSS0.0033EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 1:16 p.m.4 views

PYSEC-2026-230

Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard that renders crawl URLs and error messages via innerHTML without escaping. An attacker can submit a crafted crawl request with malicious markup that executes in an operator's browser when viewing t...

5.3CVSS5.6AI score0.00421EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/10 8:39 p.m.34 views

CVE-2026-53742 Simple Link Directory through 9.0.4 Stored XSS via Embed Shortcode Attributes

Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML data attributes without escaping in the embedder template. Attackers with contributor access can craft a shortcode attribute that injects an event handler executing in a viewer's browser...

5.4CVSS0.00141EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 5:17 p.m.10 views

CVE-2026-48301

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS0.00224EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.12 views

CVE-2026-34658

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may...

4.8CVSS5.5AI score0.00274EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/28 8:12 a.m.12 views

CVE-2026-48999

Attackers carefully craft malicious scripts, such as JavaScript, and inject them into target systems; when other users access pages containing such malicious content, the scripts are automatically loaded and executed in the victim's browser.Attackers can thereby steal user cookies, hijack session...

5.7CVSS5.9AI score0.00169EPSS
Exploits0References1
NVD
NVD
added 2026/05/19 2:16 p.m.26 views

CVE-2025-40900

An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing an Angular template payload, or a victim can be socially engineered to...

5.1CVSS0.00201EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/19 1:17 p.m.11 views

CVE-2025-40900

An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing an Angular template payload, or a victim can be socially engineered to...

5.1CVSS5.8AI score0.00201EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/19 1:17 p.m.42 views

CVE-2025-40900 Angular template injection in Reports in Guardian/CMC before 26.1.0

An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing an Angular template payload, or a victim can be socially engineered to...

5.1CVSS0.00201EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 9:32 p.m.13 views

CVE-2026-44369 CVAT: Stored XSS via annotation guides

CVAT is an open source interactive video and image annotation tool for computer vision. From 2.5.0 to 2.63.0, an attacker who is able to create or edit an annotation guide on a task is able to add malicious JavaScript code, which will then run in the browser of anyone who opens this annotation...

8.5CVSS6AI score0.00266EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/13 9:32 p.m.10 views

EUVD-2026-30186

CVAT is an open source interactive video and image annotation tool for computer vision. From 2.5.0 to 2.63.0, an attacker who is able to create or edit an annotation guide on a task is able to add malicious JavaScript code, which will then run in the browser of anyone who opens this annotation...

8.5CVSS6AI score0.00266EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.14 views

PT-2026-40818

Name of the Vulnerable Software and Affected Versions CVAT versions 2.5.0 through 2.63.0 Description An attacker with permissions to create or edit an annotation guide on a task can inject malicious JavaScript code. This code executes in the browser of any user who opens the affected guide,...

8.5CVSS5.9AI score0.00266EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/11 8:26 p.m.11 views

CVE-2021-47948

WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated attackers to inject arbitrary HTML code by exploiting the Help Text field in payment forms. Attackers can inject malicious HTML including image tags and scripts into the Help Text field during paymen...

5.4CVSS6AI score0.00169EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/10 3:31 p.m.36 views

EUVD-2021-34808

WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated attackers to inject arbitrary HTML code by exploiting the Help Text field in payment forms. Attackers can inject malicious HTML including image tags and scripts into the Help Text field during paymen...

5.4CVSS6AI score0.00169EPSS
Exploits0References4
Rows per page
Query Builder