CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/28 9:16 p.m.•10 views

CVE-2026-41897

Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.0.0 to 2.28.1, lack of validation of filtertarget parameter on returndynamicfilters.php normally used as an AJAX in View Issues Page allows an attacker to inject arbitrary HTML if the target is a TEXTAREA custom field. This...

5.3CVSS0.00281EPSS

Exploits0References3

Github Security Blog•added 2026/05/11 7:34 p.m.•9 views

MantisBT is Vulnerable to Stored XSS in Custom Field Textarea Values

Improper escaping of a textarea custom field's contents in the Update Issue page bugupdatepage.php allows an attacker to inject HTML and, if CSP settings permit, execute arbitrary JavaScript when the page is loaded. Impact Session theft leading to admin account takeover, full project data access....

5.4CVSS6.8AI score0.0023EPSS

Exploits0References5Affected Software1

OSV•added 2026/05/11 7:34 p.m.•6 views

GHSA-QJ6W-V29Q-4RGX MantisBT is Vulnerable to Stored XSS in Custom Field Textarea Values

5.4CVSS6.1AI score0.0023EPSS

Exploits0References5

Snyk•added 2026/05/11 7:34 p.m.•7 views

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper escaping of textarea custom field contents in the bugupdatepage.php process. An attacker can inject HTML and, if content security policy settings allow,...

5.4CVSS5.8AI score0.0023EPSS

EUVD•added 2026/04/22 9:31 p.m.•5 views

EUVD-2026-22822

Vulnrichment•added 2026/04/15 8:18 a.m.•3 views

Exploits0References3

CVE-2025-40899 Stored Cross-Site Scripting (XSS) in Assets and Nodes in Guardian/CMC before 26.0.0

A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. An authenticated user with custom fields privileges can define a malicious custom field containing a JavaScript payload. When the victim views the...

8.9CVSS5.8AI score0.00288EPSS

Vulnrichment•added 2026/04/15 1:25 a.m.•2 views

CVE-2026-1541 Avada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Sensitive Information Exposure via Insecure Direct Object Reference

ATTACKERKB•added 2026/04/15 1:25 a.m.•4 views

CVE-2026-1541

CVE•added 2026/04/15 1:25 a.m.•7 views

Exploits0References3

CVE-2026-1541

The CVE concerns the Avada (Fusion) Builder WordPress plugin, affected up to version 3.15.1. The root cause is that fusion_get_post_custom_field() does not validate whether metadata keys are underscore-prefixed, enabling authenticated users with Subscriber-level access and above to expose protect...

Positive Technologies•added 2026/04/15 12:0 a.m.•5 views

PT-2026-32995

The Avada Fusion Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.15.1. This is due to the plugin's fusion get post custom field function failing to validate whether metadata keys are protected underscore-prefixed. This makes it...

RedhatCVE•added 2026/03/26 3:8 p.m.•3 views

CVE-2026-2512

The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field meta values in all versions up to, and including, 2.5.1. This is due to the plugin's sanitization function seccheckpostfields only running on the savepost hook, while WordPress allows custom fields t...

6.4CVSS6AI score0.00198EPSS

RedhatCVE•added 2026/03/26 3:2 p.m.•9 views

CVE-2026-32698

OpenProject is an open-source, web-based project management software. Versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1 are vulnerable to an SQL injection attack via a custom field's name. When that custom field was used in a Cost Report, the custom field's name was injected into the SQL query...

9.1CVSS6.2AI score0.00269EPSS

NVD•added 2026/03/18 10:16 p.m.•3 views

CVE-2026-32698

9.1CVSS0.00269EPSS