Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2026/04/03 3:30 p.m.1 views

GHSA-W799-7525-RPR6 Casdoor vulnerable to Stored XSS via Application formCss / formSideHtml

A security flaw has been discovered in Casdoor 2.356.0. This affects the function dangerouslySetInnerHTML. Performing a manipulation of the argument formCss/formCssMobile/formSideHtml results in cross site scripting. The attack can be initiated remotely. The exploit has been released to the publi...

5.1CVSS4.4AI score0.00028EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/02/25 3:48 a.m.3 views

CVE-2026-27627 Karakeep's Reddit plugin content bypasses DOMPurify sanitization, enabling stored XSS

Karakeep is a elf-hostable bookmark-everything app. In version 0.30.0, when the Reddit metascraper plugin returns readableContentHtml, the HTML parsing subprocess uses it directly without running it through DOMPurify. Every other content source in the crawler goes through Readability + DOMPurify,...

8.2CVSS5.3AI score0.00056EPSS
Exploits1References3
CNNVD
CNNVDadded 2026/02/25 12:0 a.m.4 views

repostat 跨站脚本漏洞

“Repostat” is a component used by DenPiligrim’s individual developers to retrieve repository information. Versions of “repostat” prior to 1.0.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the RepoCard component using “dangerouslySetInnerHTML” to render the...

6.1CVSS5.6AI score0.00052EPSS
Exploits1References2
Snyk
Snykadded 2025/09/18 8:4 p.m.5 views

Cross-site Scripting (XSS)

Overview @lobehub/chat is a Lobe Chat - an open-source, high-performance chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application. Affected versions of this package are...

7.7CVSS5.6AI score0.00163EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2025/09/18 12:0 a.m.4 views

PT-2025-38409

Name of the Vulnerable Software and Affected Versions Lobe Chat versions prior to 1.129.4 Description Lobe Chat, an open-source artificial intelligence chat framework, contains a cross-site scripting XSS issue in how it handles chat messages. Specifically, when a server response includes a...

7.7CVSS6.6AI score0.00163EPSS
Exploits1References12
OSV
OSVadded 2021/12/10 6:58 p.m.3 views

GHSA-2589-W6XF-983R Cross-site scripting in react-bootstrap-table

All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting XSS via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output...

6.1CVSS5.9AI score0.00405EPSS
Exploits1References5
OSV
OSVadded 2021/06/24 3:15 p.m.3 views

CVE-2021-23398

All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting XSS via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output...

6.1CVSS6.4AI score
Exploits0References4
Rows per page
Query Builder