Lucene search
K

22 matches found

CVE
CVE
added yesterday4 views

CVE-2026-53963

Discourse (open‑source discussion platform) has a stored XSS in the delete confirmation dialog for a malicious second factor name on an attacker‑controlled account. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, this name was not escaped, enabling XSS when an administrator impersonates that...

7.3CVSS5.8AI score
Exploits0References9
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-53963

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a malicious second factor name on an attacker-controlled account was not escaped in the delete confirmation dialog, allowing stored cross-site scripting when an administrator impersonated that...

7.3CVSS5.8AI score
Exploits0References10Affected Software1
NVD
NVD
added 2026/06/22 4:16 p.m.9 views

CVE-2026-11942

Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the reusable delete confirmation flow. A user with permission to create or modify records, such as Items, can store HTML/JavaScript in the record name...

4.8CVSS0.00261EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:18 p.m.3 views

CVE-2026-11942

Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the reusable delete confirmation flow. A user with permission to create or modify records, such as Items, can store HTML/JavaScript in the record name...

4.8CVSS5.7AI score0.00261EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/22 3:18 p.m.6 views

EUVD-2026-38260

Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the reusable delete confirmation flow. A user with permission to create or modify records, such as Items, can store HTML/JavaScript in the record name...

4.8CVSS5.7AI score0.00261EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 3:18 p.m.16 views

CVE-2026-11942

CVE-2026-11942 affects Akaunting 3.1.21. The vulnerability is an authenticated stored cross-site scripting flaw in the reusable delete confirmation flow: a user with permission to create or modify records (e.g., Items) can store HTML/JavaScript in a record name, which could be reflected to other ...

4.8CVSS5.7AI score0.00261EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 3:18 p.m.27 views

CVE-2026-11942 Akaunting 3.1.21 - Stored XSS in delete confirmation modal

Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the reusable delete confirmation flow. A user with permission to create or modify records, such as Items, can store HTML/JavaScript in the record name...

4.8CVSS0.00261EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.11 views

CVE-2026-4344

A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loc...

7.1CVSS5.9AI score0.00204EPSS
Exploits0References1
NVD
NVD
added 2026/04/14 3:16 p.m.5 views

CVE-2026-4344

A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loc...

7.1CVSS0.00204EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/14 1:56 p.m.3 views

CVE-2026-4344

A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loc...

7.1CVSS6.1AI score0.00204EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/14 1:47 p.m.2 views

CVE-2026-4369 Stored Cross-Site Scripting (XSS) Vulnerability in Assembly Variant Name

A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...

7.1CVSS6.1AI score0.002EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/14 1:47 p.m.27 views

CVE-2026-4369 Stored Cross-Site Scripting (XSS) Vulnerability in Assembly Variant Name

A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...

7.1CVSS0.002EPSS
Exploits0References3
CVE
CVE
added 2026/04/14 1:47 p.m.16 views

CVE-2026-4369

The CVE-2026-4369 entry describes a Stored Cross-Site Scripting (XSS) vulnerability in Autodesk Fusion desktop app tied to a malicious payload in an assembly variant name. The vulnerability can be triggered when the affected variant name is rendered in the delete confirmation dialog, and a user c...

7.1CVSS6.1AI score0.002EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/03/23 8:37 p.m.5 views

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Tag Delete Confirmation. An attacker can execute arbitrary JavaScript in the application's context by injecting malicious HTML into the tag name, which is then...

8.6CVSS5.9AI score0.00243EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/23 7:13 p.m.2 views

CVE-2026-33517 MantisBT Vulnerable to Stored HTML Injection in Tag Delete Confirmation

Mantis Bug Tracker MantisBT is an open source issue tracker. In version 2.28.0, when deleting a Tag tagdelete.php, improper escaping of its name when displaying the confirmation message allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript. Versi...

8.6CVSS6AI score0.00243EPSS
Exploits0References3
NVD
NVD
added 2026/01/22 5:16 p.m.8 views

CVE-2026-0533

A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local...

8.1CVSS0.0059EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/22 4:58 p.m.3 views

CVE-2026-0533 Stored XSS in Fusion desktop when attempting to delete a file

A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local...

8.1CVSS6AI score0.0059EPSS
Exploits0References3
CVE
CVE
added 2026/01/22 4:58 p.m.24 views

CVE-2026-0533

Technical details (affected product/version, root cause, exploit specifics, impact, or fixes) are not publicly available in the provided documents. Monitor for updates from Autodesk and security advisories to obtain concrete details and remediation guidance.

8.1CVSS5.9AI score0.0059EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:58 p.m.3 views

CVE-2026-0533

A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local...

8.1CVSS5.9AI score0.0059EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.14 views

PT-2026-4201

A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local...

7.1CVSS5.9AI score0.0059EPSS
Exploits0References4
Rows per page
Query Builder