Lucene search
K

312 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.6 views

MiracleLinux 7 : gcc-4.8.5-44.0.1.el7.AXS7 (AXSA:2025-9920:15)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9920:15 advisory. CVE-2020-11023: sanitize HTML content passed to DOM manipulation methods to prevent execution of untrusted code CVEs: CVE-2020-11023 In jQuery versions great...

6.9CVSS7.1AI score0.8383EPSS
Exploits6References2
Github Security Blog
Github Security Blog
added 2025/12/19 9:32 p.m.6 views

Tuta Mail has DOM attribute and CSS injection in its Contact Viewer feature

Impact Users importing contacts from untrusted sources. Specifically crafted contact data can lead to some of DOM modifications for the link button next to the field e.g. the link address can be overriden. CSS can be manipulated to give the button arbitrary look and change it's size so that any...

6.9AI score
Exploits0References8Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/18 6:46 p.m.11 views

CVE-2025-13537

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to multiple Stored Cross-Site Scripting vulnerabilities via DOM manipulation in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user-supplied attributes. Th...

6.4CVSS5.4AI score0.00193EPSS
Exploits0References1
NVD
NVD
added 2025/12/17 7:16 p.m.5 views

CVE-2025-13537

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to multiple Stored Cross-Site Scripting vulnerabilities via DOM manipulation in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user-supplied attributes. Th...

6.4CVSS0.00193EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/17 6:21 p.m.26 views

CVE-2025-13537 Live Composer – Free WordPress Website Builder <= 2.0.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to multiple Stored Cross-Site Scripting vulnerabilities via DOM manipulation in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user-supplied attributes. Th...

6.4CVSS0.00193EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.5 views

PT-2025-51860

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to multiple Stored Cross-Site Scripting vulnerabilities via DOM manipulation in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user-supplied attributes. Th...

6.4CVSS5.4AI score0.00193EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-14546

Malware in sbrugna...

9.8CVSS9.2AI score0.02665EPSS
Exploits0References17
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2017-14568

Malware in sbrugna...

9.8CVSS9.2AI score0.02567EPSS
Exploits0References17
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-16434

Malware in sbrugna...

6.5CVSS7.8AI score0.00965EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2013-6262

Malware in sbrugna...

5.3CVSS5.6AI score0.01125EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2016-10687

Malware in sbrugna...

9.8CVSS9.4AI score0.03558EPSS
Exploits1References17
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-14507

Malware in sbrugna...

9.8CVSS9AI score0.01721EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-40664

Malicious code in bioql PyPI...

5.4CVSS6.4AI score0.00624EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-40033

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00624EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/08/19 8:16 p.m.7 views

Mermaid improperly sanitizes sequence diagram labels leading to XSS

Summary In the default configuration of mermaid 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML during calculation of element size, causing XSS. Details Sequence diagram node labels with KaTeX delimiters are passed through calculateMathMLDimensions. This method pass...

5.3CVSS6.1AI score0.0071EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2025/08/19 12:0 a.m.4 views

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

5.4CVSS5.9AI score0.00166EPSS
Exploits0References3
CNVD
CNVD
added 2025/08/11 12:0 a.m.4 views

Google Chrome Input Validation Error Vulnerability

Google Chrome is a free web browser developed by Google. It is the world's largest browser in terms of market share due to its speed, security, simplicity, multi-platform support and built-in privacy protection. Google Chrome suffers from an input validation error vulnerability that stems from...

4.3CVSS6.7AI score0.00223EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/05 12:0 a.m.7 views

Google Chrome 输入验证错误漏洞

Google Chrome is a free web browser developed by Google. It is the world's largest browser in terms of market share due to its speed, security, simplicity, multi-platform support and built-in privacy protection. Google Chrome suffers from an input validation error vulnerability that stems from...

4.3CVSS4.5AI score0.00223EPSS
Exploits0References4
NVD
NVD
added 2025/07/16 4:15 p.m.9 views

CVE-2025-46959

Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. A low privileged attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation ...

5.4CVSS0.00349EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/12 11:22 p.m.6 views

CVE-2025-47049

Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue...

6.1CVSS6AI score0.00276EPSS
Exploits0References1
Rows per page
Query Builder