Lucene search
K

1119252 matches found

Cvelist
Cvelist
added 10 hours ago4 views

CVE-2026-61453 Grav before 2.0.1 XSS via Twig String Concatenation

Grav v2.0.0 contains a cross-site scripting vulnerability fixed in 2.0.1. The XSS blueprint validator Security::detectXss runs on raw page content before Twig processing. When Twig content processing is enabled twigcontent.processenabled: true, an attacker with page-write API permission can use...

6.1CVSS
Exploits0References2
EUVD
EUVD
added 10 hours ago5 views

EUVD-2026-44650

Grav v2.0.0 contains a cross-site scripting vulnerability fixed in 2.0.1. The XSS blueprint validator Security::detectXss runs on raw page content before Twig processing. When Twig content processing is enabled twigcontent.processenabled: true, an attacker with page-write API permission can use...

6.1CVSS6.2AI score
Exploits0References2
Cvelist
Cvelist
added 10 hours ago5 views

CVE-2026-56398 Open WebUI - Stored Cross-Site Scripting via OAuth Picture Claim SVG Data URI

Open WebUI before 0.9.5 contains a stored cross-site scripting vulnerability in the OAuth authentication flow where the picture claim URL MIME type is inferred from file extension rather than Content-Type header, allowing SVG files to bypass the profile image validator and be stored as data URIs...

8.5CVSS
Exploits0References2
EUVD
EUVD
added 10 hours ago6 views

EUVD-2026-44628

Open WebUI before 0.9.5 contains a stored cross-site scripting vulnerability in the OAuth authentication flow where the picture claim URL MIME type is inferred from file extension rather than Content-Type header, allowing SVG files to bypass the profile image validator and be stored as data URIs...

8.5CVSS6.2AI score
Exploits0References2
NVD
NVD
added 11 hours ago6 views

CVE-2026-57833

The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS in relation to the AI analysis feature...

8.6CVSS
Exploits0References1
NVD
NVD
added 11 hours ago7 views

CVE-2026-58077

The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS. A specially crafted unauthenticated request may result in website takeover under some circumstances...

8.7CVSS
Exploits0References1
RedhatCVE
RedhatCVE
added 11 hours ago5 views

CVE-2026-49459

A flaw was found in DOMPurify, a library designed to sanitize HTML, MathML, and SVG to prevent cross-site scripting XSS attacks. A remote attacker could exploit a vulnerability in the DOMPurify.sanitize function when used with the INPLACE: true option. This flaw allows an attacker to bypass the...

6.1CVSS6.2AI score0.00042EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 11 hours ago4 views

CVE-2026-49458

A flaw was found in DOMPurify, a tool designed to prevent cross-site scripting XSS attacks by sanitizing HTML, MathML, and SVG content. When processing certain types of web page elements, DOMPurify failed to properly identify and sanitize malicious code. This oversight could allow an attacker to...

6.1CVSS6.1AI score0.00055EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 11 hours ago5 views

CVE-2026-47423

A flaw was found in DOMPurify, a DOM-only cross-site scripting XSS sanitizer. Due to the default allowance of selectedcontent, a remote attacker could craft a malicious payload that, after initial sanitization, could be re-cloned by browsers, leading to the execution of unsanitized markup. This...

8.2CVSS6.1AI score0.00035EPSS
Exploits0References6
CVE
CVE
added 12 hours ago8 views

CVE-2026-58077

CVE-2026-58077 affects the Joomla extension 4Analytics (weeblr.com) prior to version 5.0.2. It describes an unauthenticated stored XSS vulnerability, where a specially crafted unauthenticated request can lead to website takeover under certain conditions. The provided documents identify the vulner...

8.7CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added 12 hours ago5 views

EUVD-2026-44602

The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS. A specially crafted unauthenticated request may result in website takeover under some circumstances...

8.7CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 12 hours ago9 views

CVE-2026-57833 Joomla Extension - weeblr.com - Unauthenticated stored XSS in 4Analytics < 5.0.2

The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS in relation to the AI analysis feature...

8.6CVSS
Exploits0References1
CVE
CVE
added 12 hours ago8 views

CVE-2026-57833

The CVE affects the Joomla extension 4Analytics for weeblr.com, with an unauthenticated stored XSS vulnerability in the AI analysis feature present in versions prior to 5.0.2. The underlying issue is a stored XSS in the AI analysis workflow, leading to high impact on confidentiality, integrity, a...

8.6CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added 12 hours ago4 views

EUVD-2026-44601

The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS in relation to the AI analysis feature...

8.6CVSS6.1AI score
Exploits0References1
Nuclei
Nuclei
added 17 hours ago9 views

Dashy <= 4.3.6 - Reflected XSS via Workspace

Dashy versions up to 4.3.6 contain a reflected cross-site scripting vulnerability in the workspace view. The url query parameter is passed directly to an iframe src attribute without scheme validation, allowing an attacker to inject javascript: URIs that execute arbitrary JavaScript in the contex...

3.9CVSS6.2AI score0.00255EPSS
Exploits0References2
Nuclei
Nuclei
added 17 hours ago7 views

WP Extended < 3.0.0 - Stored Cross-Site Scripting

The Ultimate WordPress Toolkit - WP Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

7.1CVSS6.2AI score0.0063EPSS
Exploits0References4
Nuclei
Nuclei
added 17 hours ago12 views

Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting

Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting XSS via the langcode parameter in /help/systop.jsp and /help/top.jsp. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution. id: CVE-2025-2712 info: name: Yonyou UFIDA ERP-NC V5.0 -...

6.1CVSS6.1AI score0.0079EPSS
Exploits1References1
Nuclei
Nuclei
added 17 hours ago100 views

Cacti - Cross-Site Scripting

Cacti contains a cross-site scripting vulnerability via "http:///authchangepassword.php?ref=alert1" which can successfully execute the JavaScript payload present in the "ref" URL parameter. id: CVE-2021-26247 info: name: Cacti - Cross-Site Scripting author: dhiyaneshDK severity: medium descriptio...

6.1CVSS6.4AI score0.07124EPSS
Exploits0References4
Nuclei
Nuclei
added 17 hours ago7 views

WPBot <= 8.4.9 - Cross-Site Scripting

WPBot = 8.4.9 is vulnerable to stored cross-site scripting via the conversation parameter in the qcldwbchatbotconversationsave AJAX action. The AJAX nonce qcsecretbotnonceval123qc is publicly emitted on every frontend page via wplocalizescript under the ajaxnonce key, making it freely obtainable ...

7.2CVSS6.1AI score0.00524EPSS
Exploits0References2
Nuclei
Nuclei
added 17 hours ago34 views

Sender by BestWebSoft < 1.2.1 - Cross-Site Scripting

The sender plugin before 1.2.1 for WordPress has multiple XSS issues. id: CVE-2017-18564 info: name: Sender by BestWebSoft 1.2.1 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The sender plugin before 1.2.1 for WordPress has multiple XSS issues. impact: | Authenticat...

6.1CVSS6.4AI score0.0139EPSS
Exploits1References4
Rows per page
Query Builder