Lucene search
K

66 matches found

Cvelist
Cvelist
added 2026/01/13 10:51 p.m.22 views

CVE-2022-50905 e107 CMS v3.2.1 - Reflected XSS via Comment Flow

e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting XSS attacks. The first vulnerability is a reflected XSS that occurs in the news comment functionality when authenticated users interact with the comment form. An attacker can inject malicious JavaScript code...

9.8CVSS0.00574EPSS
Exploits1References4
EUVD
EUVD
added 2025/12/23 12:30 a.m.4 views

EUVD-2025-204761

wb2osz/direwolf Dire Wolf versions up to and including 1.8, prior to commit 3658a87, contain a reachable assertion vulnerability in the APRS MIC-E decoder function aprsmice located in src/decodeaprs.c. When processing a specially crafted AX.25 frame containing a MIC-E message with an empty or...

8.7CVSS6.2AI score0.00424EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/17 8:7 a.m.5 views

CVE-2025-51962

A HTML Injection vulnerability in the comment section of the project page in MicroStudio 24.01.29 allows remote attackers to inject arbitrary web script or HTML via the text parameter of addprojectcomment function...

6.1CVSS6.8AI score0.00184EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/18 6:58 a.m.7 views

CVE-2025-9501

The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the parsedynamicmfunc function, allowing unauthenticated users to execute PHP commands by submitting a comment with a malicious payload to a post...

9CVSS8AI score0.19638EPSS
Exploits1References1
OSV
OSV
added 2025/10/23 12:0 a.m.4 views

CVE-2025-60859

Cross Site Scripting XSS vulnerability in Gnuboard 5.6.15 allows authenticated attackers to execute arbitrary code via crafted cid parameter in bbs/viewcomment.php...

6.1CVSS6.6AI score0.00258EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-28814

Malicious code in bioql PyPI...

5.3CVSS5.6AI score0.01082EPSS
Exploits1References1
NVD
NVD
added 2025/10/01 6:15 a.m.8 views

CVE-2025-9512

The Schema & Structured Data for WP & AMP WordPress plugin before 1.50 does not properly handles HTML tag attribute modifications, making it possible for unauthenticated attackers to conduct Stored XSS attacks via post comments...

6.1CVSS0.00197EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-24585

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A stored cross-site scripting XSS vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or...

5.4CVSS5.7AI score0.00753EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/26 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-39918

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect Authorization in GitLab EE affecting all versions starting from 11.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starti...

4.3CVSS5AI score0.00738EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 11:57 p.m.8 views

CVE-2022-23889

The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently, allowing attackers to create an unusually large number of comments...

5.3CVSS6.8AI score0.01082EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/06 12:0 a.m.6 views

PT-2025-19959 · Seacms · Seacms

Name of the Vulnerable Software and Affected Versions: SeaCMS version 13.3 Description: A SQL injection issue was discovered in the admin comment news.php component. Recommendations: For SeaCMS version 13.3, update to a version that fixes the SQL injection vulnerability in the admin comment...

9.8CVSS7.3AI score0.00406EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/01/13 12:0 a.m.4 views

Apache CloudStack 安全漏洞

Apache CloudStack is a suite of Infrastructure-as-a-Service IaaS cloud computing platforms from the Apache USA Foundation. The platform is primarily used to deploy and manage large networks of virtual machines. A security vulnerability exists in Apache CloudStack version 4.16.0 that stems from th...

4.3CVSS6.5AI score0.01912EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/08/21 12:0 a.m.5 views

The vulnerability in the implementation of the deleteComment method in the comments module of the CMS system Netcat allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the deleteComment method in the comments module of the CMS system Netcat is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorized access to the protected information...

9.1CVSS5.6AI score
Exploits0References1Affected Software1
OSV
OSV
added 2024/03/07 12:15 p.m.1 views

CVE-2024-28228

In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible...

5.3CVSS5.9AI score0.00483EPSS
Exploits0References1
OSV
OSV
added 2024/02/19 5:15 p.m.1 views

UBUNTU-CVE-2024-25983

Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available e.g., on their profile page...

5.3CVSS5.8AI score0.00602EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/02/12 12:0 a.m.5 views

WordPress Plugin Honeypot for WP Comment Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

7.1CVSS6AI score0.00331EPSS
Exploits0References2
Nextcloud
Nextcloud
added 2024/01/18 8:37 a.m.62 views

Self XSS when sending HTML as a comment in the Deck app

None...

5.4CVSS5.5AI score0.00505EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/09/07 10:15 p.m.10 views

CVE-2023-41161

Multiple stored cross-site scripting XSS vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the key comment to different pages such as public key details, Export key, sign key, send to key server page, and fetch from key server page tab...

5.4CVSS5.8AI score0.00397EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/04/11 12:0 a.m.4 views

SAP Application Interface Framework 跨站脚本漏洞

SAP Application Interface Framework SAP AIF is an application interface framework from SAP, Germany. A security vulnerability exists in SAP Application Interface Framework ODATA service versions 600 and 700, which allows an authorized attacker to enter a link or title with custom CSS classes into...

5.4CVSS5.7AI score0.00324EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:0 a.m.4 views

SUSE CVE-2016-5704

Cross-site scripting XSS vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment...

6.1CVSS6AI score0.01644EPSS
Exploits0References3
Rows per page
Query Builder