Lucene search
+L

105 matches found

RedhatCVE
RedhatCVE
added 2025/10/03 12:45 a.m.7 views

CVE-2025-56379

A stored cross-site scripting XSS vulnerability in the blog post feature of ERPNEXT v15.67.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the content field...

5.6AI score0.00382EPSS
Exploits2References1
Packet Storm
Packet Storm
added 2025/10/03 12:0 a.m.485 views

📄 ERPNext 15.67.0 / Frappe 15.72.4 Cross Site Scripting

ERPNext version 15.67.0 and Frappe version 15.72.4 suffer from a persistent cross site scripting vulnerability. CVE-2025-56379 — Stored Cross-Site Scripting XSS in ERPNext 15.67.0 / Frappe 15.72.4 📌 Summary A stored Cross‑Site Scripting XSS vulnerability exists in the Blog module of ERPNext...

5.4CVSS6.4AI score0.00382EPSS
Exploits2
NVD
NVD
added 2025/10/02 2:15 p.m.8 views

CVE-2025-56379

A stored cross-site scripting XSS vulnerability in the blog post feature of ERPNEXT v15.67.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the content field...

5.4CVSS0.00382EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2025/10/02 12:0 a.m.2 views

CVE-2025-56379

A stored cross-site scripting XSS vulnerability in the blog post feature of ERPNEXT v15.67.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the content field...

5.2AI score0.00382EPSS
Exploits2References4
CVE
CVE
added 2025/10/02 12:0 a.m.33 views

CVE-2025-56379

CVE-2025-56379: A stored XSS in ERPNext v15.67.0 blog module (Frappe v15.72.4) via the blog post content field. An authenticated user who can create/edit posts can inject crafted HTML/JS; payload is stored and can execute in other users’ browsers viewing the post. Affected components: ERPNext Blo...

5.4CVSS5.2AI score0.00382EPSS
Exploits2References4Affected Software2
Cvelist
Cvelist
added 2025/10/02 12:0 a.m.12 views

CVE-2025-56379

A stored cross-site scripting XSS vulnerability in the blog post feature of ERPNEXT v15.67.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the content field...

0.00382EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2025/10/02 12:0 a.m.13 views

PT-2025-40352

Name of the Vulnerable Software and Affected Versions ERPNEXT version 15.67.0 Description A stored cross-site scripting XSS issue exists in the blog post feature. An attacker can inject a crafted payload into the content field, potentially leading to the execution of arbitrary web scripts or HTML...

5.4CVSS5.6AI score0.00382EPSS
Exploits2References7
OSV
OSV
added 2025/10/02 12:0 a.m.8 views

CVE-2025-56379

A stored cross-site scripting XSS vulnerability in the blog post feature of ERPNEXT v15.67.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the content field...

5.4CVSS5.7AI score0.00382EPSS
Exploits2References6
Vulnrichment
Vulnrichment
added 2025/09/08 9:19 p.m.3 views

CVE-2025-58365 XWiki Blog Application: Privilege Escalation (PR) from account through blog content

The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Prior to version 9.14, the blog application in XWiki allowed remote code execution for any user who has edit right on any page. Normally, these are all logged-in users as they can edit their own user...

8.7CVSS7.5AI score0.00533EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/08 12:0 a.m.4 views

PT-2025-36622

Impact The blog application in XWiki allowed remote code execution for any user who has edit right on any page. Normally, these are all logged-in users as they can edit their own user profile. To exploit, it is sufficient to add an object of type Blog.BlogPostClass to any page and to add some...

8.7CVSS7.9AI score
Exploits0References5
OSV
OSV
added 2025/08/23 6:30 a.m.5 views

GHSA-H8GX-4HHM-W45V Liferay Portal stored cross-site scripting in text field of the web content structure

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 GA through update 92 allows an remote non-authenticated attacker to inject...

6.9CVSS5.5AI score0.00181EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 6:27 a.m.7 views

CVE-2024-51026

The NetAdmin IAM system version 4.0.30319 has a Cross Site Scripting XSS vulnerability in the /BalloonSave.ashx endpoint, where it is possible to inject a malicious payload into the Content= field...

5.4CVSS5.9AI score0.00347EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:38 p.m.9 views

CVE-2021-35415

A stored cross-site scripting XSS vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the course "Title" and "Content" fields...

4.8CVSS5.5AI score0.00894EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:50 a.m.8 views

CVE-2018-10422

An issue was discovered in HongCMS 3.0.0. The post news feature has Stored XSS via the content field...

4.8CVSS5.7AI score0.00534EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/02/28 12:0 a.m.6 views

PT-2025-9093 · Cyberark · Cyberark Endpoint Privilege Manager

Name of the Vulnerable Software and Affected Versions: CyberArk Endpoint Privilege Manager version 24.7.1 Description: The issue allows for HTML code injection into the page content through the content field in the Application definition page. The estimated number of potentially affected devices...

7.3CVSS6.8AI score0.00589EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/02/14 12:3 a.m.10 views

CVE-2024-35621

A cross-site scripting XSS vulnerability in the Edit function of Formwork before 1.13.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content field...

4.8CVSS5.6AI score0.00271EPSS
Exploits0References3
NVD
NVD
added 2024/11/11 9:15 p.m.28 views

CVE-2024-51026

The NetAdmin IAM system version 4.0.30319 has a Cross Site Scripting XSS vulnerability in the /BalloonSave.ashx endpoint, where it is possible to inject a malicious payload into the Content= field...

5.4CVSS0.00347EPSS
Exploits0References1
CVE
CVE
added 2024/11/11 12:0 a.m.61 views

CVE-2024-51026

CVE-2024-51026 affects NetAdmin IAM system v4.0.30319. The vulnerability is a Cross Site Scripting (XSS) issue in the /BalloonSave.ashx endpoint, where an attacker can inject a payload into the Content field. Affected component: BalloonSave.ashx handling in NetAdmin IAM; root cause: unsanitized C...

5.4CVSS5.9AI score0.00347EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/11 12:0 a.m.12 views

CVE-2024-51026

The NetAdmin IAM system version 4.0.30319 has a Cross Site Scripting XSS vulnerability in the /BalloonSave.ashx endpoint, where it is possible to inject a malicious payload into the Content= field...

6AI score0.00347EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/11 12:0 a.m.7 views

PT-2024-34493 · Unknown · Netadmin Iam System

Name of the Vulnerable Software and Affected Versions: NetAdmin IAM system version 4.0.30319 Description: The issue concerns a Cross Site Scripting XSS vulnerability. It affects the "/BalloonSave.ashx" endpoint, where a malicious payload can be injected into the Content field. Recommendations: Fo...

5.4CVSS6.2AI score0.00347EPSS
Exploits0References4
Rows per page
Query Builder