Lucene search
K

357 matches found

EUVD
EUVD
added 2026/03/20 7:34 a.m.5 views

EUVD-2026-13622

exactyl is a customisable game management panel and billing system. Commits after 025e8dbb0daaa04054276bda814d922cf4af58da and before e28edb204e80efab628d1241198ea4f079779cfd inject server-side objects into client-side JavaScript through resources/views/templates/wrapper.blade.php. Using unescape...

5.8CVSS5.9AI score0.00165EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/19 7:41 p.m.2 views

CVE-2026-32119 OpenEMR has Stored DOM XSS via SearchHighlight text-node reconstruction on Custom Report page

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, DOM-based stored XSS in the jQuery SearchHighlight plugin library/js/SearchHighlight.js allows an authenticated user with encounter form write access to inject arbitrary...

4.4CVSS5.9AI score0.00156EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/19 7:41 p.m.3 views

CVE-2026-32119

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, DOM-based stored XSS in the jQuery SearchHighlight plugin library/js/SearchHighlight.js allows an authenticated user with encounter form write access to inject arbitrary...

4.4CVSS5.9AI score0.00156EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/10 12:17 a.m.4 views

CVE-2026-0489 DOM-based Cross-Site Scripting (XSS) Vulnerability in SAP Business One (Job Service)

Due to insufficient validation of user-controlled input in the URLs query parameter. SAP Business One Job Service could allow an unauthenticated attacker to inject specially crafted input which upon user interaction could result in a DOM-based Cross-Site Scripting XSS vulnerability. This issue ha...

6.1CVSS5.8AI score0.00215EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/06 7:45 p.m.4 views

CVE-2026-26276

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, an attacker can store an HTML/JavaScript payload in a repository’s Milestone name, and when another user selects that Milestone on the New Issue page /issues/new, a DOM-Based XSS is triggered. This issue has been patched in...

7.3CVSS5.7AI score0.00184EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/27 6:31 p.m.6 views

EUVD-2026-9039

CleverTap Web SDK version 1.15.2 and earlier is vulnerable to DOM-based Cross-Site Scripting XSS via window.postMessage in the Visual Builder module. The origin validation in src/modules/visualBuilder/pageBuilder.js lines 56-60 uses the includes method to verify the originUrl contains...

8.3CVSS5.9AI score0.00366EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/27 12:0 a.m.21 views

CVE-2026-26862

CleverTap Web SDK version 1.15.2 and earlier is vulnerable to DOM-based Cross-Site Scripting XSS via window.postMessage in the Visual Builder module. The origin validation in src/modules/visualBuilder/pageBuilder.js lines 56-60 uses the includes method to verify the originUrl contains...

0.00366EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/11 9:23 p.m.3 views

CVE-2026-26023 Client‑side DOM XSS in the web chat app of Dify when using echarts

Dify is an open-source LLM app development platform. Prior to 1.13.0, a cross site scripting vulnerability has been found in the web application chat frontend when using echarts. User or llm inputs containing echarts containing a specific javascript payload will be executed. This vulnerability is...

5.3CVSS4.7AI score0.00246EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/11 9:23 p.m.26 views

CVE-2026-26023 Client‑side DOM XSS in the web chat app of Dify when using echarts

Dify is an open-source LLM app development platform. Prior to 1.13.0, a cross site scripting vulnerability has been found in the web application chat frontend when using echarts. User or llm inputs containing echarts containing a specific javascript payload will be executed. This vulnerability is...

5.3CVSS0.00246EPSS
Exploits1References3
CVE
CVE
added 2026/02/11 9:23 p.m.20 views

CVE-2026-26023

CVE-2026-26023 affects Dify’s web chat frontend when using echarts prior to version 1.13.0, enabling a client-side DOM XSS via inputs containing a specific JavaScript payload. The vulnerability, exploitable with network access and passive user interaction, has no confidentiality/integrity/availab...

6.1CVSS4.7AI score0.00246EPSS
Exploits1References3Affected Software1
GithubExploit
GithubExploit
added 2026/02/09 10:17 a.m.227 views

Exploit for CVE-2026-25916

CVE-2026-25916: Roundcube Webmail DOM XSS Exploit 📋 Exploi...

4.3CVSS5.8AI score0.00629EPSS
Exploits2
Cvelist
Cvelist
added 2026/02/03 6:5 p.m.32 views

CVE-2026-25482 Craft Commerce has Stored DOM XSS in Order Status Name (Reflects in "Recent Orders" Dashboard Widget)

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored DOM XSS vulnerability exists in the "Recent Orders" dashboard widget. The Order Status Name is rendered via JavaScript string concatenation without proper escaping, allowi...

6.2CVSS0.00304EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2026/02/01 2:25 p.m.164 views

VulnRadar

VulnRadar – Web Security Scanner A Chrome extension for web s...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/01/26 7:36 p.m.9 views

EUVD-2025-206336

A flaw was found in the gi-docgen. This vulnerability allows arbitrary JavaScript execution in the context of the page — enabling DOM access, session cookie theft and other client-side attacks — via a crafted URL that supplies a malicious value to the q GET parameter reflected DOM XSS...

6.1CVSS6AI score0.00337EPSS
Exploits0References3
CVE
CVE
added 2026/01/26 7:36 p.m.22 views

CVE-2025-11687

The CVE-2025-11687 issue affects the gi-docgen library and is confirmed by multiple sources (GHSA advisory, NVD/Red Hat entry, Debian/Amazon Linux advisories). It is a reflected DOM XSS vulnerability where an unescaped q query parameter allows arbitrary JavaScript execution in the page context, e...

6.1CVSS6AI score0.00337EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/26 7:36 p.m.31 views

CVE-2025-11687 Gi-docgen: reflected dom xss in gi-docgen

A flaw was found in the gi-docgen. This vulnerability allows arbitrary JavaScript execution in the context of the page — enabling DOM access, session cookie theft and other client-side attacks — via a crafted URL that supplies a malicious value to the q GET parameter reflected DOM XSS...

6.1CVSS0.00337EPSS
Exploits0References3
CVE
CVE
added 2026/01/12 4:47 a.m.13 views

CVE-2025-69275

The CVE describes a dependency on a vulnerable third-party component in Broadcom DX NetOps Spectrum, affecting version 24.3.9 and earlier, on Windows and Linux. The underlying issue is DOM-Based XSS triggered by the vulnerable component in the product’s runtime environment. Impact is limited to t...

7.1CVSS6.6AI score0.00122EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/12 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-65110

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to versions 6.1.2 and 5.6.3,...

9.3CVSS6.3AI score0.00452EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/09 12:38 p.m.7 views

CVE-2023-29442

Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS...

6.1CVSS7AI score0.0941EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:0 p.m.7 views

CVE-2018-19048

Simditor through 2.3.21 allows DOM XSS via an onload attribute within a malformed SVG element...

6.1CVSS5.8AI score0.01537EPSS
Exploits1References1
Rows per page
Query Builder