Lucene search
K

4 matches found

Nuclei
Nuclei
added 15 hours ago7 views

WPBot <= 8.4.9 - Cross-Site Scripting

WPBot = 8.4.9 is vulnerable to stored cross-site scripting via the conversation parameter in the qcldwbchatbotconversationsave AJAX action. The AJAX nonce qcsecretbotnonceval123qc is publicly emitted on every frontend page via wplocalizescript under the ajaxnonce key, making it freely obtainable ...

7.2CVSS6.1AI score0.00524EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/20 3:15 a.m.47 views

CVE-2026-6600 langflow-ai langflow Frontend React Component Rendering edit-message.tsx cross site scripting

A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the file src/frontend/src/modals/IOModal/components/chatView/chatMessage/components/edit-message.tsx of the component Frontend React Component Rendering. Executing a manipulation can lead to cross site...

5.1CVSS0.00195EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.6 views

PT-2026-33706

A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the file src/frontend/src/modals/IOModal/components/chatView/chatMessage/components/edit-message.tsx of the component Frontend React Component Rendering. Executing a manipulation can lead to cross site...

5.1CVSS3.9AI score0.00195EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.18 views

PT-2026-41164

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.6.5 Description Scripts can be injected and executed through the HTML rendering view. The frontend includes a function to visualize HTML content of a chat by embedding it in an iFrame. However, the use of the...

7.7CVSS5.9AI score0.00217EPSS
Exploits1References13
Rows per page
Query Builder