Lucene search
+L

1501 matches found

Cvelist
Cvelist
added 2026/02/10 3:4 a.m.36 views

CVE-2026-24323 Multiple vulnerabilities in BSP Applications of SAP Document Management System

The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL, the injected script is executed in the victim�s browser, leading to a low impact on confidentiality a...

6.1CVSS0.00206EPSS
Exploits0References2
CVE
CVE
added 2026/02/10 3:4 a.m.14 views

CVE-2026-24323

CVE-2026-24323 affects BSP applications of SAP Document Management System. An unauthenticated user can inject malicious script via user-controlled URL parameters that are not sufficiently sanitized, causing script execution in the victim’s browser. Impact is described as low for confidentiality a...

6.1CVSS5.5AI score0.00206EPSS
Exploits0References2Affected Software3
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.12 views

PT-2026-7222

The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL, the injected script is executed in the victim�s browser, leading to a low impact on confidentiality a...

6.1CVSS5.5AI score0.00206EPSS
Exploits0References3
Snyk
Snyk
added 2026/02/05 3:20 a.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the comment field in song metadata. An attacker can execute arbitrary JavaScript in the context of the user's browser by injecting malicious content into this field. Details Cross-site scripting or XSS is a...

6.1CVSS5.6AI score0.00297EPSS
Exploits1References3
OSV
OSV
added 2026/02/03 11:15 a.m.6 views

UBUNTU-CVE-2025-67850

A flaw was found in moodle. This vulnerability, known as Cross-Site Scripting XSS, occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote attacker could inject malicious code into these fields. When other users view these expressions...

7.3CVSS5.9AI score0.00266EPSS
Exploits0References4
CVE
CVE
added 2026/02/03 10:52 a.m.17 views

CVE-2025-67850

CVE-2025-67850 – Moodle XSS via formula editor : Affected component is Moodle, where insufficient validation of user-provided data in the formula editor’s arithmetic expression fields allows a remote attacker to inject malicious code. When other users view these expressions, the script can execut...

7.3CVSS5.6AI score0.00266EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.7 views

PT-2026-4498

Name of the Vulnerable Software and Affected Versions ToDesktop Builder version 0.33.1 Description A reflected cross-site scripting XSS issue exists in ToDesktop Builder. This allows attackers to execute arbitrary code within a user's browser through a specially crafted payload. The issue involve...

5.9CVSS5.4AI score0.00262EPSS
Exploits0References6
Snyk
Snyk
added 2026/01/21 10:46 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rich text fields fields. An attacker can execute arbitrary scripts in the context of other users by injecting malicious HTML content. Details Cross-site scripting or XSS is a code vulnerability that occu...

7.2CVSS6AI score0.00201EPSS
Exploits0References2
NVD
NVD
added 2026/01/20 4:16 p.m.11 views

CVE-2025-36397

IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/20 3:23 p.m.23 views

CVE-2025-36397 Security vulnerabilities have been found in IBM Application Gateway

IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS0.00162EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.8 views

IBM Application Gateway security vulnerabilities

IBM Application Gateway is an application gateway offered by the American multinational company International Business Machines IBM. It provides a containerized secure web reverse proxy that is designed to be placed before your applications, seamlessly adding authentication and authorization...

5.4CVSS5.9AI score0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/17 2:6 p.m.8 views

CVE-2026-0695

In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user’s browser when the affected...

8.7CVSS7.1AI score0.00251EPSS
Exploits0References1
OSV
OSV
added 2026/01/15 9:16 p.m.9 views

CVE-2025-70890

A stored cross-site scripting XSS vulnerability exists in Cyber Cafe Management System v1.0. An authenticated attacker can inject arbitrary JavaScript code into the username parameter via the add-users.php endpoint. The injected payload is stored and executed in the victim s browser when the...

6.1CVSS5.8AI score0.00216EPSS
Exploits2References2
EUVD
EUVD
added 2026/01/14 6:27 p.m.6 views

EUVD-2026-2437

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the Editing component. The images parameter submitted as images in a POST request is reflected into an HTML href attribute without proper context-aware output encoding in...

4.8CVSS5.1AI score0.00194EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.6 views

CVE-2025-41003

Imaster's Patient Record Management System contains a stored Cross-Site Scripting XSS vulnerability in the endpoint ‘/projects/hospital/admin/editpatient.php’. By injecting a malicious script into the ‘firstname’ parameter, the JavaScript code is stored and executed every time a user accesses the...

5.1CVSS6.2AI score0.00251EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/01 10:28 p.m.8 views

CVE-2025-67708

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...

6.1CVSS6.7AI score0.00197EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/01 12:31 a.m.5 views

EUVD-2025-206096

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...

6.1CVSS6.2AI score0.00197EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/01 12:31 a.m.4 views

EUVD-2025-206099

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...

6.1CVSS6.2AI score0.00197EPSS
Exploits0References2
NVD
NVD
added 2025/12/31 11:15 p.m.11 views

CVE-2025-67704

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...

6.1CVSS0.00197EPSS
Exploits0References1
NVD
NVD
added 2025/12/31 11:15 p.m.5 views

CVE-2025-67703

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...

6.1CVSS0.00193EPSS
Exploits0References1
Rows per page
Query Builder