Lucene search
K

19 matches found

NVD
NVD
added 3 days ago5 views

CVE-2026-13114

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content and User Biographical Info in all versions up to, and including, 1.4.112 due to insufficient input sanitization and output escaping. This makes it possibl...

7.2CVSS0.00247EPSS
Exploits0References8
CVE
CVE
added 3 days ago11 views

CVE-2026-13114

CVE-2026-13114 affects the Motors – Car Dealership & Classified Listings Plugin for WordPress, vulnerable to an unauthenticated Stored Cross-Site Scripting (XSS) via Comment Content and User Biographical Info in all versions up to 1.4.112. The flaw arises from insufficient input sanitization and ...

7.2CVSS6.2AI score0.00247EPSS
Exploits0References8
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-13114 Motors <= 1.4.112 - Unauthenticated Stored Cross-Site Scripting via Comment Content and User Biographical Info

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content and User Biographical Info in all versions up to, and including, 1.4.112 due to insufficient input sanitization and output escaping. This makes it possibl...

7.2CVSS0.00247EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 3 days ago10 views

PT-2026-57376

Name of the Vulnerable Software and Affected Versions Motors – Car Dealership & Classified Listings Plugin versions prior to 1.4.113 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to perform Stored Cross-Site Scripting XSS. This occurs when arbitra...

7.2CVSS6.2AI score0.00247EPSS
Exploits0References12
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-42509

The WP DSGVO Tools GDPR WordPress plugin before 3.1.40 does not perform an authorization check on the immediate-processing path of its data subject access request feature, allowing unauthenticated attackers to generate and download the full personal-data export including name, postal address, pho...

5.3CVSS6AI score0.00193EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 3:27 p.m.12 views

CVE-2026-44664 fast-xml-builder: Comment Value bypass regex

fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace/--/g, '- -'. This skip the values containing three consecutive dashes e.g., ---..., allowing an attacker to break out of an XML comment and...

6.1CVSS5.9AI score0.00238EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/05/08 2:22 a.m.10 views

SUSE CVE-2026-41650

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the "--" sequence in comment content or the "" sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection...

6.1CVSS5.7AI score0.00238EPSS
Exploits1References3
NVD
NVD
added 2026/05/07 3:16 p.m.17 views

CVE-2026-41650

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the "--" sequence in comment content or the "" sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection...

6.1CVSS0.00238EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/05/07 1:36 p.m.8 views

CVE-2026-41650

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the "--" sequence in comment content or the "" sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection...

6.1CVSS5.7AI score0.00238EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/05/07 1:36 p.m.8 views

CVE-2026-41650

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the "--" sequence in comment content or the "" sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection...

6.1CVSS5.7AI score0.00238EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/03/13 7:54 p.m.4 views

CVE-2026-22191

Beghelli Sicuro24 SicuroWeb contains a template injection vulnerability that allows attackers to inject arbitrary AngularJS expressions by exploiting improper rendering of untrusted input in AngularJS template contexts. Attackers can inject malicious expressions that are compiled and executed by...

5.2CVSS0.00362EPSS
Exploits0References5
CVE
CVE
added 2026/03/13 1:18 a.m.33 views

CVE-2026-22191

Beghelli Sicuro24 SicuroWeb is affected by an AngularJS 1.5.2-based template injection chain that can lead to arbitrary JavaScript execution in operator browser sessions. The root cause is improper handling of untrusted input in AngularJS template contexts, combined with an end-of-life AngularJS ...

5.2CVSS6.1AI score0.00362EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/03/13 1:18 a.m.32 views

CVE-2026-22191 Beghelli Sicuro24 SicuroWeb AngularJS Template Injection

Beghelli Sicuro24 SicuroWeb contains a template injection vulnerability that allows attackers to inject arbitrary AngularJS expressions by exploiting improper rendering of untrusted input in AngularJS template contexts. Attackers can inject malicious expressions that are compiled and executed by...

5.2CVSS0.00362EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/29 12:0 a.m.2 views

CVE-2025-65442

DOM-based Cross-Site Scripting XSS vulnerability in 201206030 novel V3.5.0 allows remote attackers to execute arbitrary JavaScript code or disclose sensitive information e.g., user session cookies via a crafted "wvstest" parameter in the URL or malicious script injection into window.localStorage...

5.5AI score0.00291EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/07/12 12:0 a.m.4 views

NodCMS 跨站脚本漏洞

NodCMS is a free, multi-language, simple and powerful CMS based on CodeIgniter4 by Mojtaba Individual Developers. A cross-site scripting vulnerability exists in khodakhah NodCMS version 3.4.1, which stems from the parameter commentname/commentcontent in the file /en/blog-comment-4 that leads to...

6.1CVSS4.2AI score0.0045EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/04/14 12:0 a.m.6 views

AeroCMS 跨站脚本漏洞

AeroCMS is a content management system from the American company AeroCMS. AeroCMS version v0.0.1 suffers from a cross-site scripting vulnerability that stems from the commentauthor and commentcontent parameters of /post.php failing to properly validate user input. An attacker can exploit this...

5.4CVSS6AI score0.00384EPSS
Exploits1References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/05/13 9:6 a.m.3 views

BookStack vulnerable to cross-site scripting

Overview BookStack contains a cross-site scripting vulnerability CWE-79. Kenichi Okuno of Mitsui Bussan Secure Directions, Inc reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be...

6.3CVSS6.2AI score0.00782EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/05/13 12:0 a.m.69 views

JVN#41035278: BookStack vulnerable to cross-site scripting

BookStack contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update the software to the latest version according to the information provided by the developer. The developer states as follows; Aft...

6.3CVSS5.4AI score0.00782EPSS
Exploits0
OSV
OSV
added 2019/03/14 4:29 p.m.5 views

DEBIAN-CVE-2019-9787

WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS...

8.8CVSS8.5AI score0.4375EPSS
Exploits4References1
Rows per page
Query Builder