Lucene search
K

1110469 matches found

NVD
NVD
added 1 hour ago4 views

CVE-2026-11338

A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System 1.0. Impacted is an unknown function of the file /admin/?page=user/manageuser. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely...

4.8CVSS
Exploits0References6
NVD
NVD
added 1 hour ago4 views

CVE-2026-11337

A vulnerability was found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected by this vulnerability is an unknown functionality of the file /dashboardpage/forms/fetch.php. The manipulation of the argument...

5.3CVSS
Exploits0References6
OSV
OSV
added 2 hours ago1 views

GHSA-HJ85-PH9Q-78JG NocoDB: Stored Cross-Site Scripting via Form View Redirect URL

Summary The shared form-view submit handler in NocoDB writes the form's redirecturl to window.location.href after a same-host check that does not validate the URL scheme. A user with editor role or above on any base can plant a javascript: URL in the form's redirecturl; when an authenticated view...

8.4CVSS5.8AI score
Exploits0References3
OSV
OSV
added 2 hours ago1 views

GHSA-JF3G-4GWG-4H66 NocoDB: Stored Cross-Site Scripting via Row Comments

Summary An authenticated commenter could store HTML in row comments that executed as script when other users hovered over the comment in the expanded form view. Details The comment write paths persisted the raw comment body with no server-side sanitisation; the expanded-form sidebar then rendered...

7.4CVSS5.5AI score
Exploits0References3
GithubExploit
GithubExploit
added 2 hours ago12 views

Exploit for CVE-2024-21182

CVE-2024-21182 - Oracle WebLogic Server Unauthenticated Stored...

7.5CVSS7.6AI score0.89649EPSS
Exploits2
CVE
CVE
added 2 hours ago9 views

CVE-2026-11338

SourceCodester Ship Ferry Ticket Reservation System 1.0 contains a cross-site scripting vulnerability in the /admin/?page=user/manage_user handler, triggered by manipulating the Username parameter. The issue is exploitable remotely and has had exploits publicly disclosed. Affected component: the ...

4.8CVSS3.7AI score
Exploits0References6
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-34856

A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System 1.0. Impacted is an unknown function of the file /admin/?page=user/manageuser. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely...

4.8CVSS3.8AI score
Exploits0References6
Cvelist
Cvelist
added 2 hours ago7 views

CVE-2026-11338 SourceCodester Ship Ferry Ticket Reservation System manage_user cross site scripting

A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System 1.0. Impacted is an unknown function of the file /admin/?page=user/manageuser. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely...

4.8CVSS
Exploits0References6
OSV
OSV
added 2 hours ago0 views

GHSA-6XCX-7QMG-VJFQ NocoDB: Reflected Cross-Site Scripting via Password Reset Token

Summary The password-reset page rendered the URL token directly into a JavaScript string literal in a server-rendered EJS template. EJS HTML-entity-encodes a fixed set of characters but does not escape single quotes or backslashes, so a crafted token could break out of the JS string context and...

5.1CVSS
Exploits0References3
Cvelist
Cvelist
added 2 hours ago5 views

CVE-2026-11337 tittuvarghese CollegeManagementSystem fetch.php cross site scripting

A vulnerability was found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected by this vulnerability is an unknown functionality of the file /dashboardpage/forms/fetch.php. The manipulation of the argument...

5.3CVSS
Exploits0References6
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-34851

A vulnerability was found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected by this vulnerability is an unknown functionality of the file /dashboardpage/forms/fetch.php. The manipulation of the argument...

5.3CVSS4AI score
Exploits0References6
CVE
CVE
added 2 hours ago8 views

CVE-2026-11337

The CVE-2026-11337 entry concerns tittuvarghese CollegeManagementSystem and affects an unknown functionality in /dashboard_page/forms/fetch.php where manipulating the department_name argument triggers cross-site scripting. The description indicates remote exploitation and that an exploit has been...

5.3CVSS4AI score
Exploits0References6
NVD
NVD
added 3 hours ago4 views

CVE-2026-38579

Multiple reflected Cross-Site Scripting XSS vulnerabilities in damasac thaipalliativelte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parameter line 24, the id parameter lines 25, 75, and the ptidkey parameter lines 26, 42 in...

Exploits1References2
GithubExploit
GithubExploit
added 4 hours ago13 views

Exploit for CVE-2026-3300

CVE-2026-3300 - Everest Forms Pro Unauthenticated Stored Cross...

9.8CVSS6.5AI score0.00313EPSS
Exploits1
NVD
NVD
added 4 hours ago2 views

CVE-2026-50231

Lyrion Music Server 9.2.0 contains an unauthenticated stored cross-site scripting vulnerability in the log viewer that allows attackers to inject malicious scripts by exploiting unescaped template variables. Attackers can inject XSS payloads through search, lines, and path query parameters or by...

7.2CVSS
Exploits1References2
NVD
NVD
added 4 hours ago2 views

CVE-2026-50230

Lyrion Music Server 9.2.0 contains an unauthenticated reflected cross-site scripting vulnerability in the server.log endpoint that allows attackers to inject arbitrary HTML and JavaScript code through the search parameter. Attackers can craft malicious URLs with JavaScript payloads in the search...

6.1CVSS
Exploits1References2
NVD
NVD
added 4 hours ago3 views

CVE-2026-50232

Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE, ARTIST, and ALBUM. Attackers can craft files with XSS payloads in metadata tags that execute in the web interface when user...

7.2CVSS
Exploits1References2
NVD
NVD
added 4 hours ago5 views

CVE-2026-50235

Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in search forms. Attackers can inject malicious scripts through unfiltered search parameters to execute arbitrary JavaScri...

6.1CVSS
Exploits1References2
EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-34834

Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in search forms. Attackers can inject malicious scripts through unfiltered search parameters to execute arbitrary JavaScri...

6.1CVSS5.6AI score
Exploits1References2
Vulnrichment
Vulnrichment
added 5 hours ago2 views

CVE-2026-50235 Lyrion Music Server 9.2.0 Reflected XSS via search Parameters

Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in search forms. Attackers can inject malicious scripts through unfiltered search parameters to execute arbitrary JavaScri...

6.1CVSS5.6AI score
Exploits1References2
Rows per page
Query Builder