Lucene search
K

2599 matches found

Nuclei
Nuclei
added 16 hours ago12 views

VDO.Ninja - DOM-Based Cross-Site Scripting

VDO.Ninja 28.0 to 28.3 contains a reflected XSS caused by improper sanitization of the room parameter in examples/control.html, letting remote attackers execute scripts, exploit requires crafted URL. id: CVE-2025-62613 info: name: VDO.Ninja - DOM-Based Cross-Site Scripting author: 0xAkoko severit...

6.9CVSS6.2AI score0.01099EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added yesterday2 views

CVE-2026-48262 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in...

5.4CVSS6.1AI score
Exploits0References1
NVD
NVD
added 2 days ago7 views

CVE-2026-57780

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Plugin Envision Envision Page Builder envision-page-builder allows DOM-Based XSS.This issue affects Envision Page Builder: from n/a through = 0.22...

6.5CVSS0.00218EPSS
Exploits0References1
NVD
NVD
added 2 days ago3 views

CVE-2026-57411

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aman CF7 Views Complete Entry Management for Contact Form 7 cf7-views allows DOM-Based XSS.This issue affects CF7 Views Complete Entry Management for Contact Form 7: from n/a through = 3.2.2...

7.1CVSS0.0018EPSS
Exploits0References1
NVD
NVD
added 2 days ago3 views

CVE-2026-57376

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows DOM-Based XSS.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.4.3...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 2 days ago15 views

CVE-2026-57814

The CVE-2026-57814 entry concerns the WordPress Forminator plugin (forms forminator) with a DOM-based XSS vulnerability due to improper input neutralization during web page generation. Affected versions are Forminator

7.1CVSS6.1AI score0.00146EPSS
Exploits0References1
CVE
CVE
added 2 days ago12 views

CVE-2026-57780

Technical details are not publicly provided in the connected documents. The description notes a DOM-based XSS in Envision Page Builder

6.5CVSS6.1AI score0.00218EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-57409

The CVE describes a DOM-based Cross-Site Scripting (XSS) vulnerability in the WordPress plugin “Profit Products Tables for WooCommerce” (Active Products Tables for WooCommerce) by RealMag777, affecting versions up to and including 1.1.0. The issue arises from improper neutralization of input duri...

7.1CVSS6.1AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago27 views

CVE-2026-57365 WordPress reCAPTCHA (v2 & v3) for Asgaros Forum plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hitesh Chandwani reCAPTCHA v2 & v3 for Asgaros Forum recaptcha-for-asgaros-forum allows DOM-Based XSS.This issue affects reCAPTCHA v2 & v3 for Asgaros Forum: from n/a through = 1.1.0...

6.5CVSS0.00161EPSS
Exploits0References1
NVD
NVD
added 5 days ago11 views

CVE-2026-15298

The TelSender plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting in all versions up to, and including, 1.14.14. This is due to insufficient input sanitization when processing Telegram API responses containing attacker-controlled chat titles. This makes it possible for...

7.2CVSS0.00314EPSS
Exploits0References8
CVE
CVE
added 5 days ago7 views

CVE-2026-15298

The TelSender WordPress plugin (

7.2CVSS6AI score0.00314EPSS
Exploits0References8
NVD
NVD
added 2026/07/02 1:16 p.m.9 views

CVE-2026-4770

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in TR7 Cyber ​​Defense Inc. Web Application Firewall allows DOM-Based XSS. This issue affects Web Application Firewall: from v1.0.42.239 before v1.4.0.117...

4.6CVSS0.00133EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 12:37 p.m.10 views

CVE-2026-4770

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in TR7 Cyber ​​Defense Inc. Web Application Firewall allows DOM-Based XSS. This issue affects Web Application Firewall: from v1.0.42.239 before v1.4.0.117...

4.6CVSS5.8AI score0.00133EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/24 8:25 p.m.3 views

CVE-2026-52807 Gogs: DOM-based XSS via Milestone Name on New Issue Page

Gogs is an open source self-hosted Git service. Prior to 0.14.3, in newform.tmpl, milestone names are rendered with Go's default auto-escaping .Name, which converts to etc. This prevents direct HTML injection. However, when the browser renders the DOM, the text content of the element contains the...

4.8CVSS6AI score0.00483EPSS
Exploits0References6
CVE
CVE
added 2026/06/24 8:25 p.m.15 views

CVE-2026-52807

Summary (supported by provided docs): Gogs is affected by a DOM-based XSS in the New Issue page when a milestone name contains HTML/JS payloads. The root cause involves client-side rendering: milestone names are rendered with Go’s escaping in new_form.tmpl, but Semantic UI 2.4.2 uses preserveHTML...

4.8CVSS5.9AI score0.00483EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/23 5:2 p.m.10 views

Gogs has DOM-based XSS via Milestone Name on New Issue Page

Summary The fix for GHSA-vgjm-2cpf-4g7c DOM-based XSS via milestone selection was only applied to templates/repo/issue/viewcontent.tmpl but not to templates/repo/issue/newform.tmpl. An attacker can store an HTML/JavaScript payload in a milestone name, and when any user opens the New Issue page an...

4.8CVSS6AI score0.00483EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/10 9:3 p.m.12 views

CVE-2026-48268

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00207EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:3 p.m.11 views

CVE-2026-47985

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00207EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 4:31 a.m.30 views

CVE-2025-8444

The CVE-2025-8444 entry concerns the WordPress plugin Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates. A DOM-Based Stored Cross-Site Scripting vulnerability exists in all versions up to and including 2.6.7 due to insufficient input sanitization and output escapi...

6.4CVSS5.7AI score0.00155EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.17 views

PT-2026-48374

The Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the multiple parameters in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. Th...

6.4CVSS5.7AI score0.00155EPSS
Exploits0References3
Rows per page
Query Builder