Lucene search
K

2020 matches found

Nuclei
Nuclei
added 5 hours ago119 views

Palo Alto Networks PAN-OS Web Interface - Cross Site-Scripting

PAN-OS management web interface is vulnerable to reflected cross-site scripting. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute...

8.8CVSS7AI score0.2389EPSS
Exploits0References5
Nuclei
Nuclei
added 5 hours ago39 views

Zarinpal Paid Download - Reflected XSS

Zarinpal Paid Download WordPress plugin v2.3 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users such as admin, exploit requires...

6.1CVSS7AI score0.00571EPSS
Exploits1References2
Nuclei
Nuclei
added 5 hours ago20 views

MaNGOSWebV4 < 4.0.8 - Cross-Site Scripting

paintballrefjosh/MaNGOSWebV4 4.0.8 contains a reflected XSS caused by unsanitized input in install/index.php step parameter, letting attackers execute arbitrary scripts in the victim's browser, exploit requires victim to visit a maliciously crafted URL id: CVE-2017-6478 info: name: MaNGOSWebV4...

6.1CVSS6.6AI score0.02574EPSS
Exploits6References4
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-57920

Name of the Vulnerable Software and Affected Versions HedgeDoc versions prior to 1.11.0 Description The GitHub Gist export flow fails to properly validate the OAuth2 state value, checking only for its presence instead of verifying it against the user session. This allows an attacker to forge a...

6.8CVSS6.1AI score
Exploits0References4
Snyk
Snyk
added 5 days ago3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper handling of the id parameter in the Bazar widget handler. An attacker can execute arbitrary JavaScript in the victim's browser by crafting a malicious URL that injects attacker-controlled attributes...

6.1CVSS6.2AI score0.00039EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 2:13 p.m.3 views

PYSEC-2026-661 Moderate severity vulnerability that affects mailman

An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site...

6.5CVSS6.1AI score0.02541EPSS
Exploits0References8
ICS
ICS
added 2026/06/25 6:0 a.m.20 views

OHIF Viewers DICOM

ADVISORY SUMMARY Successful exploitation of this vulnerability in a custom integration version could allow an attacker to steal an authenticated clinician's token via a crafted link. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...

8.3CVSS6AI score0.00232EPSS
Exploits0References13
OSV
OSV
added 2026/06/24 1:10 p.m.6 views

OESA-2026-2695 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

8.2CVSS5.8AI score0.00622EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 6:0 a.m.17 views

CVE-2026-8172

The CVE-2026-8172 entry concerns the WordPress plugin Simple Basic Contact Form (through 20250114). The issue is a Reflected Cross-Site Scripting vulnerability caused by not escaping user-supplied input before reflecting it in the contact form output on validation errors. Impact described: unauth...

7.1CVSS5.7AI score0.00156EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 6:0 a.m.9 views

EUVD-2026-38418

The Simple Basic Contact Form WordPress plugin through 20250114 does not escape user-supplied input before reflecting it into the contact form output on validation errors, leading to a Reflected Cross-Site Scripting vulnerability that unauthenticated attackers can exploit against site visitors vi...

7.1CVSS5.7AI score0.00156EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/18 12:56 p.m.22 views

CVE-2026-54221 Reflected XSS in UBB.threads

UBB.threads is vulnerable to Reflected XSS. The application improperly handles user input in certain requests, enabling attackers to execute arbitrary JavaScript in the context of a victim's browser by tricking them into clicking a crafted link. Because vendor contact attempts were unsuccessful,...

5.1CVSS0.00293EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 12:56 p.m.20 views

CVE-2026-54221

UBB.threads is affected by a Reflected XSS vulnerability (CVE-2026-54221). The issue is confirmed in version 7.7.5 and may affect other versions. The vulnerability allows an attacker to execute arbitrary JavaScript in a victim’s browser when the user clicks a crafted link, with user interaction r...

5.1CVSS5.8AI score0.00293EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 10:58 a.m.21 views

CVE-2026-40457

The CVE-2026-40457 entry describes a Reflected XSS in LMS (LAN Management System) prior to commit 9c5651b in the dbrecover.php and netremap.php modules, where unsanitized GET parameters are embedded into HTML output. This enables an attacker to inject arbitrary JavaScript when an authenticated us...

2.1CVSS5.3AI score0.00318EPSS
Exploits0References3
CVE
CVE
added 2026/06/17 4:28 p.m.27 views

CVE-2026-20178

The CVE-2026-20178 issue affects the browser-based Cisco Webex App. Root cause: improper input validation of URL parameters in an HTTP request, enabling an unauthenticated, remote attacker to persuade a user to click a crafted URL and be redirected to a malicious webpage. Impact is limited to use...

4.3CVSS5.6AI score0.00202EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/17 4:28 p.m.24 views

CVE-2026-20178

A vulnerability in the browser-based version of Cisco Webex App could have allowed an unauthenticated, remote attacker to redirect users to a malicious webpage. Cisco has addressed this vulnerability in the Cisco Webex App, and no customer action is needed. This vulnerability existed due to...

4.3CVSS0.00202EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 6:0 a.m.30 views

CVE-2026-8089 weMail < 2.1.3 - Reflected Cross-Site Scripting

The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin before 2.1.3 does not properly escape a user-supplied parameter before reflecting it into an HTML attribute on a non-nonce-protected AJAX response, allowing unauthenticated...

0.00215EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.6 views

Bosch Security Systems IP Cameras Cross-site Scripting (CVE-2021-23848)

An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting XSS in the web-based interface. An attacker with knowledge of the camera address can send a crafted link to a user, which will execute javascript code in the context of the user. This plugin only works with...

8.3CVSS6.2AI score0.00554EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49329

Name of the Vulnerable Software and Affected Versions Benjamin Jonard Koillection version 1.8.0 Description An authenticated Server-Side Request Forgery SSRF exists in the custom scraper subsystem component. This allows attackers to scan internal resources by supplying a crafted URL. SSRF is a fl...

8.1CVSS5.9AI score0.00248EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/10 8:39 p.m.35 views

CVE-2026-53736 Easy Twitter Feeds before 1.2.13 Cross-Site Request Forgery via duplicate_post Action

Easy Twitter Feeds before 1.2.13 contains a cross-site request forgery vulnerability in the duplicatepost action handler that lacks nonce verification. Attackers can trick an authenticated user into visiting a crafted link that duplicates any post regardless of post type...

5.1CVSS0.00104EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.20 views

PT-2026-48550

Easy Twitter Feeds before 1.2.13 contains a cross-site request forgery vulnerability in the duplicate post action handler that lacks nonce verification. Attackers can trick an authenticated user into visiting a crafted link that duplicates any post regardless of post type...

5.1CVSS5.3AI score0.00104EPSS
Exploits0References3
Rows per page
Query Builder